last executing test programs:

12.864486211s ago: executing program 0 (id=371):
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040)={0x0, 0x0}, 0x10)
socket$inet_udp(0x2, 0x2, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r0 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r0, &(0x7f00000006c0)={0x18, 0x2, {0x0, @local}}, 0x1e)
connect$pptp(r0, &(0x7f0000000900)={0x18, 0x2, {0x0, @loopback}}, 0x1e)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0}, 0x90)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246)
r3 = dup(r2)
ioctl$PPPIOCCONNECT(r3, 0x40047435, &(0x7f00000002c0)=0x2)

11.675277521s ago: executing program 2 (id=373):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = fanotify_init(0x0, 0x0)
readv(r1, &(0x7f00000003c0)=[{&(0x7f0000000480)=""/4096, 0x34}], 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x45830800000}, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)

11.521092749s ago: executing program 0 (id=375):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000180), r1)
sendmsg$NFC_CMD_GET_TARGET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r2, 0x1}, 0x14}}, 0x0)
sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c020000", @ANYRES16=0x0, @ANYBLOB="0000000000000000000005000000e00005800c00028008000100000000000c00028000000100000000004c00028008000100000000000800010000000000080003000000000008000200000000000000020000000000080004000000000000000400000000000800040000000000080001"], 0x23c}}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000740), r1)
r3 = syz_genetlink_get_family_id$nbd(0x0, r1)
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="c0000000", @ANYRES16=r3, @ANYBLOB="010028bd7000fddbdf25040000000d000a0000000030323135340000000008"], 0xc0}}, 0x0)

10.82047068s ago: executing program 0 (id=376):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080))
ioctl$HIDIOCGSTRING(0xffffffffffffffff, 0x81044804, &(0x7f0000000900)={0x7b, "f476e5039341860673224631133405f2692479708e63e65ef34de87a21e6af61af77e798b12f18650095260d7b31c61c00ce57e30e09c3d5f65a58af7f65b95e0ee6500085c41b48f511e82be2f26ae26ea0a3c6403fb1e33a3b91c016a9e1f32de266bc171d65b39ab083705a8c970126964db5f3ba33186d46eb"})
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fanotify_init(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000800009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
dup(0xffffffffffffffff)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000080)={0x3ff}, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000100000500010001"], 0x24}}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="20000000010401010000000000000000000000000a0002"], 0x20}}, 0x0)
ioprio_set$pid(0x1, 0x0, 0x0)
ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x20000023896)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x25)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)={0x40, 0x3a, 0x9, 0x0, 0x0, {0x1}, [@typed={0x4}, @nested={0x8, 0x2, 0x0, 0x1, [@generic="9dfa5f8a"]}, @typed={0xc, 0x3, 0x0, 0x0, @u64}, @typed={0x14, 0x5, 0x0, 0x0, @ipv6=@private1}]}, 0x40}}, 0x0)

10.639604086s ago: executing program 2 (id=378):
mq_open(0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000180), r2)
sendmsg$NFC_CMD_GET_TARGET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r3, 0x1}, 0x14}}, 0x0)
sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c020000", @ANYRES16=0x0, @ANYBLOB="0000000000000000000005000000e00005800c00028008000100000000000c00028000000100000000004c00028008000100000000000800010000000000080003000000000008000200000000000000020000000000080004000000000000000400000000000800040000000000080001"], 0x23c}}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000740), r2)
r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), r2)
sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="c0000000", @ANYRES16=r4, @ANYBLOB="010028bd7000fddbdf25040000000d000a0000000030323135340000000008"], 0xc0}}, 0x0)

10.341941752s ago: executing program 2 (id=380):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$HIDIOCGSTRING(0xffffffffffffffff, 0x81044804, &(0x7f0000000900)={0x7b, "f476e5039341860673224631133405f2692479708e63e65ef34de87a21e6af61af77e798b12f18650095260d7b31c61c00ce57e30e09c3d5f65a58af7f65b95e0ee6500085c41b48f511e82be2f26ae26ea0a3c6403fb1e33a3b91c016a9e1f32de266bc171d65b39ab083705a8c970126964db5f3ba33186d46eb"})
r1 = getpid()
sched_setscheduler(r1, 0x0, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fanotify_init(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000800009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
dup(0xffffffffffffffff)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000080)={0x3ff}, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000100000500010001"], 0x24}}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="20000000010401010000000000000000000000000a0002"], 0x20}}, 0x0)
ioprio_set$pid(0x1, 0x0, 0x0)
ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x20000023896)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x25)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)={0x40, 0x3a, 0x9, 0x0, 0x0, {0x1}, [@typed={0x4}, @nested={0x8, 0x2, 0x0, 0x1, [@generic="9dfa5f8a"]}, @typed={0xc, 0x3, 0x0, 0x0, @u64}, @typed={0x14, 0x5, 0x0, 0x0, @ipv6=@private1}]}, 0x40}}, 0x0)

9.547096946s ago: executing program 3 (id=382):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
request_key(0x0, 0x0, 0x0, 0xffffffffffffffff)
open(0x0, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000000)='./file0\x00', 0x2a08095, &(0x7f00000024c0)=ANY=[], 0x0, 0x2b0, &(0x7f00000017c0)="$eJzs3MFrI1UYAPAvm3Y3XZD0sLIo4o548VTaFe8p0sJqQFGCKB4sbhYlUxc2UEgO2+zJf0LxP9CjBy+CB/HiwX9ABKmCF/cmIow0M8kmu0kTXZJI/f0ueX3v+9775k3oDKW89545bN283b51//5JVJ4txVotavFnxGZciHLkegEAnCd/ZFn8nuVWXQsAsByP9/wvLaIkAGDB5nz+v55/HC+rLABggfz9HwD+f958+51Xd+v1vTeSpBJx+PFR46jR/9woAm7Fh5FGM7ajGn9FFK8KXxWj2f6N+t52cuqXzWgcHhf5x0eN/L8Hdwf5O1GNzWF+/20jy7Jr+zdKeztJbjx/PS4X+T9ejmZcj2pceSS/v/71ifkX44XnR9bfimr88H7cjjRunhY+kn93J0lefq2exFqM5F/qx/VtDLerPLJ1r1x5sracmwQAAAAAAAAAAAAAAAAAAAAAwLmzlQxNPL9na2vaeJ6/O/l8oCzLojI4X2d74vk8a/H02mqvHQAAAAAAAAAAAAAAAAAAAP4r2p1u6yBdz3/opWnzTt4z1vjou8+/mTL0oHHyfe+tWTHdVqlY96yY5TSeeO7nT6bH3CsN9ycuTIkpPdRTi/GYcjHHPyzs62sP9bxbnmOeUm/SUOU07UFPpdj92WWUZ5T67ckHT73YvvrS5JhyPM7d2fh393T9rK/Wb9W4VIyPD92bOmGx6zFr9S9W+jUeXPXM4Kuf1g6+vPvTr/POvOBfPAAAAAAAAAAAAAAAAAAAwCPanW6rsuoiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDF2p1u6yBNmxej0/0s0rR5Z9BzZmN/jphhY9XXCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfwcAAP//27d+8A==")
getpid()
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
splice(r3, 0x0, 0xffffffffffffffff, 0x0, 0x6, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000000)='5', 0xfdef}], 0x1)
writev(0xffffffffffffffff, &(0x7f00000013c0)=[{&(0x7f00000001c0)="f3", 0x1}], 0x1)
dup3(r3, 0xffffffffffffffff, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x2, 0x6, 0x301}, 0x14}}, 0x0)

7.418528235s ago: executing program 3 (id=385):
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040)={0x0, 0x0}, 0x10)
socket$inet_udp(0x2, 0x2, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r0 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r0, &(0x7f00000006c0)={0x18, 0x2, {0x0, @local}}, 0x1e)
connect$pptp(r0, &(0x7f0000000900)={0x18, 0x2, {0x0, @loopback}}, 0x1e)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0}, 0x90)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246)
r3 = dup(r2)
ioctl$PPPIOCCONNECT(r3, 0x40047435, &(0x7f00000002c0)=0x2)

7.261427356s ago: executing program 4 (id=386):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000180), r1)
sendmsg$NFC_CMD_GET_TARGET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r2, 0x1}, 0x14}}, 0x0)
sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c020000", @ANYRES16=0x0, @ANYBLOB="0000000000000000000005000000e00005800c00028008000100000000000c00028000000100000000004c00028008000100000000000800010000000000080003000000000008000200000000000000020000000000080004000000000000000400000000000800040000000000080001"], 0x23c}}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000740), r1)
r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="c0000000", @ANYRES16=r3, @ANYBLOB="010028bd7000fddbdf25040000000d000a0000000030323135340000000008"], 0xc0}}, 0x0)

6.997595802s ago: executing program 4 (id=387):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_sctp(0xa, 0x0, 0x84)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x26e1, 0x0)
close(r1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xa, 0x4, 0x8, 0x8}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000001bc0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001500), &(0x7f0000001400), 0x1006, r1}, 0x38)

6.991971501s ago: executing program 3 (id=388):
sendmsg$IEEE802154_ADD_IFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x14}, 0x14}}, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3")
ptrace$getregset(0x4205, r0, 0x200, &(0x7f0000000480)={&(0x7f00000000c0)=""/112, 0x70})

6.738018794s ago: executing program 3 (id=389):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = fanotify_init(0x0, 0x0)
readv(r1, &(0x7f00000003c0)=[{&(0x7f0000000480)=""/4096, 0x34}], 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x45830800000}, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)

6.511847465s ago: executing program 4 (id=390):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d00000018", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000004000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='kfree\x00', r1}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x6)
writev(r2, &(0x7f00000001c0)=[{&(0x7f0000000000)="480000001500190a20ffff7fffffff5602113e850e1de0974881030491720000de213ee23ffbf510040041feff5aff2b0000000000000700"/68, 0x44}, {&(0x7f0000000080)="c1130389", 0x4}], 0x2)

6.386294109s ago: executing program 0 (id=391):
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
mount$fuseblk(&(0x7f0000002440), &(0x7f0000002480)='./file0\x00', &(0x7f00000024c0), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYBLOB=',rootmode=00000000000000000020000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',max_read=0x0'])
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00')
read$FUSE(r0, &(0x7f0000002140)={0x2020}, 0x2100)

6.20642105s ago: executing program 4 (id=392):
syz_mount_image$jfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x210004, &(0x7f00000003c0)=ANY=[@ANYBLOB='usrquota,errors=continue,nodiscard,uid=', @ANYRESHEX=0x0, @ANYBLOB=',quota,iocharset=iso8859-9,usrquota,usrquota,gid=', @ANYRESHEX=0x0, @ANYBLOB="170069ecc37729febff5915fd3d800daf1fe547bc0f9457a2b2edc04b9eb4745c49b6e47107e7d01efed603ebb468b0d26081843497e16d50714d853ae7b0b93ace02241330e6bbb3e8aba2688e3bf25b261ca1ffa61a7777f3bc2f471f9ba4c0b435921e32b595a7bf1f9ec58a368b657056dbe56650770985d6636efa46b2d69d4cdbff4167eb5b8e45b2989d078d2e9ed625bf9183b6cfed11a2d0c2db272da9d8278a4000000000000000000000000670e0ecce384b440b5b4aa47ac1215fb8f5824be26ded840085b10b87f83053a6ec123c9b9bc4855aa103b69cad5793ab93e9892779366d2c89d038edd21443a91705e56704204d86104c270745681eb7bd414b4ff6ba5f6f672f5dcff3da3b2d4742f4e39825df3e9e1"], 0x3, 0x62b5, &(0x7f00000069c0)="$eJzs3UuPHFfZB/Cn+jYXv3GsLKK8FkKTxFxCiK/BGAIkWcCCDQvkLbI1mUQWDiDbICey8ESzYcGHACGxRIglKz5AFmzZ8QGwZCOBskqhmjlnXNPpdo/Hma4en99Pmql6+lRNn/K/qy+uqj4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMQPf/Djc1VEXPlVuuFExP9FP6IXsdLUaxGxsnYiLz+IiBdiuzmej4jhUkSz/vavZyNej4iPj0fcf3Bnvbn5/D778f0//+MPPzn2o7//aXjmv3+51X9j2nK3b//2P3+9+2TbDAAAAKWp67qu0sf8k+nzfa/rTgEAc5Ff/+sk365euHpzwfqjVqvV6iNYt9WT3W0XEbHZXqd5z+BwPAAcMZvxSdddoEPyL9ogIo513QlgoVVdd4BDcf/BnfUq5Vu1Xw/WdtrzuSB78t+sdq/vmDadZfwck3k9vraiH89N6c/KnPqwSHL+vfH8r+y0j9Jyh53/vEzLf7Rz6VNxcv798fzHpPyXt38f6fx7E/MvVc5/sL/8d2z25Q8AAAAAAAss////iY6P/y4dpPMHOIjwqOO/awfpAwAAAAAAAAAsgCcd/2+X8f8AAABgYTWf1Ru/O/7wtmnfxdbcfrmKeGZseaAw6WKZ1a77AQAAAAAAAAAAAAAlGeycw3u5ihhGxDOrq3VdNz9t4/XjetL1j7rStx9K1vWTPAAA7Pj4+Ni1/FXEckRcTt/1N1xdXa3r5ZXVerVeWcrvZ0dLy/VK63Ntnja3LY328YZ4MKqbP7bcWq9t1uflWe3jf6+5r1Hd30fH5qPDwAEgInZeje57RXrK1PWz0fW7HI4G+//Tx/7PfnT9OAUAAAAOX13XdZW+zvtkOubf67pTAMBc5Nf/8eMCarVarVarn766rZ7sbruIiM32Os17BsPxA8ARsxmfdN0FOiT/og0i4oWuOwEstKrrDnAo7j+4s16lfKv260Ea3z2fC7In/81qe728/qTpLOPnmMzr8bUV/XhuSn+en1MfFknOvzee/5Wd9lFa7qD5T8u1q3OMpuXfbOeJDvrTtZx/fzz/MYe9/8/LVvQm5l+qnP/gsfLvyx8AAAAAABZY/v//Ewt1/Hd00M2Z6VHHf9cO7V4BAAAAAAAA4HDdf3BnPV/3mo//f2HCcq7/fDrl/Cv5Fynn3xvL/6tjy/Vb8/fefpj/vx/cWf/jrX/9f57uN/+lPFOlR1aVHhFVuqdqkKZPsnWftTXsj5p7Gla9fnMPa7t//3psxNk9y/bSv0c9fDeubbef29Pe9HS43V73d9rP72kf7Lbn9S/saR+mM53qldx+Otbj53E93tlub9qWZmz/8oz2ekZ7zr9v/y9Szn/Q+mnyX03t1di0ce+j3mf2+/Z00v28de2Lvzl7+Jsz01b0d7etrdm+lzroz/a/ybFR/PLmxo3Tt6/eunXjXKTJnlvPR5p8znL+w/Sz+/z/8k57ft5v76/3Pho9dv6LYisGU/N/uTXfbO8rc+5bF3L+o/ST838ntU/e/49y/tP3/1c76A8AAAAAAAAAAAAAAAA8Sl3X25eIvhURF9P1P11dmwkAzFd+/a+TfPu86v6c70+tPuJ1tWD9mWv9ab1Y/VGrj2LdVk/2ZruIiL+112neM/x60h8DABbZpxHxz647QWfkX7D8fX/N9NSeb/kFnnY3P/jwp1evX9+4cbPrngAAAAAAAAAAB5XH/1xrjf98qq7ru2PL7Rn/9e1Ye9LxPwd5ZneA0SkDVX/OpyRt9Ub9Xmu48RejPT53e4Ti4e7co8b/Hsy4v+GM9tGM9qUZ7csz2ide6NGS83+xNd75qYg4OTb8egnjv46PeV+CnP9Lrcdzk/9XxpZr51///ijn39uT/5lb7//izM0PPnzt2vtX39t4b+NnF86dO3vh4sVLly6deffa9Y2zO7877PHhyvnnsa9z/pQh558zl39Zcv5fSrX8y5Lz/3Kq5V+WnH9+vyf/suT882cf+Zcl5/9KquVflpz/11It/7Lk/F9NtfzLkvP/eqrlX5ac/2upln9Zcv6nUy3/suT8z6R6n/mvHHa/mI+cfz7CZf8vS84/n9kg/7Lk/M+nWv5lyflfSLX8y5Lzfz3V8i9Lzv8bqZZ/WXL+F1Mt/7Lk/L+ZavmXJed/KdXyL0vO/1upln9Zcv7fTrX8y5LzfyPV8i9Lzv87qZZ/WXL+3021/MuS8/9equVflpz/m6mWf1kefv//os7kS+wXpT9mzJQw0/UzEwAAAAAAAAAAAAAwbh6nE3e9jQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwP3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhb27jZHjru8APvfoswOJgZA6qSEXx4SQOLmznfiBNsWEx4anEgiFPmC7vrM5cGzHZ5dAI9lRoETCqAjRNrxoCwi1kaoKq+IFrQDlBWpVqRK0L+gbRIWK1KgKKCBVaivIVTvz//9vd29u9863d96d+Xwk++fbnZ35z+x/5/Z35+8OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADS75Q2znxrKsqzxJ/9ra5a9qPHvzZNb89tee7VHCAAAAKzVL/K/n78u3XBoBQ9qWuYfX/mdry0sLCxk7x/547HPLyykOyazbGxTluX3RZd/+IGh5mWCJ7KJoeGmr4e7bH6ky/2jXe4f63L/eJf7N3W5f6LL/UsOwBKbi5/H5Cvbmf9za3FIs+uzsfy+nSWPemJo0/Bw/FlObih/zMLY8WwuO5nNZtMtyxfLDuXLf+OWxrbemsVtDTdta3tjhvz0sWNxDEPhGO9s2dbiOqMfvz6b/NlPHzv2l+eeu7Gsdj0MLesrxnn7jsY4PxFuKcY6lG1KxySOc7hpnNtLnpORlnEO5Y9r/Lt9nM+vcJwji8PcUO3P+UQ2nP/7u/lxGm3+sV46TtvDbf9za5ZlFxeH3b7Mkm1lw9mWlluGF5+fiWJGNtbRmEovzUZXNU9vWcE8bdSZna3ztP01EZ//W8LjRpcZQ/PT9OPHx5ue958vXMk8jRp7vdxrpX0O9vq10i9zMM6L7+Y7/WTpHNwZ9v+x25afg6Vzp2QOpv1umoM7us3B4fGRfMzpSRjKH7M4B3e3LD+Sb2kor8/e1nkOTp17+MzU/Mc+ftfcw0dPzJ6YPbV39+7pvfv2HThwYOr43MnZ6eLvKzza/W9LNpxeAzvCsYuvgVe3Lds8VRe+NL7k/Hulr8OJDq/DrW3L9vp1ONq+c0Mb84JcOqeL18Z7Gwd94tJwtsxrLH9+7lj76zDtd9PrcLTpdVj6PaXkdTi6gtdhY5kzd6zsPcto05+yMSz/vWBtc3Br0xxsfz/SPgd7/X6kX+bgRJgX379j+e8F28N4n9y12vcjI0vmYNrdcO5p3JLe708cyEvZvLypccc149n5+dmzdz969Ny5s7uzUDbEy5rmSvt83dK0T9mS+Tq86vl6aO6VT95UcvvWcKwm7mr8NbHsc9VY5p67Oz9X+Xe38uPZcuueLJQe2+jjWfbdvHE8x7PsC99+/MFvPvaFNyx7PBv95iem1v5ePPWlTeffsWXOv7Hvf6HYXlrVEyNjo8XrdyQdnbGW83HrUzWan7uG8m0/P7Wy8/FY+LPR5+PrO5yPt7Ut2+vz8Vj7zsXz8VC3n3asTfvzORHmycnpzufjxjLb9qx2To52PB/fGupQOP6vCZ1C6oua5s5y8zZta3R0LOzXaNxC6zzd27L8WOjNGtt6es+VzdPbby3WNZL2btFGzdPJtmV7PU/Tz76Wm6dD3X76dmXan8+JMC+u39t5njaWeeaetZ87N8d/Np07x7vNwbGR8caYx9IkzM/32cLmOAfvzo5lp7OT2Ux+73g+n4bybe26d2VzcDz82ehz5bYOc/D2tmV7PQfT97Hl5t7Q6NKd74H253MizIun7u08BxvLvHF/b9+73h5uScs0vXdt//nacj/zuqntMK3XXBkN4/z2/s4/m20sc/LAavvMzsfpznDLNSXHqf31u9xraibbmOO0LYzzuQPLH6fGeBrLfP7gCufToSzLLjxyf/7z3vD7lb89/72vtfzepex3Ohceuf8nLz7+D6sZPwCD74WibCm+1zX9Zmolv/8HAAAABkLs+4dDTfT/AAAAUBmx74//KzzR/wMAAEBlxL5/NNSkJv3/tjc+N/fChSwl8xeCeH86DA8Uy8WM63T4enJhUeP2+78y+99/f2Fl2x7OsuznD/xB6fLbHojjKkyGcV5+U+vtS3ztrhVt+8hDF9J2m/PrXwzrj/uz0mlQFsGdzrLsG9d9Jt/O5Acu5fWZB47k9cGLTz7RWOb5g8XX8fHPvqxY/s9C+PfQ8aMtj382HIcfhTr9tvLjER/31Uuv2b7/fYvbi48b2nFtvttPfbBYb/ycnM8+USwfj/Ny4//mp5/+amP5R19VPv4Lw+Xjfzqs9yuh/u8riuWbn4PG1/Fxnwzjb2yvMUPj4+7+8rdKx3/5U8XyZ95cLHck1Lj928PXO9/83Fzz8Xp06GjLfmVvKZaL25/+3h/l98f1xfW3j3/i8KWW49E+P57512I9U23Lx9vjdqK/a9t+Yz3N8zNu/+k/PNJynLtt//KDz76isd727d/ZttyZR+7It7+4vtZPbPrzT36mdHtxPIf+5kzL/hx6d3gdh+0/9cEwH8P9/3e5WF/7pysceXfr+Scu/8WtF1r2J3rrz4rtX37dibxumti85ZoXvfjaizc3jl2WfXdTsb5u2z/xF6dbxv+lG4rjEe+PGf327S8nbv/sR3edOj1/fm4mHdXHrss/O+ftxXjieK8L59b2rw+fPveh2bOT05PTWTZZ3Y/Qu2JfDvUnRbnYeemFJWfQOx4Kz+dNf/qNLbf9y6fj7f/23uL2S28rvm+9Oiz32XD71vD8rW77Sz11yw3563vomTDChaWfF7wW23f+14EVLRj2v/19QZzvZ17+ofw4NO7Lv2/E1/Uax/+DmWI9Xw/HdSF8MvOOGxa317x8/GyES+8pXu9rPn7hNBef178Kz/c7flSsP44r7u8PwvuYb21rPd/F+fH1C8Pt688/xeNiOJ9kF4v741LxeF96/obS4cXPIcku3ph//bm0nhtXtZvLmf/Y/NTJuVPnH506Nzt/bmr+Yx8//PDp86fOHc4/y/Pwh7s9fvH8tCU/P83M7rsny89Wp4uyzq72+M88dGxm//RtM7PHj54/fu6hM7NnTxybnz82OzN/29Hjx2c/2u3xczP37d5zcO/+PbtOzM3cd+Dgwb0Hd82dOt0YRjGoLvZNf2TXqbOH84fM33fPwd333nvP9K6HT8/M3rd/enrX+W6Pz7837Wo8+vd3nZ09efTc3MOzu+bnPj573+6D+/bt6fppgA+fOT4/OXX2/Kmp8/OzZ6eKfZk8l9/c+N7X7fFU0/y/F+9n2w0VH8SXvevOfenzWRu+8viyqyoWafsA0efCZ9H800vOHFjJ17HvHws1qUn/DwAAAHUQ+/7xUBP9PwAAAFRG7Ps3hZro/wEAAKAyYt8/EWpSk/6/cvn/bRdWtH35/8HL/2fy//L/bftzxfn/9/Rb/r84X8j/98Za8/fy/4H8v/y//L/8v/w/PdBv+f/Y92/Oslr2/wAAAFAHse/fEmqi/wcAAIDKiH3/NaEm+n8AAACojNj3vyjUpCb9v/y//L/8v/y//H/59leR/9+UrYD8/8aQ/++s5vn/4a4DkP+fyuqV/7/Yy/HXN/9f9FDy/5Tpt/x/7PtfHGpSk/4fAAAAKuU/y2+Off+1oSb6fwAAAKiM2PdfF2qi/wcAAIDKiH3/1lCTmvT/8v/y//L/8v/y/+Xbd/3/wST/31nN8//dyf+7/r/8v+v/01P9lv+Pff9LQk1q0v8DAABAHcS+/6WhJvp/AAAA6D+jV/aw2Pe/LNRkSf9/hRsAAAAArrrY91+ftQXBa/L7f/l/+X/5f/l/+f/y7a88/z+Syf/3D/n/zuT/u5D/l/+X/5f/p6f6Lf+f9/3ZRPbyUJOa9P8AAABQB7HvvyHURP8PAAAAlRH7/l8KNdH/AwAAQGXEvn9bqElN+n/5/0rm/xtPk/y//P+y269A/j8/WfdP/n9dr/8/GwKb8v8rJP/fmfx/F/L/8v/y//L/9FS/5f9j339jqElN+n8AAACog9j33xRqov8HAACAyoh9/y+Hmuj/AQAAoDJi37891KQm/b/8f5/n/2Ny1PX/5f8X8/+PyP8XapL/d/3/VZL/70z+vwv5f/l/+X/5f3qq3/L/se9/RahJTfp/AAAAqIPY978y1ET/DwAAAJUR+/6bQ030/wAAAFAZse+fDDWpSf8v/9/n+f8ru/6//H+18/+ruv7/zfL/8v81I//fmfx/F/L/8v/y//L/9FS/5f9j339LqElN+n8AAACog9j37wg10f8DAABAZcS+/9ZQE/0/AAAAVEbs+3eGmtSk/5f/l/+X/692/r9s+/L/8v9VJv/fmfx/F/L/8v/y//L/9FS/5f9j3/+qUJOa9P8AAABQB7Hvvy3URP8PAAAAlRH7/leHmuj/AQAAoDJi3397qElN+n/5f/l/+X/5/5rn/y/I/1eL/H9n8v9dyP/3Ij//Dvl/+X/5f6J+y//Hvv81oSY16f8BAACgDmLff0eoif4fAAAAKiP2/XeGmuj/AQAAoDJi378r1KQm/b/8v/y//L/8f83z/67/XzF9kP+fWMv25f/l/yuQ/3f9f/l/+X+Sq5X/z7Ly/H/s++8KNalJ/w8AAAB1EPv+u0NN9P8AAAAwgDaX3hr7/qlQE/0/AAAAVEbs+6dDTWrS/8v/y//L/9c6/39x1fn/mxfXK/9fkP/vL+uW/x/OXP9f/l/+v4tBy/+3/3awP/L/Y/L/VMoV5f+/Wrqqnlz/P/b9u0NNatL/AwAAQB3Evn9PqIn+HwAAACoj9v17Q030/wAAAFAZse+/J9SkJv2//P/G5f9HM/l/+f++y/+7/r/8f+X0wfX/17T9wcv/x12U/5f/H7z8f6/H7/r/8v8sdUX5/3I9yf/Hvv/eUJOa9P8AAABQB7Hv3xdqov8HAACAyoh9//5QE/0/AAAAVEbs+w+EmtSk/5f/d/1/+X/5f/n/8u3L/w8m+f/OXP+/C/l/+X/5f/l/eqrf8v+x7z8YalKT/h8AAADqIPb9rw010f8DAABAZcS+/1dCTfT/AAAAUBmx7//VUJOa9P/y//L/8v/y//L/5duX/x9M8v+dyf93If8v/y//L/9PT/Vb/j/2/feFmtSk/wcAAIA6iH3/r4Wa6P8BAACgMmLf/7pQE/0/AAAAVEbs+w+FmtSk/5f/X2H+f3Pn9cn/t45f/r98fsj/y//L/68/+f/O5P+7kP+X/69g/v9x+X+uon7L/8e+//WhJjXp/wEAAKAOYt9/f6iJ/h8AAAAqI/b9bwg10f8DAABAZcS+/42hJjXp/+X/Xf9f/l/+X/6/fPvy/4NJ/r8z+f8u5P/l/yuY/9+A6/+Phyr/zxIrzf/H91Xrnf+Pff+bQk1q0v8DAABAHcS+/82hJvp/AAAAqIzY978l1ET/DwAAAJUR+/63hprUpP+X/5f/l/+X/5f/L9++/P9gkv/vTP6/C/l/+f8Byf9/r+TxVzH/n3P9f8r02/X/Y9//66EmNen/AQAAoA5i3/9AqIn+HwAAACoj9v1vCzXR/wMAAEBlxL7/7aEmNen/e5f/H5f/byP/L//fPj/k/+X/5f/Xn/x/ZwOW///FteF2+f+C/P86jX/yc8WBH6D8f5nS/P8Pl8v/L2xqf7z8P+uh3/L/se9/R6hJTfp/AAAAqIPY978z1ET/DwAAAJUR+/53hZro/wEAAGDwLRTxgdj3/0aoSU36f9f/b4xjMb28zvn/v5b/l/+X/5f/l/9fX/L/nQ1Y/t/1/9vI//f3+Psy/+/6/1xl/Zb/j33/u0NNatL/AwAAQB3Evv/BUBP9PwAAAFRG7PvfE2qi/wcAAIDKiH3/e0NNatL/y/+7/r/8/4Dn/yezLJP/l/8nkf/vTP6/C/l/+f9+y///h/w/g63f8v+x738o1KQm/T8AAADUQez73xdqov8HAACAyoh9/2+Gmuj/AQAAoDJi3//+UJOa9P/y/4OS/5+U/5f/d/3/tv2R/5f/LyP/39nG5/9X94ZK/l/+f5DH7/r/8v8s1W/5/9j3fyDUZOXfriZWvCQAAABwVcS+/7dCTWry+38AAACog9j3/3aoif4fAAAAKiP2/b8TalKT/l/+f1Dy/67/n8n/y/+37Y/8v/x/mY3L/8czj/y/6//L/0fy//L/8v+067f8f+z7fzfUpCb9PwAAANRB7Ps/GGqi/wcAAICBUPZ/stvFvv9wqEn3/n/V/6cPAAAAuDpi338k1KQmv/+X/5f/l//v0/z/n+z45+9/551Hdsv/y//L/6/Khl7/v/Hid/1/+X/5/0T+X/6/NP+/Sf6/ztYh/z/WfONq8/+x7z8aalKT/h8AAADqIPb9vxdqov8HAACAyoh9/7FQE/0/AAAAVEbs+2dCTWrS/8v/y//L//dp/n+V1/8fCtvph/x/PB7y/616lv+PJ135/1Ibmv9/32JOXP5/tfn/8dJb5f9XnP/P37jJ//fX+OX/Xf+fpXqV/x9ZzP+3WG3+P/b9s6EmNen/AQAAoA5C3z98vKiLd+j/AQAAoDJi338i1ET/DwAAAJUR+/4PhZrUpP+X/5f/l/+vRv7f9f8Xl698/t/1/zuS/++sf/L/5eT/Xf9/kMcv/y//z1LrcP3/FqvN/8e+fy7UpCb9PwAAANRB7Ps/HGqi/wcAAIDKiH3/R0JN9P8AAABQGbHvPxlq8v/s3dmT5fVZx/HT2FPMFBeWVVZ54YXcW/4FXMC1/gFeeOONVZRV4gLuC4P7ivuGC7ivuIAibriCCmpCQvaQlSRkTwhJCElqUsw8zzOnu0//Tvf06enf+T6v10UeGTM5nXGcySfDu75N9r/+X/+v/9f/6/9Xf/7l/n/36r+u/n876P+n6f/X0P/r//X/+n82am79f+7+b4pbmux/AAAA6CB3/x1xi/0PAAAAw8jd/81xi/0PAAAAw8jd/y1xS5P9r//X/w/b/9+q/z/s8/X/3v8fmf5/mv5/jS3q/7/0vP5/bl+//l//z0Fz6/9z939r3NJk/wMAAEAHufu/LW6x/wEAAGAYufvvjFvsfwAAABhG7v674pYm+39f/7+z6Nn/Z8ar/x+p//f+/6Gfr//X/4/s+vb/97zyK5/+X//v/f+g/9f/6//Zb279f+7+b49bmux/AAAA6CB3/3fELfY/AAAADCN3/3fGLfY/AAAADCN3/3fFLU32/8ne/98dpf8vG+j/d7JF1//r//f//ND/6//1/6fP+//TOvX/dz5z0x0vPPLljx7n8/X/+n/9v/6fzZpb/5+7/7vjlib7HwAAADrI3f89cYv9DwAAAMPI3f+9cYv9DwAAAEN4/qsWtfu/L25psv9P1v8P8/5/8f6//v/yN+j/9f/6/62l/5/Wqf+/ls/X/+v/r+Hrr98G9f/6fw6aW/+fu//745Ym+x8AAAA6yN3/A3GL/Q8AAADDyN1/d9xi/wMAAMAwcvdfjFua7H/9/+n3/5/X/299/39uof+/Qv+v/58//f80/f8a+n/9v/f/9f9s1Nz6/9z998QtTfY/AAAAdJC7/wfjFvsfAAAAhpG7/4fiFvsfAAAAhpG7/4fjlib7X//v/X/9v/f/9f+rP1//v530/9P0/2vo/0/az5/T/+v/9f8sO2b///LEL9sb6f9z9/9I3NJk/wMAAEAHuft/NG6x/wEAAGAYuft/LG6x/wEAAGAYuft/PG5psv/1//p//b/+X/+/+vP1/9tJ/z9tNv3/zu7Kb9b/b33/7/1//b/+nz3m9v5/7v6fiFua7H8AAADoIHf/T8Yt9j8AAAAMI3f/T8Ut9j8AAAAMI3f/T8ctTfa//l//r//X/+v/V3/+VP//6NLXp/+fl432/zv6f+//6//1//p//T8nMbf+P3f/z8QtTfY/AAAAdJC7/964xf4HAACAYeTu/9m4ZWn/7/97UQEAAIDtkrv/5+KWJn/+v7r/v/q/1/8fzXXq/3f1//r/K//3vvKvqP+f7P9v8/5/T97/n7a+/89fUfX/+n/9/0b6/8XOKP3/hXXfX//PKnPr/3P3/3zc0mT/AwAAQAe5+38hbrH/AQAAYBi5+38xbrH/AQAAYBi5+38pbmmy/73/v1X9v/f/e/X/D5zz/v9lc3z/f3Hd+/9d/f8R6f+nef9/Df2//t/7/97/Z6Pm1v/n7v/luKXJ/gcAAIAOcvf/Stxi/wMAAMB2WP57Bw55xD93/6/GLfY/AAAADCN3/6/FLU32/+D9/62H/dP0//r/5R+vmfb/h77/r/+/olf/7/3/o9L/T9P/r6H/P41+fnew/v/+w77/HPr/u/X/zMye/v+xq99+Vv1/7v5fj1ua7H8AAADoIHf/fXGL/Q8AAADDyN3/G3GL/Q8AAADDyN3/m3FLk/1/6v3/hcM/2/v/+n/9v/5f/6//3zT9/zT9/xr7+/9X/qOh/t/7/97/1/9zzfb0/0vOqv/P3f9bcUuT/Q8AAAAd5O7/7bjF/gcAAIBh5O6/P26x/wEAAGAYufsfiFua7P/B3/8/lP5f/7/846X/1/+v+nz9/3bS/0/T/6/h/X/9/1n0//ETQP/PiObW/+fu/524pcn+BwAAgA5y9/9u3GL/AwAAwDBy9/9e3GL/AwAAwDBy9/9+3NJk/+v/T7f/z2/X/+v/F/p//b/+/7po2//vrPqd6KBD+v+nbr/4NXu/Rf+v/x+y/3/uVL9+7//r/zloFv3/pav/6TJ3/x/ELU32PwAAAHSQu/8P4xb7HwAAAIaRu/+P4hb7HwAAAIaRu/+P45Ym+3+p/8/kQv/v/X/9v/5f/6//31pt+/8j8v7/tJfi36/+f9T+/3S/fv2//p+DZtH/L/117v4/iVua7H8AAADoIHf/n8Yt9j8AAAAMI3f/n8Ut9j8AAAAMI3f/n8ctTfa/9/979P83LvT/+n/9v/6/B/3/NP3/Gt7/1//r//X/bNTc+v/c/Q/GLU32PwAAAHSQu/8v4hb7HwAAAIaRu/8v4xb7HwAAAIaRu/+v4pYm+1//f0j/vxir//f+v/5/of/X/zeh/5921v3/qt8vl12X/v+hiS9gVf9/6Ub9/5b3/+eP+P31//p/Nm9u/X/u/r+OW5rsfwAAAOggd/9DcYv9DwAAAMPI3f9w3GL/AwAAwDBy9/9N3NJk/+v/e7z/r//X/y/0//r/JvT/01b3/zcc/Cbv/3v/f6D+3/v/+n/Oztz6/9z9fxu3NNn/AAAA0EHu/kfiFvsfAAAAhpG7/+/iFvsfAAAAhpG7/9G4pcn+1//r//X/+n/9/+rP1/9vp9Pr/xcD9/8r6P/1//p//b/+nw2YW/+fu//v45Ym+x8AAAA6yN3/D3GL/Q8AAADDyN3/j3GL/Q8AAADDyN3/T3FLk/1/Vv3/bfp//b/+X/+v/68fVf3/5nj/f5r+fw39v/5f/6//Z6Pm1v/n7v/nuKXJ/gcAAIAOcvc/FrfY/wAAADCM3P3/ErfY/wAAADCM3P3/Grc02f/e/9f/7+3/F4uZ9//5/6T6f/3/CP3/+YX+f+P0/9P0/2vo/8fs/29YDNT/Xzj0++v/maO59f+5+/8tbmmy/wEAAKCD3P3/HrfY/wAAADCM3P3/EbfY/wAAADCM3P3/Gbc02f/6f/2/9//H6f8ff3H1z0f9/2z7//pR1f9vjv5/mv5/Df3/mP2/9//1/5yZufX/ufsfj1ua7H8AAADoIHf/E/v/DNX+BwAAgGE8cfkfzy/+K26x/wEAAGAYufv/O25psv/1//p//f84/b/3/6/Q//d2Rv3/zqY+X/+v/9f/b+/Xr//X/3PQ3Pr/3P3/E7c02f8AAADQQe7+J+MW+x8AAACGkbv/qbjF/gcAAIBh5O7/37ilyf7X/+v/9f/b2f+f1/8P3//nV6b/P565vP9/yy1f/bT+X/+v/9f/6//1/93Nrf/P3f9/cUuT/Q8AAAAd5O7//7jF/gcAAIBh5O5/Vdxi/wMAAMAwcve/Om5psv8P9v/nFlcK1StW9f/RqOn/l+j/9379+v/VPz+8/6//9/7/6ZtL/+/9/2v7+ufW/9+l/9f/n1b/f/PB76//Z0Rz6/9z9z8dtzTZ/wAAANBB7v7XxC32PwAAAMzYqr8T+3C5+18bt9j/AAAAMIzc/c/ELU32v/f/9f/6f/2//n/156/r/5P+f170/9P0/2t4/1//3+j9//j9r36dqv7/i/T/bM7c+v/c/a+LW5rsfwAAAOggd//r4xb7HwAAAIaRu/8NcYv9DwAAAMPI3f/GuKXJ/tf/b7T/313+Nv2//n/fzw/9/2D9v/f/50n/P03/v4b+X//fqP/fz/v/nIa59f+5+98UtzTZ/wAAANBB7v43xy1H2v8XTumrAgAAADYpd/9b4hZ//g8AAADDyN3/1rilyf6fa/9/93b2/3vo/+fS/3+9/n/f5+v/9f8j0//n7+ir6f/X0P8ft59/afkv9P/6f/0/+82t/8/d/2zc0mT/AwAAQAe5+98Wt9j/AAAAMIzc/W+PW+x/AAAAGEbu/nfELU32/1z7/y19/3+POfb/O4uO/b/3/y//9c6O/l//34L+f5r+f43N9v/3NOj/99D/6//1/+w3t/4/d/8745Ym+x8AAAC21dd+5Tc+e9R/bu7+d8Ut9j8AAAAMI3f/u+MW+x8AAACGkbv/ubilyf7X//fq/3u+/6//9/6//r8T/f80/f8a3v/X/+v/9f9s1Nz6/9z974lblobf7rH/XQIAAABzkrv/vXFLkz//BwAAgA5y978vbjmw/y8d8e9qBwAAAOYmd//zcUuTP/8/cf+/2NH/n2b/v9D/6//1//p//f9x6P+nnbD/v7Sj/9f/T9D/6//1/yy7MMP+P3f/++OWJvsfAAAABrXnv1HI3f+BuMX+BwAAgGHk7v9g3GL/AwAAwDBy938obmmy/73/P/P+/5re/79Q/5P+v3n/f+/5lZ+v/9f/j0z/f6gvidvp/f9LX6z/P5az7ue3/evX/+v/OWhu/X/u/g/HLU32PwAAAHSQu/8jcYv9DwAAAMPI3f/RuMX+BwAAgGHk7v9Y3NJk/+v/R+z/vf+v/5/+/HH6/y+76eKTX/cNDz+o/+eq69n/58+FLen/Lzvh+//b1v8f5/Pvu/yP+n/9v/7/2P3/zXH1/6wyt/4/d//H45Ym+x8AAAA6yN3/Qtxi/wMAAMAwcvd/Im6x/wEAAGAYuftfjFua7P+t6v+/Qv8/cv+fP9Zn0P9f3L7+P5vi7v2/9//1/wd5/3+a/n8N/b/+X//v/X82am79f+7+T8YtTfY/AAAAdJC7/1Nxi/0PAAAAw8jd/+m4xf4HAACAYeTufyluabL/t6r/9/7/0P1/upb+Pz/f+//6/4X+vz39/5Ldg9+k/19D/6//1//r/9moufX/ufs/E7c02f8AAADQQe7+l+MW+x8AAACGkbv/s3GL/Q8AAADDyN3/ubilyf7X/+v/R+j/T/j+/9n0/6/8cqP/1//r/zdO/z9N/7+G/l//377/v13/z0bNrf/P3f+FAAAA//9/pV3V")
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r2, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
listen(0xffffffffffffffff, 0x0)
setsockopt$sock_attach_bpf(r2, 0x1, 0x3e, &(0x7f0000000100)=r3, 0x4)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc)

6.098439647s ago: executing program 0 (id=393):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$HIDIOCGSTRING(0xffffffffffffffff, 0x81044804, &(0x7f0000000900)={0x7b, "f476e5039341860673224631133405f2692479708e63e65ef34de87a21e6af61af77e798b12f18650095260d7b31c61c00ce57e30e09c3d5f65a58af7f65b95e0ee6500085c41b48f511e82be2f26ae26ea0a3c6403fb1e33a3b91c016a9e1f32de266bc171d65b39ab083705a8c970126964db5f3ba33186d46eb"})
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fanotify_init(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000800009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
dup(0xffffffffffffffff)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000080)={0x3ff}, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000100000500010001"], 0x24}}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="20000000010401010000000000000000000000000a0002"], 0x20}}, 0x0)
ioprio_set$pid(0x1, 0x0, 0x0)
ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x20000023896)

5.754888826s ago: executing program 2 (id=394):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080))
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
r1 = syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
dup(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x49, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="14000000100001005031490100aa444df1d52495382b940000000000000a01010000000000000000010000000900010073797a300000000048000000030a01010000000000000000010000000900010073797a30000000000900030073797a3100000000080007006e617400140004800800014000000000080701000000000000000000020a030600000000000000000007000014000000000000000000"], 0xa4}}, 0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r1, 0x16, &(0x7f0000000000)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f0000000a40)=ANY=[@ANYBLOB="b70200000d000000bfa300000000000005000000000000007a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67d5b310efcfa89147a7fb0a93d035f2f206d2ef831ab7ea0c34f17e3ad6eecbb622003b538dfd8e012e79578e51bc53099e90f4580d7be3e8c254a5cba117cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e6a9f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d996d60a17e3c184b751c51160100000000000080148b9a31ee8dc8b544f3c4a532e60a0ac346dfebd31a08060000000200000000000000334d83239dd20100008000000000d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08a406f99f7b1e1ad828267d4eadd3964663e085354133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0183babc190ae2ebf8aad34732181feb28cb0bae7c34dc5e7c805210600000000000000c3dec04b25df45d4f71ab158c36657b7218baa07a99bd50499ccc421ace5e845885efb5b9964e4beba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d01776839b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb0015982730711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dab18fd0699fe3304000000323e9c707fe81436b024c2574980397bc49d70c060d57bc88fbe3bbaa058b040362ab926150763fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4e6068f1bf710d133d541da86e0477e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2b2ff7f9a7d365e63845f3e1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000010000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edef8ba72205beff7771bcb293747b88486cacee403000000a2919a4b09e168e4e4d5ff2ed893f2e314679fa69fc7e0cf761f91b18725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75e26b45264e3d3f8e0048e55ae289c2f884d0766cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2efce676a93110904d5e055af44664b53c764d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007976694b6a0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d201721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e671282a2d3066ac968c7d7d7db195f255b1b4a85eb9ee0a3b68c9e209756623adf685dd715d68ed1274b4d5502f512493af8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f74b6563a4be1fd82b73c8c2bc65f63982"], 0x0}, 0x90)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x0, r0, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}})
io_uring_enter(r1, 0x5b43, 0x0, 0x0, 0x0, 0x0)

5.656884973s ago: executing program 3 (id=395):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000c40), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5)
ioctl$TCFLSH(r0, 0x8925, 0x20001100)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./bus\x00', 0x0, &(0x7f0000000280), 0x1, 0x787, &(0x7f0000001000)="$eJzs3ctrXNUfAPDvnSRNk/b3SwRB6yogaKB0YmpsFVxUXIhgoaBr22EyDTWTTMlMShMCtojgRlBxIeimax9159bHVv8LF9JSNS1WXEjkzqOdNjPppM3MBPL5wMmcc++dnPOdcx/nzr3MDWDPmkj/ZCIORcRHScRYfXoSEUPV3GDEidpyt9fX8mlKYmPjzT+S6jK31tfy0fSe1IF64cmI+PH9iMOZzfWWV1bnc8ViYalenqosnJ8qr6weObeQmyvMFRaPTc/MHD3+wvFjOxfrX7+sHrz+8WvPfnPin/eeuPrhT0mciIP1ec1x7JSJmKh/JkPpR3iPV3e6sj5L+t0AHkq6aQ7UtvI4FGMxUM21MdLLlgEA3fJuRGwAAHtM4vgPAHtM43uAW+tr+Ubq7zcSvXXjlYjYX4u/cX2zNmewfs1uf/U66Oit5J4rI0lEjO9A/RMR8cV3b3+Vpqj3g2tpQC9cuhwRZ8YnNu//k033LGzXc1vN3BiuvkzcN3mvHX+gn75Pxz8vthr/Ze6Mf6LF+Ge4xbb7MB68/Weu7UA1baXjv5eb7m273RR/3fhAvfS/6phvKDl7rlhI923/j4jJGBpOy9PVRVuP3CZv/nuzXf3N478/P3nny7T+9PXuEplrg8P3vmc2V8k9atwNNy5HPDXYKv7kTv8nbca/pzqs4/WXPvi83bw0/jTeRtocf3dtXIl4pmX/3+3LZMv7E6eqq8NUY6Vo4dtfPxttV39z/6cprb9xLtALaf+Pbh3/eNJ8v2Z5+3X8fGXsh3bzHhx/6/V/X/JWNb+vPu1irlJZmo7Yl7yxefrRu+9tlBvLp/FPPt16+69V23r9T88Jz3QY/+D1379++Pi7K41/dlv9v/3M1dvzA+3q76z/Z6q5yfqUTvZ/nTbwUT47AAAAAAAAAAAAAAAAAAAAAAAAAOhUJiIORpLJ3slnMtls7Rnej8doplgqVw6fLS0vzkb1WdnjMZRp/NTlWNPvoU7Xfw+/UT56X/n5iHgsIj4dHqmWs/lScbbfwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3YE2z/9P/Tbc79YBAF2zv98NAAB6zvEfAPae7R3/R7rWDgCgd5z/A8De0/Hx/0x32wEA9I7zfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrs1MmTadr4e30tn5ZnL6wsz5cuHJktlOezC8v5bL60dD47VyrNFQvZfGmh7T+6VHsplkrnZ2Jx+eJUpVCuTJVXVk8vlJYXK6fPLeTmCqcLQz2LDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6V15Znc8Vi4UlmS0zI7ujGbsmMxi7ohkyXcs07yVG+reDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjl/gsAAP//IIYqoQ==")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143041, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
r1 = inotify_init1(0x0)
fcntl$getownex(r1, 0x10, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(0xffffffffffffffff, 0x40086610, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000480)=@bpf_lsm={0x1d, 0x0, 0x0, 0x0, 0x0, 0xf6, &(0x7f0000001000)=""/246, 0x41100, 0x11, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000b00)={0x8}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4b1}, 0x90)
ioctl$BTRFS_IOC_DEFRAG(0xffffffffffffffff, 0x50009402, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x15, 0x3, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0xc}, 0x8}, 0x90)

5.024442735s ago: executing program 1 (id=398):
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040)={0x0, 0x0}, 0x10)
socket$inet_udp(0x2, 0x2, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r0 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r0, &(0x7f00000006c0)={0x18, 0x2, {0x0, @local}}, 0x1e)
connect$pptp(r0, &(0x7f0000000900)={0x18, 0x2, {0x0, @loopback}}, 0x1e)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0}, 0x90)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246)
r3 = dup(r2)
ioctl$PPPIOCCONNECT(r3, 0x40047435, &(0x7f00000002c0)=0x2)

4.927642613s ago: executing program 1 (id=399):
creat(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_inet_SIOCGIFBRDADDR(r4, 0x8919, 0x0)
syz_80211_inject_frame(&(0x7f0000000040), &(0x7f0000000300)=ANY=[@ANYBLOB="d0000000080211000000080211000001ffffffffffff0000030000000000000000d8aae09a2ac0054ecc14f00a16a0cac2207b63f71fc3d345c4f51147a94e2c8b9d43985263fef7478d9ef262af9897a56a9e07868661"], 0x21)
socket(0x18, 0x0, 0x0)
connect$llc(r3, &(0x7f0000000140)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, 0x10)
sendto$llc(r3, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
sendto$inet(r5, 0x0, 0x0, 0x200048e0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000100)={'ip6gre0\x00', 0x4e})
ioctl$DRM_IOCTL_MODE_ADDFB2(0xffffffffffffffff, 0xc06864b8, &(0x7f0000000580)={0x0, 0x2000, 0x80, 0x3231564e, 0x0, [0x2]})

4.727635419s ago: executing program 2 (id=400):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_sctp(0xa, 0x0, 0x84)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x26e1, 0x0)
close(r1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xa, 0x4, 0x8, 0x8}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000001bc0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001500), &(0x7f0000001400), 0x1006, r1}, 0x38)

3.480313852s ago: executing program 3 (id=401):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$HIDIOCGSTRING(0xffffffffffffffff, 0x81044804, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fanotify_init(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000800009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
dup(0xffffffffffffffff)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000080)={0x3ff}, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000100000500010001"], 0x24}}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="20000000010401010000000000000000000000000a0002"], 0x20}}, 0x0)
ioprio_set$pid(0x1, 0x0, 0x0)
ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x20000023896)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x25)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)={0x40, 0x3a, 0x9, 0x0, 0x0, {0x1}, [@typed={0x4}, @nested={0x8, 0x2, 0x0, 0x1, [@generic="9dfa5f8a"]}, @typed={0xc, 0x3, 0x0, 0x0, @u64}, @typed={0x14, 0x5, 0x0, 0x0, @ipv6=@private1}]}, 0x40}}, 0x0)

3.002454631s ago: executing program 4 (id=402):
creat(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_inet_SIOCGIFBRDADDR(r4, 0x8919, 0x0)
syz_80211_inject_frame(&(0x7f0000000040), &(0x7f0000000300)=ANY=[@ANYBLOB="d0000000080211000000080211000001ffffffffffff0000030000000000000000d8aae09a2ac0054ecc14f00a16a0cac2207b63f71fc3d345c4f51147a94e2c8b9d43985263fef7478d9ef262af9897a56a9e07868661"], 0x21)
socket(0x18, 0x0, 0x0)
connect$llc(r3, &(0x7f0000000140)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, 0x10)
sendto$llc(r3, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
sendto$inet(r5, 0x0, 0x0, 0x200048e0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000100)={'ip6gre0\x00', 0x4e})
ioctl$DRM_IOCTL_MODE_ADDFB2(0xffffffffffffffff, 0xc06864b8, &(0x7f0000000580)={0x0, 0x2000, 0x80, 0x3231564e, 0x0, [0x2]})

2.892717295s ago: executing program 1 (id=403):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d00000018", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000004000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='kfree\x00', r1}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x6)
writev(r2, &(0x7f00000001c0)=[{&(0x7f0000000000)="480000001500190a20ffff7fffffff5602113e850e1de0974881030491720000de213ee23ffbf510040041feff5aff2b0000000000000700"/68, 0x44}, {&(0x7f0000000080)="c1130389", 0x4}], 0x2)

2.86723594s ago: executing program 2 (id=404):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$HIDIOCGSTRING(0xffffffffffffffff, 0x81044804, &(0x7f0000000900)={0x7b, "f476e5039341860673224631133405f2692479708e63e65ef34de87a21e6af61af77e798b12f18650095260d7b31c61c00ce57e30e09c3d5f65a58af7f65b95e0ee6500085c41b48f511e82be2f26ae26ea0a3c6403fb1e33a3b91c016a9e1f32de266bc171d65b39ab083705a8c970126964db5f3ba33186d46eb"})
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fanotify_init(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000800009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
dup(0xffffffffffffffff)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000080)={0x3ff}, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000100000500010001"], 0x24}}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="20000000010401010000000000000000000000000a0002"], 0x20}}, 0x0)
ioprio_set$pid(0x1, 0x0, 0x0)
ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x20000023896)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x25)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)={0x40, 0x3a, 0x9, 0x0, 0x0, {0x1}, [@typed={0x4}, @nested={0x8, 0x2, 0x0, 0x1, [@generic="9dfa5f8a"]}, @typed={0xc, 0x3, 0x0, 0x0, @u64}, @typed={0x14, 0x5, 0x0, 0x0, @ipv6=@private1}]}, 0x40}}, 0x0)

2.799737523s ago: executing program 1 (id=405):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = fanotify_init(0x0, 0x0)
readv(r1, &(0x7f00000003c0)=[{&(0x7f0000000480)=""/4096, 0x34}], 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x45830800000}, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)

1.076017964s ago: executing program 0 (id=406):
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
mount$fuseblk(&(0x7f0000002440), &(0x7f0000002480)='./file0\x00', &(0x7f00000024c0), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYBLOB=',rootmode=00000000000000000020000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',max_read=0x0'])
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00')
read$FUSE(r0, &(0x7f0000002140)={0x2020}, 0x2100)

1.071983671s ago: executing program 4 (id=407):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080))
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000300)=0x1)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x0, 0x4000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private1}]}, &(0x7f0000000380)=0x10)

591.117305ms ago: executing program 1 (id=408):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000180), r1)
sendmsg$NFC_CMD_GET_TARGET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r2, 0x1}, 0x14}}, 0x0)
sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c020000", @ANYRES16=0x0, @ANYBLOB="0000000000000000000005000000e00005800c00028008000100000000000c00028000000100000000004c00028008000100000000000800010000000000080003000000000008000200000000000000020000000000080004000000000000000400000000000800040000000000080001"], 0x23c}}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000740), r1)
r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="c0000000", @ANYRES16=r3, @ANYBLOB="010028bd7000fddbdf25040000000d000a0000000030323135340000000008"], 0xc0}}, 0x0)

0s ago: executing program 1 (id=409):
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040)={0x0, 0x0}, 0x10)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0x3)
r0 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r0, &(0x7f00000006c0)={0x18, 0x2, {0x0, @local}}, 0x1e)
connect$pptp(r0, &(0x7f0000000900)={0x18, 0x2, {0x0, @loopback}}, 0x1e)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0}, 0x90)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246)
r3 = dup(r2)
ioctl$PPPIOCCONNECT(r3, 0x40047435, &(0x7f00000002c0)=0x2)

kernel console output (not intermixed with test programs):

ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  135.896921][ T5279] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  135.908486][ T6030] XFS (loop3): metadata I/O error in "xfs_alloc_read_agfl+0x273/0x4c0" at daddr 0x3 len 1 error 74
[  136.014916][ T6030] XFS (loop3): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x663/0xad0 (fs/xfs/xfs_trans_buf.c:296).  Shutting down filesystem.
[  136.094413][ T6030] XFS (loop3): Please unmount the filesystem and rectify the problem(s)
[  136.098950][ T5922] chnl_net:caif_netlink_parms(): no params data found
[  136.796687][ T5238] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  136.998586][ T5225] XFS (loop3): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  137.014290][ T5238] usb 2-1: Using ep0 maxpacket: 16
[  137.026960][ T5238] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  137.094247][ T5238] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  137.164282][ T5238] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  137.197589][ T5922] bridge0: port 1(bridge_slave_0) entered blocking state
[  137.224323][ T5238] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  137.226605][ T5922] bridge0: port 1(bridge_slave_0) entered disabled state
[  137.234092][ T5238] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  137.295301][ T5922] bridge_slave_0: entered allmulticast mode
[  137.328527][ T5922] bridge_slave_0: entered promiscuous mode
[  137.353830][ T5238] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  137.379303][ T5922] bridge0: port 2(bridge_slave_1) entered blocking state
[  137.397950][ T5922] bridge0: port 2(bridge_slave_1) entered disabled state
[  137.416947][ T5238] usb 2-1: New USB device found, idVendor=0525, idProduct=9ea1, bcdDevice= 0.40
[  137.424551][ T5922] bridge_slave_1: entered allmulticast mode
[  137.443249][ T5922] bridge_slave_1: entered promiscuous mode
[  137.464565][ T5238] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  137.492864][ T5238] usb 2-1: Product: syz
[  137.504418][ T5238] usb 2-1: Manufacturer: syz
[  137.519325][ T5238] usb 2-1: SerialNumber: syz
[  137.607592][ T5922] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  137.651585][ T5922] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  137.773916][ T6069] loop2: detected capacity change from 0 to 4096
[  137.805853][ T6069] ntfs3: loop2: Different NTFS sector size (2048) and media sector size (512).
[  137.883267][ T6069] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[  137.889118][ T5922] team0: Port device team_slave_0 added
[  137.922331][ T5922] team0: Port device team_slave_1 added
[  138.131863][ T5922] batman_adv: batadv0: Adding interface: batadv_slave_0
[  138.158085][ T5922] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  138.230032][ T5922] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  138.267920][ T5922] batman_adv: batadv0: Adding interface: batadv_slave_1
[  138.276390][ T5235] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  138.291804][ T5235] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  138.297325][ T5922] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  138.336701][ T5235] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  138.361634][ T5922] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  138.374080][ T5235] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  138.390204][ T5235] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  138.395151][ T6086] loop3: detected capacity change from 0 to 2048
[  138.415182][ T5235] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  138.457965][ T2499] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  138.500391][ T6086] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  138.515136][ T6082] mkiss: ax0: crc mode is auto.
[  138.693764][ T2499] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  138.769312][ T5922] hsr_slave_0: entered promiscuous mode
[  138.785363][ T5922] hsr_slave_1: entered promiscuous mode
[  138.909218][ T5238] cdc_ncm 2-1:1.0: bind() failure
[  138.918431][ T5238] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  138.927133][ T5238] cdc_ncm 2-1:1.1: bind() failure
[  138.936203][ T5922] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  138.947402][ T5238] usb 2-1: USB disconnect, device number 4
[  138.956746][ T5922] Cannot create hsr debugfs directory
[  138.963655][ T5225] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  139.052808][ T2499] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  139.063965][ T5282] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  139.102219][ T6095] loop1: detected capacity change from 0 to 256
[  139.239718][ T2499] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  139.288423][ T5282] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  139.304147][ T5282] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  139.321545][ T5282] usb 3-1: Product: syz
[  139.338306][ T5282] usb 3-1: Manufacturer: syz
[  139.351630][ T5282] usb 3-1: SerialNumber: syz
[  139.369087][ T5282] usb 3-1: config 0 descriptor??
[  139.735200][ T5283] usb 3-1: USB disconnect, device number 3
[  139.877638][ T2499] bridge_slave_1: left allmulticast mode
[  139.883383][ T2499] bridge_slave_1: left promiscuous mode
[  139.935332][ T2499] bridge0: port 2(bridge_slave_1) entered disabled state
[  140.005355][ T2499] bridge_slave_0: left allmulticast mode
[  140.011045][ T2499] bridge_slave_0: left promiscuous mode
[  140.071351][ T2499] bridge0: port 1(bridge_slave_0) entered disabled state
[  140.178838][ T6094] loop3: detected capacity change from 0 to 32768
[  140.230591][ T6094] jfs: Unrecognized mount option "gid=0x0000000000000000" or missing value
[  140.474905][ T5235] Bluetooth: hci2: command tx timeout
[  141.550232][ T6120] netlink: 'syz.3.152': attribute type 10 has an invalid length.
[  141.559111][ T6120] netlink: 148 bytes leftover after parsing attributes in process `syz.3.152'.
[  141.764813][ T2499] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  141.794326][ T2499] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  141.818157][ T2499] bond0 (unregistering): Released all slaves
[  142.270966][ T5282] usb 3-1: new low-speed USB device number 4 using dummy_hcd
[  142.552514][ T5282] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  142.560115][ T5235] Bluetooth: hci2: command tx timeout
[  142.594240][ T5282] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[  142.608779][ T5282] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  142.623382][ T5282] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  142.640852][ T5282] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  142.681872][ T5282] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  142.706856][ T5282] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[  142.733852][ T5282] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  142.780286][ T5282] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  142.802895][ T5282] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  142.850521][ T5282] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  142.880963][ T5282] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[  142.940915][ T5282] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  142.971053][ T5282] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  142.987984][ T5282] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  143.100137][ T5282] usb 3-1: string descriptor 0 read error: -22
[  143.122482][ T5282] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  143.151084][ T5282] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.160187][ T2499] hsr_slave_0: left promiscuous mode
[  143.202769][ T5282] adutux 3-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  143.210652][ T2499] hsr_slave_1: left promiscuous mode
[  143.245475][ T2499] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  143.275850][ T2499] batman_adv: batadv0: Removing interface: batadv_slave_0
[  143.305769][ T2499] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  143.313185][ T2499] batman_adv: batadv0: Removing interface: batadv_slave_1
[  143.399586][ T2499] veth1_macvtap: left promiscuous mode
[  143.414713][ T2499] veth0_macvtap: left promiscuous mode
[  143.431488][ T2499] veth1_vlan: left promiscuous mode
[  143.443068][ T5283] usb 3-1: USB disconnect, device number 4
[  143.443145][ T2499] veth0_vlan: left promiscuous mode
[  143.980942][ T6133] loop1: detected capacity change from 0 to 32768
[  144.014906][ T6133] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  144.222267][ T6133] XFS (loop1): Ending clean mount
[  144.233826][ T6140] loop3: detected capacity change from 0 to 4096
[  144.257530][ T6140] ntfs3: loop3: Different NTFS sector size (2048) and media sector size (512).
[  144.259883][ T5279] XFS (loop1): Metadata CRC error detected at xfs_agfl_read_verify+0x160/0x230, xfs_agfl block 0x3 
[  144.285399][ T5279] XFS (loop1): Unmount and run xfs_repair
[  144.298119][ T5279] XFS (loop1): First 128 bytes of corrupted metadata buffer:
[  144.326842][ T5279] 00000000: 58 41 46 4c 00 00 00 00 00 00 00 00 00 00 80 86  XAFL............
[  144.348503][ T5279] 00000010: af d4 a8 f7 47 a7 4b ab 00 00 00 00 00 00 00 00  ....G.K.........
[  144.392464][ T5279] 00000020: 5e fe 9e 73 ff ff ff ff 00 00 02 0a 00 00 02 0b  ^..s............
[  144.405287][ T5279] 00000030: 00 00 02 0c 00 00 02 0d 00 00 02 0e 00 00 02 0f  ................
[  144.410032][ T6140] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  144.414962][ T5279] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  144.432591][ T5279] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  144.442018][ T5279] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  144.467885][ T5279] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  144.477334][ T6133] XFS (loop1): metadata I/O error in "xfs_alloc_read_agfl+0x273/0x4c0" at daddr 0x3 len 1 error 74
[  144.494496][ T6133] XFS (loop1): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x663/0xad0 (fs/xfs/xfs_trans_buf.c:296).  Shutting down filesystem.
[  144.512008][ T6133] XFS (loop1): Please unmount the filesystem and rectify the problem(s)
[  144.634712][ T5235] Bluetooth: hci2: command tx timeout
[  144.738115][ T2499] team0 (unregistering): Port device team_slave_1 removed
[  144.792741][ T2499] team0 (unregistering): Port device team_slave_0 removed
[  144.851550][ T5223] XFS (loop1): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  145.308266][ T6156] loop2: detected capacity change from 0 to 256
[  146.033535][ T6161] loop1: detected capacity change from 0 to 2048
[  146.137899][ T6161] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  146.205700][ T6168] netlink: 'syz.2.161': attribute type 10 has an invalid length.
[  146.213556][ T6168] netlink: 148 bytes leftover after parsing attributes in process `syz.2.161'.
[  146.352373][ T6158] Falling back ldisc for ptm0.
[  146.435012][ T6084] chnl_net:caif_netlink_parms(): no params data found
[  146.448159][ T5223] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.754707][ T5235] Bluetooth: hci2: command tx timeout
[  147.492448][ T6084] bridge0: port 1(bridge_slave_0) entered blocking state
[  147.535650][ T6084] bridge0: port 1(bridge_slave_0) entered disabled state
[  147.542884][ T6084] bridge_slave_0: entered allmulticast mode
[  147.599992][ T6084] bridge_slave_0: entered promiscuous mode
[  147.636961][ T6084] bridge0: port 2(bridge_slave_1) entered blocking state
[  147.681782][ T6084] bridge0: port 2(bridge_slave_1) entered disabled state
[  147.694424][ T6084] bridge_slave_1: entered allmulticast mode
[  147.705772][ T6084] bridge_slave_1: entered promiscuous mode
[  147.751247][ T6170] loop3: detected capacity change from 0 to 32768
[  147.767119][ T6170] jfs: Unrecognized mount option "gid=0x0000000000000000" or missing value
[  147.913719][ T6084] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  147.975665][ T6084] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  148.051571][ T6084] team0: Port device team_slave_0 added
[  148.091415][ T6084] team0: Port device team_slave_1 added
[  148.226358][ T6186] loop2: detected capacity change from 0 to 4096
[  148.270940][ T6186] ntfs3: loop2: Different NTFS sector size (2048) and media sector size (512).
[  148.669586][ T6084] batman_adv: batadv0: Adding interface: batadv_slave_0
[  148.689775][ T6084] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  148.751548][ T6084] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  148.796022][ T6084] batman_adv: batadv0: Adding interface: batadv_slave_1
[  148.823411][ T6084] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  148.880586][ T6084] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  148.912843][ T5922] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  148.950251][ T6186] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[  148.950908][ T6184] loop1: detected capacity change from 0 to 32768
[  149.018080][ T5922] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  149.034071][ T6184] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  149.112609][ T6184] XFS (loop1): Ending clean mount
[  149.122306][ T5922] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  149.152582][ T5281] XFS (loop1): Metadata CRC error detected at xfs_agfl_read_verify+0x160/0x230, xfs_agfl block 0x3 
[  149.169529][ T6084] hsr_slave_0: entered promiscuous mode
[  149.175579][ T5281] XFS (loop1): Unmount and run xfs_repair
[  149.181332][ T5281] XFS (loop1): First 128 bytes of corrupted metadata buffer:
[  149.189415][ T5281] 00000000: 58 41 46 4c 00 00 00 00 00 00 00 00 00 00 80 86  XAFL............
[  149.199873][ T5281] 00000010: af d4 a8 f7 47 a7 4b ab 00 00 00 00 00 00 00 00  ....G.K.........
[  149.208833][ T5281] 00000020: 5e fe 9e 73 ff ff ff ff 00 00 02 0a 00 00 02 0b  ^..s............
[  149.221785][ T5281] 00000030: 00 00 02 0c 00 00 02 0d 00 00 02 0e 00 00 02 0f  ................
[  149.253196][ T5281] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  149.274973][ T6084] hsr_slave_1: entered promiscuous mode
[  149.286184][ T5281] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  149.307923][ T5281] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  149.317368][ T5281] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  149.326651][ T6084] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  149.335466][ T6184] XFS (loop1): metadata I/O error in "xfs_alloc_read_agfl+0x273/0x4c0" at daddr 0x3 len 1 error 74
[  149.346766][ T6084] Cannot create hsr debugfs directory
[  149.357062][ T5922] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  149.377918][ T6184] XFS (loop1): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x663/0xad0 (fs/xfs/xfs_trans_buf.c:296).  Shutting down filesystem.
[  149.468403][ T6184] XFS (loop1): Please unmount the filesystem and rectify the problem(s)
[  149.526210][ T5238] usb 4-1: new low-speed USB device number 5 using dummy_hcd
[  149.704985][ T5223] XFS (loop1): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  149.767058][ T5238] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  149.799672][ T5238] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[  149.847293][ T5238] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  149.885250][ T5238] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  149.946508][ T5238] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  150.014300][ T5238] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  150.021773][ T5238] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[  150.076102][ T5238] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  150.122628][ T5238] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  150.168661][ T5922] 8021q: adding VLAN 0 to HW filter on device bond0
[  150.187049][ T5238] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  150.239492][ T5238] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  150.267649][ T5238] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[  150.322046][ T5922] 8021q: adding VLAN 0 to HW filter on device team0
[  150.329626][ T5238] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  150.384329][ T5238] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  150.432420][ T5283] bridge0: port 1(bridge_slave_0) entered blocking state
[  150.434342][ T5238] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  150.439676][ T5283] bridge0: port 1(bridge_slave_0) entered forwarding state
[  150.518236][ T5238] usb 4-1: string descriptor 0 read error: -22
[  150.530576][ T5238] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  150.561613][ T5238] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  150.640541][ T5283] bridge0: port 2(bridge_slave_1) entered blocking state
[  150.647698][ T5283] bridge0: port 2(bridge_slave_1) entered forwarding state
[  150.667728][ T5238] adutux 4-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  150.935883][ T6225] loop1: detected capacity change from 0 to 256
[  150.951058][ T5283] usb 4-1: USB disconnect, device number 5
[  150.991584][ T6084] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  151.066071][ T6084] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  151.124549][ T6084] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  151.161006][ T6084] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  151.576063][ T6084] 8021q: adding VLAN 0 to HW filter on device bond0
[  151.647519][ T5922] 8021q: adding VLAN 0 to HW filter on device batadv0
[  151.735951][ T6238] netlink: 'syz.1.171': attribute type 10 has an invalid length.
[  151.763534][ T6238] netlink: 148 bytes leftover after parsing attributes in process `syz.1.171'.
[  151.815415][ T6084] 8021q: adding VLAN 0 to HW filter on device team0
[  151.886826][ T5282] bridge0: port 1(bridge_slave_0) entered blocking state
[  151.894015][ T5282] bridge0: port 1(bridge_slave_0) entered forwarding state
[  151.952063][ T5282] bridge0: port 2(bridge_slave_1) entered blocking state
[  151.959279][ T5282] bridge0: port 2(bridge_slave_1) entered forwarding state
[  152.130834][ T6242] mkiss: ax0: crc mode is auto.
[  152.143290][ T6244] loop1: detected capacity change from 0 to 2048
[  152.219106][ T6244] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  152.728617][ T5223] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  153.639390][ T5922] veth0_vlan: entered promiscuous mode
[  153.669883][ T6084] 8021q: adding VLAN 0 to HW filter on device batadv0
[  153.740285][ T5922] veth1_vlan: entered promiscuous mode
[  153.842183][ T6084] veth0_vlan: entered promiscuous mode
[  153.889160][ T5922] veth0_macvtap: entered promiscuous mode
[  153.922547][ T6084] veth1_vlan: entered promiscuous mode
[  153.949522][ T5922] veth1_macvtap: entered promiscuous mode
[  154.008016][ T5922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  154.041811][ T5922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  154.072104][ T5922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  154.099018][ T5922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  154.119370][ T5922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  154.140209][ T5922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  154.162299][ T5922] batman_adv: batadv0: Interface activated: batadv_slave_0
[  154.210631][ T5922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  154.243684][ T5922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  154.275617][ T5922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  154.289092][ T5922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  154.299426][ T5922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  154.310375][ T5922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  154.332898][ T5922] batman_adv: batadv0: Interface activated: batadv_slave_1
[  154.389892][ T5922] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  154.414914][ T5922] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  154.446729][ T5922] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  154.468272][ T5922] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  154.508751][ T6084] veth0_macvtap: entered promiscuous mode
[  154.570385][ T6084] veth1_macvtap: entered promiscuous mode
[  154.700298][ T6084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  154.734233][ T6084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  154.744128][ T6084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  154.764251][ T6084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  154.768666][ T6273] loop3: detected capacity change from 0 to 32768
[  154.775628][ T6084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  154.810937][ T6084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  154.830223][ T6273] jfs: Unrecognized mount option "gid=0x0000000000000000" or missing value
[  154.853405][ T6084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  155.000326][ T6084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  155.066039][ T6084] batman_adv: batadv0: Interface activated: batadv_slave_0
[  155.119230][ T6084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  155.140415][ T6084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  155.164211][ T6084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  155.199074][ T6084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  155.521964][ T6084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  155.533893][ T6084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  155.567922][ T6084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  155.645813][ T6084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  155.693202][ T6084] batman_adv: batadv0: Interface activated: batadv_slave_1
[  155.802265][    C1] eth0: bad gso: type: 1, size: 1408
[  155.859580][ T6084] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  155.911213][ T6084] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  155.963680][ T6084] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  155.985677][ T6084] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  156.043536][   T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  156.087163][   T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  156.228732][ T6312] loop3: detected capacity change from 0 to 256
[  156.258155][   T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  156.284746][   T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  156.454143][ T1307] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  156.462184][ T1307] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  156.577343][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  156.613651][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  157.108027][ T6324] loop4: detected capacity change from 0 to 1764
[  157.124645][ T6327] netlink: 'syz.3.180': attribute type 10 has an invalid length.
[  157.145178][ T6324] iso9660: Unknown parameter 'oession'
[  157.160996][ T6327] netlink: 144 bytes leftover after parsing attributes in process `syz.3.180'.
[  157.306481][ T6333] loop4: detected capacity change from 0 to 512
[  157.442701][ T6333] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.117: corrupted in-inode xattr: invalid ea_ino
[  157.458531][ T6333] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.117: couldn't read orphan inode 15 (err -117)
[  157.475081][ T6333] EXT4-fs (loop4): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  157.534397][   T46] usb 2-1: new low-speed USB device number 5 using dummy_hcd
[  157.816344][   T46] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  157.825280][   T46] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[  157.840151][   T46] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  157.850836][   T46] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  157.863083][   T46] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  157.987194][   T46] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  157.994824][   T46] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[  158.007944][   T46] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  158.063714][ T6340] mkiss: ax0: crc mode is auto.
[  158.092870][   T46] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  158.148711][ T6347] loop2: detected capacity change from 0 to 2048
[  158.158374][ T6341] loop3: detected capacity change from 0 to 4096
[  158.174270][   T46] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  158.203324][ T6341] NILFS (loop3): invalid segment: Checksum error in segment payload
[  158.220419][   T46] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  158.231850][ T6341] NILFS (loop3): trying rollback from an earlier position
[  158.240734][   T46] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[  158.284329][   T46] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  158.309734][ T6347] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  158.335309][   T46] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  158.347852][   T46] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  158.350360][ T6341] NILFS (loop3): recovery complete
[  158.393586][   T46] usb 2-1: string descriptor 0 read error: -22
[  158.399889][ T5922] EXT4-fs (loop4): unmounting filesystem 00000007-0000-0000-0000-000000000000.
[  158.465953][   T46] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  158.476642][ T6353] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  158.514862][   T46] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  158.588658][   T46] adutux 2-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  158.680773][ T5366] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.708414][ T6341] loop3: detected capacity change from 4096 to 0
[  158.740569][    C1] I/O error, dev loop3, sector 24 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  158.752002][ T6360] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0)
[  158.844516][ T5283] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  159.804791][ T5226] usb 2-1: USB disconnect, device number 5
[  159.817496][ T5283] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  159.832424][ T6353] segctord: attempt to access beyond end of device
[  159.832424][ T6353] loop3: rw=0, sector=24, nr_sectors = 2 limit=0
[  159.866727][ T5283] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.911311][ T6353] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0)
[  159.915388][ T5283] usb 1-1: Product: syz
[  159.953840][ T6353] segctord: attempt to access beyond end of device
[  159.953840][ T6353] loop3: rw=0, sector=24, nr_sectors = 2 limit=0
[  159.960579][ T5283] usb 1-1: Manufacturer: syz
[  159.974635][ T6353] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0)
[  160.019064][ T5283] usb 1-1: SerialNumber: syz
[  160.034363][ T6353] segctord: attempt to access beyond end of device
[  160.034363][ T6353] loop3: rw=0, sector=24, nr_sectors = 2 limit=0
[  160.052327][ T5283] usb 1-1: config 0 descriptor??
[  160.134250][ T6353] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0)
[  160.175136][ T5225] syz-executor: attempt to access beyond end of device
[  160.175136][ T5225] loop3: rw=0, sector=24, nr_sectors = 2 limit=0
[  160.194545][ T5225] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0)
[  160.203272][ T5225] syz-executor: attempt to access beyond end of device
[  160.203272][ T5225] loop3: rw=0, sector=24, nr_sectors = 2 limit=0
[  160.281434][ T5225] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0)
[  160.308163][ T5225] syz-executor: attempt to access beyond end of device
[  160.308163][ T5225] loop3: rw=0, sector=24, nr_sectors = 2 limit=0
[  160.371404][ T5225] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0)
[  160.385501][ T6378] loop1: detected capacity change from 0 to 256
[  160.448380][ T5225] syz-executor: attempt to access beyond end of device
[  160.448380][ T5225] loop3: rw=0, sector=24, nr_sectors = 2 limit=0
[  160.511885][ T5225] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0)
[  161.224310][ T5225] NILFS (loop3): disposed unprocessed dirty file(s) when stopping log writer
[  161.253770][ T5225] syz-executor: attempt to access beyond end of device
[  161.253770][ T5225] loop3: rw=395265, sector=2, nr_sectors = 2 limit=0
[  161.277315][ T5225] Buffer I/O error on dev loop3, logical block 1, lost sync page write
[  161.295696][ T5225] NILFS (loop3): unable to write superblock: err=-5
[  161.323458][ T5225] syz-executor: attempt to access beyond end of device
[  161.323458][ T5225] loop3: rw=395265, sector=4088, nr_sectors = 2 limit=0
[  161.338372][ T5226] usb 1-1: USB disconnect, device number 2
[  161.384643][ T5225] Buffer I/O error on dev loop3, logical block 2044, lost sync page write
[  161.409877][ T5225] NILFS (loop3): unable to write superblock: err=-5
[  162.234605][ T6370] loop2: detected capacity change from 0 to 32768
[  162.329404][ T6370] XFS (loop2): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  162.583878][ T6370] XFS (loop2): Ending clean mount
[  162.661582][ T5226] XFS (loop2): Metadata CRC error detected at xfs_agfl_read_verify+0x160/0x230, xfs_agfl block 0x3 
[  162.715196][ T5226] XFS (loop2): Unmount and run xfs_repair
[  162.720960][ T5226] XFS (loop2): First 128 bytes of corrupted metadata buffer:
[  162.785290][ T5226] 00000000: 58 41 46 4c 00 00 00 00 00 00 00 00 00 00 80 86  XAFL............
[  162.820700][ T5226] 00000010: af d4 a8 f7 47 a7 4b ab 00 00 00 00 00 00 00 00  ....G.K.........
[  162.832785][ T6417] loop0: detected capacity change from 0 to 1764
[  162.846036][ T5226] 00000020: 5e fe 9e 73 ff ff ff ff 00 00 02 0a 00 00 02 0b  ^..s............
[  162.874484][ T5226] 00000030: 00 00 02 0c 00 00 02 0d 00 00 02 0e 00 00 02 0f  ................
[  162.884088][ T6417] iso9660: Unknown parameter 'oession'
[  162.910917][ T5226] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  162.934915][ T5226] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  162.978336][ T5226] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  163.047844][ T5226] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  163.085457][ T6370] XFS (loop2): metadata I/O error in "xfs_alloc_read_agfl+0x273/0x4c0" at daddr 0x3 len 1 error 74
[  163.112467][ T6423] loop0: detected capacity change from 0 to 512
[  163.146044][ T6370] XFS (loop2): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x663/0xad0 (fs/xfs/xfs_trans_buf.c:296).  Shutting down filesystem.
[  163.253431][ T6423] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.194: corrupted in-inode xattr: invalid ea_ino
[  163.292880][ T6370] XFS (loop2): Please unmount the filesystem and rectify the problem(s)
[  163.395233][ T6423] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.194: couldn't read orphan inode 15 (err -117)
[  163.412216][ T6423] EXT4-fs (loop0): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  163.450562][ T6397] loop3: detected capacity change from 0 to 32768
[  163.459860][ T5366] XFS (loop2): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  163.470352][ T6397] jfs: Unrecognized mount option "gid=0x0000000000000000" or missing value
[  163.837634][ T6084] EXT4-fs (loop0): unmounting filesystem 00000007-0000-0000-0000-000000000000.
[  164.041746][ T6438] mkiss: ax0: crc mode is auto.
[  164.163380][ T6438] loop0: detected capacity change from 0 to 2048
[  165.398256][ T6438] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  165.546948][ T6452] loop3: detected capacity change from 0 to 4096
[  165.600246][ T6452] NILFS (loop3): invalid segment: Checksum error in segment payload
[  165.632122][ T6452] NILFS (loop3): trying rollback from an earlier position
[  165.709649][ T6452] NILFS (loop3): recovery complete
[  165.726948][ T6084] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.741454][ T6460] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  165.824485][ T5238] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  166.094868][ T6452] loop3: detected capacity change from 4096 to 0
[  166.267119][    C1] I/O error, dev loop3, sector 24 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  166.299219][ T6463] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0)
[  166.815262][ T5238] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  166.833156][ T5238] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  166.841387][ T5238] usb 3-1: Product: syz
[  166.845613][ T5238] usb 3-1: Manufacturer: syz
[  166.850208][ T5238] usb 3-1: SerialNumber: syz
[  166.857132][ T5238] usb 3-1: config 0 descriptor??
[  166.895553][ T6460] segctord: attempt to access beyond end of device
[  166.895553][ T6460] loop3: rw=0, sector=24, nr_sectors = 2 limit=0
[  166.944384][ T6460] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0)
[  166.973687][ T6460] segctord: attempt to access beyond end of device
[  166.973687][ T6460] loop3: rw=0, sector=24, nr_sectors = 2 limit=0
[  167.026470][ T6460] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0)
[  167.074455][ T6460] segctord: attempt to access beyond end of device
[  167.074455][ T6460] loop3: rw=0, sector=24, nr_sectors = 2 limit=0
[  167.129363][ T6460] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0)
[  167.159162][ T5225] syz-executor: attempt to access beyond end of device
[  167.159162][ T5225] loop3: rw=0, sector=24, nr_sectors = 2 limit=0
[  167.174336][  T943] usb 1-1: new low-speed USB device number 3 using dummy_hcd
[  167.212312][ T5225] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0)
[  167.224326][ T5283] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  167.254982][ T5225] syz-executor: attempt to access beyond end of device
[  167.254982][ T5225] loop3: rw=0, sector=24, nr_sectors = 2 limit=0
[  167.293340][   T46] usb 3-1: USB disconnect, device number 5
[  167.467001][ T5225] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0)
[  167.488691][  T943] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  167.502655][ T5225] syz-executor: attempt to access beyond end of device
[  167.502655][ T5225] loop3: rw=0, sector=24, nr_sectors = 2 limit=0
[  168.198815][  T943] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[  168.231790][  T943] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  168.233308][ T5283] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  168.276206][ T5283] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  168.288131][  T943] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  168.303762][ T5283] usb 2-1: Product: syz
[  168.308499][ T5283] usb 2-1: Manufacturer: syz
[  168.320244][ T5225] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0)
[  168.331526][ T5283] usb 2-1: SerialNumber: syz
[  168.351561][ T5225] syz-executor: attempt to access beyond end of device
[  168.351561][ T5225] loop3: rw=0, sector=24, nr_sectors = 2 limit=0
[  168.368574][ T5283] usb 2-1: config 0 descriptor??
[  168.373236][  T943] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  168.398508][ T5225] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0)
[  168.427867][  T943] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  168.453075][ T5225] NILFS (loop3): disposed unprocessed dirty file(s) when stopping log writer
[  168.458322][  T943] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[  168.501451][ T5225] syz-executor: attempt to access beyond end of device
[  168.501451][ T5225] loop3: rw=395265, sector=2, nr_sectors = 2 limit=0
[  168.514613][ T6485] loop4: detected capacity change from 0 to 512
[  168.549724][ T5225] Buffer I/O error on dev loop3, logical block 1, lost sync page write
[  168.570275][  T943] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  168.624232][ T5225] NILFS (loop3): unable to write superblock: err=-5
[  168.641050][  T943] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  168.663057][ T5225] syz-executor: attempt to access beyond end of device
[  168.663057][ T5225] loop3: rw=395265, sector=4088, nr_sectors = 2 limit=0
[  168.692277][ T6485] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.205: corrupted in-inode xattr: invalid ea_ino
[  168.827439][ T6485] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.205: couldn't read orphan inode 15 (err -117)
[  168.856458][ T6485] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  168.864501][  T943] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  168.872317][ T5225] Buffer I/O error on dev loop3, logical block 2044, lost sync page write
[  168.941150][ T5225] NILFS (loop3): unable to write superblock: err=-5
[  168.955563][  T943] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  168.962997][  T943] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[  169.025992][    T8] usb 2-1: USB disconnect, device number 6
[  169.048035][  T943] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  169.107542][  T943] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  169.179941][  T943] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  169.226353][  T943] usb 1-1: string descriptor 0 read error: -22
[  169.233709][  T943] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  169.261650][ T5922] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.280385][  T943] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  169.331306][ T6499] loop3: detected capacity change from 0 to 256
[  169.382986][  T943] adutux 1-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  170.451377][ T5335] usb 1-1: USB disconnect, device number 3
[  171.448029][ T6525] netlink: 'syz.3.211': attribute type 10 has an invalid length.
[  171.474323][ T6525] netlink: 156 bytes leftover after parsing attributes in process `syz.3.211'.
[  171.900973][ T6532] loop0: detected capacity change from 0 to 4096
[  171.996739][ T6532] NILFS (loop0): invalid segment: Checksum error in segment payload
[  172.180111][ T6532] NILFS (loop0): trying rollback from an earlier position
[  172.667154][ T6532] NILFS (loop0): recovery complete
[  172.716373][ T6542] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  172.934328][ T6532] loop0: detected capacity change from 4096 to 0
[  172.985428][    C1] I/O error, dev loop0, sector 24 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  173.014289][ T6544] NILFS (loop0): I/O error reading meta-data file (ino=3, block-offset=0)
[  173.131769][ T6542] segctord: attempt to access beyond end of device
[  173.131769][ T6542] loop0: rw=0, sector=24, nr_sectors = 2 limit=0
[  173.173396][ T6542] NILFS (loop0): I/O error reading meta-data file (ino=3, block-offset=0)
[  173.209590][ T6542] segctord: attempt to access beyond end of device
[  173.209590][ T6542] loop0: rw=0, sector=24, nr_sectors = 2 limit=0
[  173.238129][ T6542] NILFS (loop0): I/O error reading meta-data file (ino=3, block-offset=0)
[  173.257132][ T6542] segctord: attempt to access beyond end of device
[  173.257132][ T6542] loop0: rw=0, sector=24, nr_sectors = 2 limit=0
[  173.290852][ T6542] NILFS (loop0): I/O error reading meta-data file (ino=3, block-offset=0)
[  173.494671][ T6084] syz-executor: attempt to access beyond end of device
[  173.494671][ T6084] loop0: rw=0, sector=24, nr_sectors = 2 limit=0
[  173.529640][ T6084] NILFS (loop0): I/O error reading meta-data file (ino=3, block-offset=0)
[  173.539771][ T6084] syz-executor: attempt to access beyond end of device
[  173.539771][ T6084] loop0: rw=0, sector=24, nr_sectors = 2 limit=0
[  173.553207][ T6084] NILFS (loop0): I/O error reading meta-data file (ino=3, block-offset=0)
[  173.562607][ T6084] syz-executor: attempt to access beyond end of device
[  173.562607][ T6084] loop0: rw=0, sector=24, nr_sectors = 2 limit=0
[  173.575811][ T6084] NILFS (loop0): I/O error reading meta-data file (ino=3, block-offset=0)
[  173.584668][ T6084] syz-executor: attempt to access beyond end of device
[  173.584668][ T6084] loop0: rw=0, sector=24, nr_sectors = 2 limit=0
[  173.600693][ T6084] NILFS (loop0): I/O error reading meta-data file (ino=3, block-offset=0)
[  174.373566][ T6084] NILFS (loop0): disposed unprocessed dirty file(s) when stopping log writer
[  174.450464][ T6084] syz-executor: attempt to access beyond end of device
[  174.450464][ T6084] loop0: rw=395265, sector=2, nr_sectors = 2 limit=0
[  174.505385][ T6084] Buffer I/O error on dev loop0, logical block 1, lost sync page write
[  174.513758][ T6084] NILFS (loop0): unable to write superblock: err=-5
[  174.531456][ T6084] syz-executor: attempt to access beyond end of device
[  174.531456][ T6084] loop0: rw=395265, sector=4088, nr_sectors = 2 limit=0
[  174.570076][ T6084] Buffer I/O error on dev loop0, logical block 2044, lost sync page write
[  174.601641][ T6084] NILFS (loop0): unable to write superblock: err=-5
[  174.876798][ T6562] mkiss: ax0: crc mode is auto.
[  174.934289][ T5283] usb 3-1: new low-speed USB device number 6 using dummy_hcd
[  175.007207][ T6562] loop0: detected capacity change from 0 to 2048
[  175.056102][ T6565] loop4: detected capacity change from 0 to 256
[  175.186451][ T5283] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  175.213100][ T5283] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[  175.256411][ T6562] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  175.530075][ T5283] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  175.669914][ T5283] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  175.742630][ T5283] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  175.752756][ T5281] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  175.810931][ T5283] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  175.851084][ T5283] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[  175.886814][ T5283] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  175.901237][ T6084] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  175.914299][ T5283] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  175.953087][ T5283] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  175.971486][ T5281] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  176.004640][ T5281] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  176.018903][ T5283] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  176.049522][ T5281] usb 2-1: Product: syz
[  176.057621][ T5283] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[  176.080283][ T5281] usb 2-1: Manufacturer: syz
[  176.100683][ T5281] usb 2-1: SerialNumber: syz
[  176.106091][ T5283] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  176.127706][ T5281] usb 2-1: config 0 descriptor??
[  176.146590][ T5283] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  176.172151][ T5283] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  176.196166][ T5283] usb 3-1: string descriptor 0 read error: -22
[  176.208063][ T5283] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  176.219249][ T5283] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  176.237923][ T6577] netlink: 'syz.0.224': attribute type 10 has an invalid length.
[  176.249315][ T5283] adutux 3-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  176.294336][ T6577] netlink: 156 bytes leftover after parsing attributes in process `syz.0.224'.
[  176.354437][ T5335] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  176.521251][ T5283] usb 3-1: USB disconnect, device number 6
[  176.561038][    T8] usb 2-1: USB disconnect, device number 7
[  176.613498][ T5335] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  176.699468][ T5335] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  176.768163][ T5335] usb 5-1: Product: syz
[  176.784966][ T5335] usb 5-1: Manufacturer: syz
[  176.811873][ T5335] usb 5-1: SerialNumber: syz
[  177.003119][ T5335] usb 5-1: config 0 descriptor??
[  178.870187][   T46] usb 5-1: USB disconnect, device number 3
[  179.220200][ T6596] loop3: detected capacity change from 0 to 4096
[  179.454112][ T6596] NILFS (loop3): invalid segment: Checksum error in segment payload
[  179.797755][ T6596] NILFS (loop3): trying rollback from an earlier position
[  180.226650][ T6596] NILFS (loop3): recovery complete
[  180.277609][ T6603] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  180.390827][ T6608] loop4: detected capacity change from 0 to 256
[  181.208432][    C1] eth0: bad gso: type: 1, size: 1408
[  181.355904][ T6621] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  181.366336][ T6596] loop3: detected capacity change from 4096 to 0
[  181.404994][ T6620] netlink: 'syz.0.235': attribute type 10 has an invalid length.
[  181.417229][    C1] I/O error, dev loop3, sector 24 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  181.428629][ T6610] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0)
[  181.459478][ T6620] netlink: 156 bytes leftover after parsing attributes in process `syz.0.235'.
[  181.744719][ T6603] segctord: attempt to access beyond end of device
[  181.744719][ T6603] loop3: rw=0, sector=24, nr_sectors = 2 limit=0
[  181.774520][ T6603] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0)
[  181.804607][ T6603] segctord: attempt to access beyond end of device
[  181.804607][ T6603] loop3: rw=0, sector=24, nr_sectors = 2 limit=0
[  181.927670][ T6603] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0)
[  182.044584][ T6603] segctord: attempt to access beyond end of device
[  182.044584][ T6603] loop3: rw=0, sector=24, nr_sectors = 2 limit=0
[  182.103160][ T6603] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0)
[  182.125332][ T5225] syz-executor: attempt to access beyond end of device
[  182.125332][ T5225] loop3: rw=0, sector=24, nr_sectors = 2 limit=0
[  182.156228][ T5225] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0)
[  182.364848][ T5225] syz-executor: attempt to access beyond end of device
[  182.364848][ T5225] loop3: rw=0, sector=24, nr_sectors = 2 limit=0
[  182.595201][ T5225] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0)
[  182.714435][ T5225] syz-executor: attempt to access beyond end of device
[  182.714435][ T5225] loop3: rw=0, sector=24, nr_sectors = 2 limit=0
[  182.779058][ T5225] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0)
[  182.817914][ T5225] syz-executor: attempt to access beyond end of device
[  182.817914][ T5225] loop3: rw=0, sector=24, nr_sectors = 2 limit=0
[  182.871712][ T5225] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0)
[  182.880766][ T5225] NILFS (loop3): disposed unprocessed dirty file(s) when stopping log writer
[  182.891076][ T5225] syz-executor: attempt to access beyond end of device
[  182.891076][ T5225] loop3: rw=395265, sector=2, nr_sectors = 2 limit=0
[  182.905630][ T5225] Buffer I/O error on dev loop3, logical block 1, lost sync page write
[  182.914540][ T5225] NILFS (loop3): unable to write superblock: err=-5
[  182.921188][ T5225] syz-executor: attempt to access beyond end of device
[  182.921188][ T5225] loop3: rw=395265, sector=4088, nr_sectors = 2 limit=0
[  182.951826][ T5225] Buffer I/O error on dev loop3, logical block 2044, lost sync page write
[  182.964320][ T5225] NILFS (loop3): unable to write superblock: err=-5
[  183.094316][ T6636] loop4: detected capacity change from 0 to 4096
[  183.147099][ T6636] NILFS (loop4): invalid segment: Checksum error in segment payload
[  183.181315][ T6636] NILFS (loop4): trying rollback from an earlier position
[  183.229255][ T6636] NILFS (loop4): recovery complete
[  183.246325][ T6640] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  183.404357][   T46] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  183.608184][   T46] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  183.633539][   T46] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  183.657055][   T46] usb 4-1: Product: syz
[  183.661258][   T46] usb 4-1: Manufacturer: syz
[  183.694603][   T46] usb 4-1: SerialNumber: syz
[  183.716626][   T46] usb 4-1: config 0 descriptor??
[  183.966216][ T5282] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  184.091837][ T5281] usb 4-1: USB disconnect, device number 6
[  184.114586][   T46] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  184.175814][ T5282] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  184.209085][ T5282] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  184.251417][ T5282] usb 5-1: Product: syz
[  184.272092][ T5282] usb 5-1: Manufacturer: syz
[  184.277851][ T5282] usb 5-1: SerialNumber: syz
[  184.305699][ T5282] usb 5-1: config 0 descriptor??
[  184.311531][ T6647] loop2: detected capacity change from 0 to 512
[  184.337489][   T46] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  184.359672][   T46] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  184.383172][ T6647] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.244: corrupted in-inode xattr: invalid ea_ino
[  184.401727][   T46] usb 2-1: Product: syz
[  184.417442][ T6647] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.244: couldn't read orphan inode 15 (err -117)
[  184.437270][   T46] usb 2-1: Manufacturer: syz
[  184.463313][   T46] usb 2-1: SerialNumber: syz
[  184.491260][ T6647] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  184.510857][   T46] usb 2-1: config 0 descriptor??
[  184.553506][ T6647] EXT4-fs error (device loop2): ext4_find_dest_de:2067: inode #2: block 13: comm syz.2.244: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0
[  184.655336][ T6647] EXT4-fs error (device loop2): ext4_find_dest_de:2067: inode #2: block 13: comm syz.2.244: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0
[  184.791483][   T46] usb 5-1: USB disconnect, device number 4
[  184.907641][ T5366] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  184.960434][ T5281] usb 2-1: USB disconnect, device number 8
[  186.400762][ T6651] loop0: detected capacity change from 0 to 32768
[  186.438238][ T6651] XFS (loop0): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  186.518518][ T6651] XFS (loop0): Ending clean mount
[  186.539709][ T6651] XFS (loop0): Metadata CRC error detected at xfs_agfl_read_verify+0x160/0x230, xfs_agfl block 0x3 
[  186.553756][ T6651] XFS (loop0): Unmount and run xfs_repair
[  186.560199][ T6651] XFS (loop0): First 128 bytes of corrupted metadata buffer:
[  186.568013][ T6651] 00000000: 58 41 46 4c 00 00 00 00 00 00 00 00 00 00 80 86  XAFL............
[  186.577862][ T6651] 00000010: af d4 a8 f7 47 a7 4b ab 00 00 00 00 00 00 00 00  ....G.K.........
[  186.591645][ T6651] 00000020: 5e fe 9e 73 ff ff ff ff 00 00 02 0a 00 00 02 0b  ^..s............
[  186.621011][ T6651] 00000030: 00 00 02 0c 00 00 02 0d 00 00 02 0e 00 00 02 0f  ................
[  186.655976][ T6651] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  186.693728][ T6651] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  186.716893][ T6671] loop3: detected capacity change from 0 to 1764
[  186.737485][ T6651] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  186.754445][ T6651] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  186.763457][ T6651] XFS (loop0): metadata I/O error in "xfs_alloc_read_agfl+0x273/0x4c0" at daddr 0x3 len 1 error 74
[  186.767482][   T29] audit: type=1804 audit(1722549137.497:10): pid=6673 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.245" name="/newroot/13/file0/bus" dev="loop0" ino=1065 res=1 errno=0
[  186.782083][ T6651] XFS (loop0): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x663/0xad0 (fs/xfs/xfs_trans_buf.c:296).  Shutting down filesystem.
[  186.825546][ T6671] iso9660: Unknown parameter 'oession'
[  186.836164][ T6651] XFS (loop0): Please unmount the filesystem and rectify the problem(s)
[  186.983839][ T6676] loop3: detected capacity change from 0 to 512
[  187.039801][ T6084] XFS (loop0): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  187.076216][ T6676] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.248: corrupted in-inode xattr: invalid ea_ino
[  187.105346][ T6676] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.248: couldn't read orphan inode 15 (err -117)
[  187.315079][ T6676] EXT4-fs (loop3): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  188.419949][ T6693] loop4: detected capacity change from 0 to 512
[  188.489182][ T5225] EXT4-fs (loop3): unmounting filesystem 00000007-0000-0000-0000-000000000000.
[  188.509413][ T6693] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.256: corrupted in-inode xattr: invalid ea_ino
[  188.602151][ T6693] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.256: couldn't read orphan inode 15 (err -117)
[  188.659124][ T6693] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  188.696313][ T6693] EXT4-fs error (device loop4): ext4_find_dest_de:2067: inode #2: block 13: comm syz.4.256: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0
[  188.719319][ T6693] EXT4-fs error (device loop4): ext4_find_dest_de:2067: inode #2: block 13: comm syz.4.256: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0
[  188.839425][ T5922] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  189.744385][   T46] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  190.120413][   T46] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  190.138481][   T46] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.171980][   T46] usb 2-1: Product: syz
[  190.191343][   T46] usb 2-1: Manufacturer: syz
[  190.201484][   T46] usb 2-1: SerialNumber: syz
[  190.220732][   T46] usb 2-1: config 0 descriptor??
[  190.444372][ T5281] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  190.449682][ T6699] loop3: detected capacity change from 0 to 32768
[  190.557474][ T6699] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  190.584655][   T46] usb 2-1: USB disconnect, device number 9
[  190.684210][ T5281] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  190.711133][ T5281] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.721013][ T5281] usb 5-1: Product: syz
[  190.729561][ T5281] usb 5-1: Manufacturer: syz
[  190.734455][ T5281] usb 5-1: SerialNumber: syz
[  190.750292][ T5281] usb 5-1: config 0 descriptor??
[  190.888821][ T6699] XFS (loop3): Ending clean mount
[  190.910077][ T6699] XFS (loop3): Quotacheck needed: Please wait.
[  190.932213][ T6729] loop0: detected capacity change from 0 to 4096
[  190.983820][ T6729] NILFS (loop0): invalid segment: Checksum error in segment payload
[  191.005769][ T6699] XFS (loop3): Quotacheck: Done.
[  191.023145][ T6729] NILFS (loop0): trying rollback from an earlier position
[  191.123220][ T6729] NILFS (loop0): recovery complete
[  191.144068][    T8] usb 5-1: USB disconnect, device number 5
[  191.173901][ T6733] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  191.274285][ T5243] Bluetooth: hci0: command 0x0406 tx timeout
[  191.277123][ T5229] Bluetooth: hci1: command 0x0406 tx timeout
[  191.362202][ T5225] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  191.572103][ T6737] loop2: detected capacity change from 0 to 512
[  191.696909][ T6737] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.268: corrupted in-inode xattr: invalid ea_ino
[  191.802868][ T6737] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.268: couldn't read orphan inode 15 (err -117)
[  191.821117][ T6737] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  191.869921][ T6737] EXT4-fs error (device loop2): ext4_find_dest_de:2067: inode #2: block 13: comm syz.2.268: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0
[  191.898630][ T6737] EXT4-fs error (device loop2): ext4_find_dest_de:2067: inode #2: block 13: comm syz.2.268: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0
[  191.993136][ T5366] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  192.034586][ T6743] loop3: detected capacity change from 0 to 1764
[  192.054231][ T5281] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  192.098319][ T6743] iso9660: Unknown parameter 'oession'
[  192.262143][ T6747] loop3: detected capacity change from 0 to 512
[  192.278106][ T5281] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  192.321452][ T5281] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  192.360436][ T6747] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.267: corrupted in-inode xattr: invalid ea_ino
[  192.390737][ T6747] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.267: couldn't read orphan inode 15 (err -117)
[  192.414707][ T5281] usb 1-1: Product: syz
[  192.427103][    C1] eth0: bad gso: type: 1, size: 1408
[  192.432098][ T6747] EXT4-fs (loop3): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  192.450997][ T5281] usb 1-1: Manufacturer: syz
[  192.464893][ T5281] usb 1-1: SerialNumber: syz
[  192.481703][ T5281] usb 1-1: config 0 descriptor??
[  193.647277][    T8] usb 1-1: USB disconnect, device number 4
[  193.657388][ T5225] EXT4-fs (loop3): unmounting filesystem 00000007-0000-0000-0000-000000000000.
[  194.149545][ T6771] loop3: detected capacity change from 0 to 4096
[  194.190074][ T6771] NILFS (loop3): invalid segment: Checksum error in segment payload
[  194.222246][ T6771] NILFS (loop3): trying rollback from an earlier position
[  194.274925][ T6771] NILFS (loop3): recovery complete
[  194.301455][ T6772] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  194.320088][ T1267] ieee802154 phy0 wpan0: encryption failed: -22
[  194.335234][ T1267] ieee802154 phy1 wpan1: encryption failed: -22
[  194.603687][ T6775] loop0: detected capacity change from 0 to 512
[  194.657748][ T6763] loop4: detected capacity change from 0 to 32768
[  194.666123][ T6763] jfs: Unrecognized mount option "gid=0x0000000000000000" or missing value
[  194.671996][ T6769] loop1: detected capacity change from 0 to 32768
[  194.698955][ T6775] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.281: corrupted in-inode xattr: invalid ea_ino
[  194.724378][ T6775] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.281: couldn't read orphan inode 15 (err -117)
[  194.814560][ T6769] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  194.873938][ T6775] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  195.082036][ T6084] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  195.166065][ T6769] XFS (loop1): Ending clean mount
[  195.178853][ T6769] XFS (loop1): Quotacheck needed: Please wait.
[  195.428060][ T6769] XFS (loop1): Quotacheck: Done.
[  195.776598][ T6784] loop3: detected capacity change from 0 to 32768
[  195.862895][ T6784] XFS (loop3): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  195.982713][ T5223] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  196.045358][ T6784] XFS (loop3): Ending clean mount
[  196.117340][ T5281] XFS (loop3): Metadata CRC error detected at xfs_agfl_read_verify+0x160/0x230, xfs_agfl block 0x3 
[  196.128601][   T46] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  196.143832][ T6803] loop4: detected capacity change from 0 to 1764
[  196.154423][ T5281] XFS (loop3): Unmount and run xfs_repair
[  196.160736][ T5281] XFS (loop3): First 128 bytes of corrupted metadata buffer:
[  196.181846][ T5281] 00000000: 58 41 46 4c 00 00 00 00 00 00 00 00 00 00 80 86  XAFL............
[  196.209681][ T6803] iso9660: Unknown parameter 'oession'
[  196.224484][ T5281] 00000010: af d4 a8 f7 47 a7 4b ab 00 00 00 00 00 00 00 00  ....G.K.........
[  196.261905][ T5281] 00000020: 5e fe 9e 73 ff ff ff ff 00 00 02 0a 00 00 02 0b  ^..s............
[  196.288003][ T5281] 00000030: 00 00 02 0c 00 00 02 0d 00 00 02 0e 00 00 02 0f  ................
[  196.314291][ T5281] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  196.343644][ T5281] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  196.390912][   T46] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  196.403720][ T5281] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  196.418165][   T46] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  196.432694][ T6805] loop4: detected capacity change from 0 to 512
[  196.449199][ T5281] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  196.465830][   T46] usb 1-1: Product: syz
[  196.478949][   T46] usb 1-1: Manufacturer: syz
[  196.488439][ T6784] XFS (loop3): metadata I/O error in "xfs_alloc_read_agfl+0x273/0x4c0" at daddr 0x3 len 1 error 74
[  196.504027][   T46] usb 1-1: SerialNumber: syz
[  196.527966][ T6784] XFS (loop3): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x663/0xad0 (fs/xfs/xfs_trans_buf.c:296).  Shutting down filesystem.
[  196.547149][   T46] usb 1-1: config 0 descriptor??
[  196.560699][ T6805] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.286: corrupted in-inode xattr: invalid ea_ino
[  196.574603][ T6784] XFS (loop3): Please unmount the filesystem and rectify the problem(s)
[  196.635325][ T6805] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.286: couldn't read orphan inode 15 (err -117)
[  196.667550][ T6805] EXT4-fs (loop4): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  196.921160][ T5225] XFS (loop3): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  197.732444][    T8] usb 1-1: USB disconnect, device number 5
[  197.938112][ T5922] EXT4-fs (loop4): unmounting filesystem 00000007-0000-0000-0000-000000000000.
[  198.359088][ T6830] loop3: detected capacity change from 0 to 512
[  198.388630][ T6830] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.294: corrupted in-inode xattr: invalid ea_ino
[  198.419191][ T6830] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.294: couldn't read orphan inode 15 (err -117)
[  198.461151][ T6830] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  198.504313][    T8] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  198.528810][ T5225] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  198.594291][ T5281] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  198.859566][    T8] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  198.869240][    T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  198.890309][    T8] usb 2-1: Product: syz
[  198.904626][    T8] usb 2-1: Manufacturer: syz
[  198.917342][    T8] usb 2-1: SerialNumber: syz
[  198.943161][    T8] usb 2-1: config 0 descriptor??
[  198.957352][ T5281] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  198.996168][ T5281] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[  199.015674][ T5281] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  199.031478][ T5281] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  199.049376][ T5281] usb 3-1: SerialNumber: syz
[  199.066847][ T5281] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22
[  199.268342][    T8] usb 2-1: USB disconnect, device number 10
[  199.402447][ T6828] loop2: detected capacity change from 0 to 1764
[  199.447680][ T6828] iso9660: Bad value for 'gid'
[  199.474417][ T6828] iso9660: Bad value for 'gid'
[  199.747514][    T8] usb 3-1: USB disconnect, device number 7
[  200.305175][ T6839] loop0: detected capacity change from 0 to 32768
[  200.335456][ T6839] jfs: Unrecognized mount option "gid=0x0000000000000000" or missing value
[  200.561226][ T6847] overlayfs: failed to resolve './file0': -2
[  203.652658][ T6855] loop0: detected capacity change from 0 to 1764
[  203.690094][ T6855] iso9660: Unknown parameter 'oession'
[  204.104949][   T46] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  204.394303][   T46] usb 4-1: Using ep0 maxpacket: 16
[  204.460762][   T46] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  204.482612][   T46] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  204.523318][   T46] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  204.544314][   T46] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  204.567018][   T46] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  204.590524][   T46] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  204.617091][ T6869] loop0: detected capacity change from 0 to 512
[  204.636535][   T46] usb 4-1: New USB device found, idVendor=0525, idProduct=9ea1, bcdDevice= 0.40
[  204.659264][   T46] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  204.692579][   T46] usb 4-1: Product: syz
[  204.698693][   T46] usb 4-1: Manufacturer: syz
[  204.705953][ T6869] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.301: corrupted in-inode xattr: invalid ea_ino
[  204.734662][   T46] usb 4-1: SerialNumber: syz
[  204.764190][ T6869] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.301: couldn't read orphan inode 15 (err -117)
[  204.828025][ T6869] EXT4-fs (loop0): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  204.830435][ T6873] loop2: detected capacity change from 0 to 512
[  204.885596][ T6873] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.306: corrupted in-inode xattr: invalid ea_ino
[  204.940764][ T6873] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.306: couldn't read orphan inode 15 (err -117)
[  204.989123][ T6873] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  205.129375][ T6084] EXT4-fs (loop0): unmounting filesystem 00000007-0000-0000-0000-000000000000.
[  205.140730][ T5366] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  205.353689][ T6878] loop0: detected capacity change from 0 to 47
[  205.436368][   T29] audit: type=1800 audit(1722549156.197:11): pid=6878 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.307" name="bus" dev="loop0" ino=8 res=0 errno=0
[  205.471413][ T6878] minix_free_block (loop0:20): bit already cleared
[  205.493081][ T6878] minix_free_block (loop0:21): bit already cleared
[  205.508332][ T6878] minix_free_block (loop0:19): bit already cleared
[  205.585334][ T6866] loop1: detected capacity change from 0 to 32768
[  205.596545][ T6084] MINIX-fs: deleted inode referenced: 9
[  205.611753][ T6084] MINIX-fs: deleted inode referenced: 9
[  205.643149][ T6084] MINIX-fs: deleted inode referenced: 9
[  205.657215][ T6866] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  205.676284][ T6084] MINIX-fs: deleted inode referenced: 9
[  205.893648][ T6889] overlayfs: failed to resolve './file0': -2
[  206.128548][ T6866] XFS (loop1): Ending clean mount
[  206.160273][ T6866] XFS (loop1): Quotacheck needed: Please wait.
[  206.314120][ T6866] XFS (loop1): Quotacheck: Done.
[  206.595404][   T46] cdc_ncm 4-1:1.0: bind() failure
[  207.337915][   T52] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  208.856850][   T46] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[  208.863697][   T46] cdc_ncm 4-1:1.1: bind() failure
[  208.894341][   T46] usb 4-1: USB disconnect, device number 7
[  208.941583][ T5223] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  209.126776][   T52] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  209.308060][   T52] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  210.420582][   T52] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  210.547267][ T6901] loop3: detected capacity change from 0 to 1764
[  210.596641][ T6901] iso9660: Unknown parameter 'oession'
[  210.646680][ T6907] loop4: detected capacity change from 0 to 47
[  210.676055][ T6893] loop2: detected capacity change from 0 to 32768
[  210.750598][ T6893] XFS (loop2): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  210.773874][ T6913] loop3: detected capacity change from 0 to 512
[  210.830494][ T6907] minix_free_block (loop4:20): bit already cleared
[  210.831014][   T29] audit: type=1800 audit(1722549161.577:12): pid=6907 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.319" name="bus" dev="loop4" ino=8 res=0 errno=0
[  210.889340][ T6907] minix_free_block (loop4:21): bit already cleared
[  210.896117][ T6907] minix_free_block (loop4:19): bit already cleared
[  210.958347][ T5922] MINIX-fs: deleted inode referenced: 9
[  210.971513][ T5922] MINIX-fs: deleted inode referenced: 9
[  210.985179][ T5922] MINIX-fs: deleted inode referenced: 9
[  210.999697][ T5922] MINIX-fs: deleted inode referenced: 9
[  211.012209][ T6913] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.317: corrupted in-inode xattr: invalid ea_ino
[  211.035630][ T6913] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.317: couldn't read orphan inode 15 (err -117)
[  211.075701][ T6913] EXT4-fs (loop3): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  211.076122][   T52] bridge_slave_1: left allmulticast mode
[  211.124544][   T52] bridge_slave_1: left promiscuous mode
[  211.142152][ T6893] XFS (loop2): Ending clean mount
[  211.144733][   T52] bridge0: port 2(bridge_slave_1) entered disabled state
[  211.217884][ T5238] XFS (loop2): Metadata CRC error detected at xfs_agfl_read_verify+0x160/0x230, xfs_agfl block 0x3 
[  211.248793][   T52] bridge_slave_0: left allmulticast mode
[  211.278531][ T5238] XFS (loop2): Unmount and run xfs_repair
[  211.288961][   T52] bridge_slave_0: left promiscuous mode
[  211.308113][ T5238] XFS (loop2): First 128 bytes of corrupted metadata buffer:
[  211.319576][   T52] bridge0: port 1(bridge_slave_0) entered disabled state
[  211.350365][ T5238] 00000000: 58 41 46 4c 00 00 00 00 00 00 00 00 00 00 80 86  XAFL............
[  211.393591][ T5238] 00000010: af d4 a8 f7 47 a7 4b ab 00 00 00 00 00 00 00 00  ....G.K.........
[  211.418024][ T5235] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  211.426956][ T5238] 00000020: 5e fe 9e 73 ff ff ff ff 00 00 02 0a 00 00 02 0b  ^..s............
[  211.436350][ T5235] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  211.455050][ T5235] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  211.469500][ T5235] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  211.477527][ T5235] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  211.484904][ T5235] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  211.509993][ T5238] 00000030: 00 00 02 0c 00 00 02 0d 00 00 02 0e 00 00 02 0f  ................
[  211.543157][ T5225] EXT4-fs (loop3): unmounting filesystem 00000007-0000-0000-0000-000000000000.
[  211.552467][ T5238] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  211.602357][ T5238] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  211.627140][ T5238] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  211.644279][ T5238] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  211.654229][ T6893] XFS (loop2): metadata I/O error in "xfs_alloc_read_agfl+0x273/0x4c0" at daddr 0x3 len 1 error 74
[  211.723553][ T6893] XFS (loop2): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x663/0xad0 (fs/xfs/xfs_trans_buf.c:296).  Shutting down filesystem.
[  211.763815][ T6893] XFS (loop2): Please unmount the filesystem and rectify the problem(s)
[  211.786242][   T29] audit: type=1804 audit(1722549162.547:13): pid=6934 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.314" name="/newroot/54/file0/bus" dev="loop2" ino=1065 res=1 errno=0
[  212.305621][ T6595] XFS (loop2): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  212.466795][ T6940] loop3: detected capacity change from 0 to 32768
[  212.475658][ T6940] jfs: Unrecognized mount option "gid=0x0000000000000000" or missing value
[  212.597928][   T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  212.626026][   T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  212.649890][   T52] bond0 (unregistering): Released all slaves
[  213.532201][ T5235] Bluetooth: hci2: command tx timeout
[  213.782801][   T52] hsr_slave_0: left promiscuous mode
[  213.831427][   T52] hsr_slave_1: left promiscuous mode
[  213.853322][   T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  213.879263][   T52] batman_adv: batadv0: Removing interface: batadv_slave_0
[  213.916207][   T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  213.923632][   T52] batman_adv: batadv0: Removing interface: batadv_slave_1
[  214.044081][   T52] veth1_macvtap: left promiscuous mode
[  214.074844][   T52] veth0_macvtap: left promiscuous mode
[  214.080543][   T52] veth1_vlan: left promiscuous mode
[  214.124569][   T52] veth0_vlan: left promiscuous mode
[  214.793961][ T5235] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  214.818038][ T5235] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  214.916917][ T5235] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  214.927924][ T5235] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  214.935668][ T5235] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  214.943383][ T5235] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  215.339926][ T6978] netlink: 44 bytes leftover after parsing attributes in process `syz.3.330'.
[  215.491920][ T5240] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  215.497053][ T6982] loop3: detected capacity change from 0 to 47
[  215.506686][ T5240] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  215.514585][ T5240] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  215.524375][ T5240] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  215.544495][ T5240] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  215.554780][ T5240] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  215.604517][ T5235] Bluetooth: hci2: command tx timeout
[  215.610063][   T29] audit: type=1800 audit(1722549166.367:14): pid=6982 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.331" name="bus" dev="loop3" ino=8 res=0 errno=0
[  215.616262][ T6982] minix_free_block (loop3:20): bit already cleared
[  215.654573][ T6982] minix_free_block (loop3:21): bit already cleared
[  215.664534][ T6982] minix_free_block (loop3:19): bit already cleared
[  215.730717][ T5225] MINIX-fs: deleted inode referenced: 9
[  215.739631][ T5225] MINIX-fs: deleted inode referenced: 9
[  215.745766][ T5225] MINIX-fs: deleted inode referenced: 9
[  215.751509][ T5225] MINIX-fs: deleted inode referenced: 9
[  215.856744][ T6986] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  216.396436][   T52] team0 (unregistering): Port device team_slave_1 removed
[  216.527452][   T52] team0 (unregistering): Port device team_slave_0 removed
[  217.054877][ T5235] Bluetooth: hci3: command tx timeout
[  217.594280][ T5235] Bluetooth: hci4: command tx timeout
[  217.674240][ T5235] Bluetooth: hci2: command tx timeout
[  218.738182][ T6925] chnl_net:caif_netlink_parms(): no params data found
[  218.969021][ T6979] chnl_net:caif_netlink_parms(): no params data found
[  219.119565][ T5235] Bluetooth: hci3: command tx timeout
[  219.321319][ T5240] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  219.333473][ T5240] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  219.349092][ T5240] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  219.359142][ T5240] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  219.367944][ T5240] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  219.377621][ T5240] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  219.568636][ T6972] chnl_net:caif_netlink_parms(): no params data found
[  219.674223][ T5240] Bluetooth: hci4: command tx timeout
[  219.676404][   T52] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  219.765768][ T5240] Bluetooth: hci2: command tx timeout
[  219.905888][ T6925] bridge0: port 1(bridge_slave_0) entered blocking state
[  219.924356][ T6925] bridge0: port 1(bridge_slave_0) entered disabled state
[  219.931598][ T6925] bridge_slave_0: entered allmulticast mode
[  219.950398][ T6925] bridge_slave_0: entered promiscuous mode
[  219.960531][ T6925] bridge0: port 2(bridge_slave_1) entered blocking state
[  219.975610][ T6925] bridge0: port 2(bridge_slave_1) entered disabled state
[  219.982795][ T6925] bridge_slave_1: entered allmulticast mode
[  219.996414][ T6925] bridge_slave_1: entered promiscuous mode
[  220.037618][   T52] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  220.106821][ T6979] bridge0: port 1(bridge_slave_0) entered blocking state
[  220.114562][ T6979] bridge0: port 1(bridge_slave_0) entered disabled state
[  220.121754][ T6979] bridge_slave_0: entered allmulticast mode
[  220.137391][ T6979] bridge_slave_0: entered promiscuous mode
[  220.271489][ T7034] netlink: 44 bytes leftover after parsing attributes in process `syz.1.340'.
[  220.296333][   T52] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  220.311739][ T6979] bridge0: port 2(bridge_slave_1) entered blocking state
[  220.319345][ T6979] bridge0: port 2(bridge_slave_1) entered disabled state
[  220.327735][ T6979] bridge_slave_1: entered allmulticast mode
[  220.336551][ T6979] bridge_slave_1: entered promiscuous mode
[  220.354103][ T6925] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  220.471384][   T52] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  220.495066][ T6925] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  220.549590][ T6972] bridge0: port 1(bridge_slave_0) entered blocking state
[  220.567106][ T6972] bridge0: port 1(bridge_slave_0) entered disabled state
[  220.583921][ T6972] bridge_slave_0: entered allmulticast mode
[  220.591893][ T6972] bridge_slave_0: entered promiscuous mode
[  220.608670][ T6972] bridge0: port 2(bridge_slave_1) entered blocking state
[  220.620760][ T6972] bridge0: port 2(bridge_slave_1) entered disabled state
[  220.631222][ T6972] bridge_slave_1: entered allmulticast mode
[  220.652959][ T6972] bridge_slave_1: entered promiscuous mode
[  220.699847][ T6925] team0: Port device team_slave_0 added
[  220.756681][ T6979] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  220.778346][ T6979] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  220.789872][ T6925] team0: Port device team_slave_1 added
[  220.819068][ T6972] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  220.905043][ T6925] batman_adv: batadv0: Adding interface: batadv_slave_0
[  220.912126][ T6925] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  220.966262][ T6925] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  220.980444][ T6925] batman_adv: batadv0: Adding interface: batadv_slave_1
[  220.994186][ T6925] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  221.020566][ T6925] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  221.035597][ T6972] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  221.070238][ T6979] team0: Port device team_slave_0 added
[  221.149507][ T6979] team0: Port device team_slave_1 added
[  221.173045][ T6925] hsr_slave_0: entered promiscuous mode
[  221.182126][ T6925] hsr_slave_1: entered promiscuous mode
[  221.188835][ T6925] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  221.196778][ T5240] Bluetooth: hci3: command tx timeout
[  221.203620][ T6925] Cannot create hsr debugfs directory
[  221.230019][ T6972] team0: Port device team_slave_0 added
[  221.242362][ T6972] team0: Port device team_slave_1 added
[  221.434606][ T5240] Bluetooth: hci1: command tx timeout
[  221.543957][ T6972] batman_adv: batadv0: Adding interface: batadv_slave_0
[  221.563802][ T6972] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  221.642295][ T6972] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  221.754642][ T5240] Bluetooth: hci4: command tx timeout
[  221.764745][ T6972] batman_adv: batadv0: Adding interface: batadv_slave_1
[  221.785747][ T6972] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  221.852890][ T6972] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  221.894748][   T52] bridge_slave_1: left allmulticast mode
[  221.900510][   T52] bridge_slave_1: left promiscuous mode
[  221.909277][   T52] bridge0: port 2(bridge_slave_1) entered disabled state
[  221.921765][   T52] bridge_slave_0: left allmulticast mode
[  221.927913][   T52] bridge_slave_0: left promiscuous mode
[  221.933678][   T52] bridge0: port 1(bridge_slave_0) entered disabled state
[  222.095033][ T5283] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  222.240940][   T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  222.256681][   T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  222.271658][   T52] bond0 (unregistering): Released all slaves
[  222.295752][ T6979] batman_adv: batadv0: Adding interface: batadv_slave_0
[  222.302725][ T6979] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  222.329707][ T6979] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  222.331890][ T5283] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  222.357534][ T7016] chnl_net:caif_netlink_parms(): no params data found
[  222.364918][ T5283] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[  222.393947][ T5283] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  222.404523][ T5283] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  222.412666][ T5283] usb 2-1: SerialNumber: syz
[  222.442504][ T5283] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22
[  222.475120][ T6979] batman_adv: batadv0: Adding interface: batadv_slave_1
[  222.484588][ T6979] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  222.510793][ T6979] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  222.681469][ T6972] hsr_slave_0: entered promiscuous mode
[  222.696120][ T7056] loop1: detected capacity change from 0 to 1764
[  222.702832][ T6972] hsr_slave_1: entered promiscuous mode
[  222.703287][ T7056] iso9660: Bad value for 'gid'
[  222.723624][ T6972] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  222.724177][ T7056] iso9660: Bad value for 'gid'
[  222.731836][ T6972] Cannot create hsr debugfs directory
[  222.799915][ T6979] hsr_slave_0: entered promiscuous mode
[  222.811084][ T6979] hsr_slave_1: entered promiscuous mode
[  222.818072][ T6979] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  222.826090][ T6979] Cannot create hsr debugfs directory
[  222.932555][ T5335] usb 2-1: USB disconnect, device number 11
[  223.050599][   T52] hsr_slave_0: left promiscuous mode
[  223.058402][   T52] hsr_slave_1: left promiscuous mode
[  223.064932][   T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  223.072360][   T52] batman_adv: batadv0: Removing interface: batadv_slave_0
[  223.080765][   T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  223.088236][   T52] batman_adv: batadv0: Removing interface: batadv_slave_1
[  223.110688][   T52] veth1_macvtap: left promiscuous mode
[  223.116509][   T52] veth0_macvtap: left promiscuous mode
[  223.122146][   T52] veth1_vlan: left promiscuous mode
[  223.127633][   T52] veth0_vlan: left promiscuous mode
[  223.276751][ T5240] Bluetooth: hci3: command tx timeout
[  223.461142][    C1] eth0: bad gso: type: 1, size: 1408
[  223.514486][ T5240] Bluetooth: hci1: command tx timeout
[  223.632381][ T7066] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  223.662576][   T52] team0 (unregistering): Port device team_slave_1 removed
[  223.844331][ T5240] Bluetooth: hci4: command tx timeout
[  224.121150][   T52] team0 (unregistering): Port device team_slave_0 removed
[  225.281092][ T7016] bridge0: port 1(bridge_slave_0) entered blocking state
[  225.289237][ T7016] bridge0: port 1(bridge_slave_0) entered disabled state
[  225.297204][ T7016] bridge_slave_0: entered allmulticast mode
[  225.307542][ T7016] bridge_slave_0: entered promiscuous mode
[  225.352865][ T7016] bridge0: port 2(bridge_slave_1) entered blocking state
[  225.362910][ T7016] bridge0: port 2(bridge_slave_1) entered disabled state
[  225.370586][ T7016] bridge_slave_1: entered allmulticast mode
[  225.378288][ T7016] bridge_slave_1: entered promiscuous mode
[  225.595874][ T5240] Bluetooth: hci1: command tx timeout
[  225.617887][ T7016] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  225.671185][ T7016] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  225.825083][ T7082] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  226.963206][ T7016] team0: Port device team_slave_0 added
[  227.252625][ T7016] team0: Port device team_slave_1 added
[  227.452518][ T7016] batman_adv: batadv0: Adding interface: batadv_slave_0
[  227.459736][ T7016] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  227.489248][ T7016] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  227.506660][ T7016] batman_adv: batadv0: Adding interface: batadv_slave_1
[  227.513615][ T7016] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  227.540053][ T7016] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  227.604446][ T7016] hsr_slave_0: entered promiscuous mode
[  227.611575][ T7016] hsr_slave_1: entered promiscuous mode
[  227.624285][ T7016] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  227.631924][ T7016] Cannot create hsr debugfs directory
[  227.674400][ T5240] Bluetooth: hci1: command tx timeout
[  227.721449][ T6925] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  227.732900][ T6925] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  227.773760][ T6925] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  227.800838][ T6925] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  227.990294][ T6925] 8021q: adding VLAN 0 to HW filter on device bond0
[  228.042407][ T6925] 8021q: adding VLAN 0 to HW filter on device team0
[  228.137500][ T5238] bridge0: port 1(bridge_slave_0) entered blocking state
[  228.144705][ T5238] bridge0: port 1(bridge_slave_0) entered forwarding state
[  228.187635][ T5238] bridge0: port 2(bridge_slave_1) entered blocking state
[  228.194849][ T5238] bridge0: port 2(bridge_slave_1) entered forwarding state
[  228.333944][ T6979] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  228.384108][ T6972] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  228.408627][ T6925] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  228.437748][ T6972] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  228.459976][ T6972] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  228.541174][ T6979] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  228.594206][ T6972] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  228.738270][ T6979] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  228.900765][ T6979] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  229.032305][ T6925] 8021q: adding VLAN 0 to HW filter on device batadv0
[  229.148187][ T6972] 8021q: adding VLAN 0 to HW filter on device bond0
[  229.233865][ T6972] 8021q: adding VLAN 0 to HW filter on device team0
[  229.245264][ T6979] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  229.257874][ T6979] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  229.349257][ T7016] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  229.389461][ T6925] veth0_vlan: entered promiscuous mode
[  229.415623][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[  229.422768][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[  229.445975][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[  229.453147][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[  229.481293][ T6979] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  229.496590][ T6979] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  229.522801][ T6925] veth1_vlan: entered promiscuous mode
[  229.617300][ T7016] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  229.763001][ T7016] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  229.880281][ T6925] veth0_macvtap: entered promiscuous mode
[  229.951538][ T7016] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  229.989624][ T6925] veth1_macvtap: entered promiscuous mode
[  230.112968][ T6925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  230.134371][ T6925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  230.167099][ T6925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  230.178203][ T6925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  230.194663][ T6925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  230.213849][ T6925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  230.236256][ T6925] batman_adv: batadv0: Interface activated: batadv_slave_0
[  230.299483][ T6979] 8021q: adding VLAN 0 to HW filter on device bond0
[  230.318139][ T6925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  230.344532][ T6925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  230.364244][ T6925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  230.396597][ T6925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  230.430465][ T6925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  230.454183][ T6925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  230.487535][ T6925] batman_adv: batadv0: Interface activated: batadv_slave_1
[  230.542718][ T6925] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  230.564512][ T6925] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  230.584609][ T6925] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  230.593333][ T6925] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  230.676409][ T6979] 8021q: adding VLAN 0 to HW filter on device team0
[  230.702820][ T7016] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  230.812358][ T7016] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  230.840183][ T5238] bridge0: port 1(bridge_slave_0) entered blocking state
[  230.847411][ T5238] bridge0: port 1(bridge_slave_0) entered forwarding state
[  230.891455][ T7016] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  230.918839][ T7016] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  230.961253][ T5238] bridge0: port 2(bridge_slave_1) entered blocking state
[  230.968483][ T5238] bridge0: port 2(bridge_slave_1) entered forwarding state
[  230.997469][ T6972] 8021q: adding VLAN 0 to HW filter on device batadv0
[  231.111996][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  231.142774][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  231.333636][ T6979] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  231.430906][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  231.459792][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  231.591127][ T7016] 8021q: adding VLAN 0 to HW filter on device bond0
[  231.793492][ T7167] loop0: detected capacity change from 0 to 256
[  231.840089][ T7016] 8021q: adding VLAN 0 to HW filter on device team0
[  231.907370][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[  231.914571][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[  231.969586][ T6972] veth0_vlan: entered promiscuous mode
[  231.991488][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  231.998728][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  232.062679][ T6972] veth1_vlan: entered promiscuous mode
[  232.195133][ T6979] 8021q: adding VLAN 0 to HW filter on device batadv0
[  232.321022][ T6972] veth0_macvtap: entered promiscuous mode
[  232.367187][ T6972] veth1_macvtap: entered promiscuous mode
[  232.476903][ T6979] veth0_vlan: entered promiscuous mode
[  232.521365][ T6979] veth1_vlan: entered promiscuous mode
[  232.577037][ T6972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  232.624788][ T6972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  232.644219][ T6972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  232.666598][ T6972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  232.693214][ T6972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  232.704305][ T7188] fuseblk: Unknown parameter 'use00000000000000000000'
[  232.726246][ T6972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  232.754222][ T6972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  232.781648][ T6972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  232.817173][ T6972] batman_adv: batadv0: Interface activated: batadv_slave_0
[  232.882679][ T6972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  232.914186][ T6972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  232.942898][ T6972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  232.977959][ T6972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  233.014201][ T6972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  233.054381][ T6972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  233.084185][ T6972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  233.121762][ T6972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  233.147126][ T6972] batman_adv: batadv0: Interface activated: batadv_slave_1
[  233.210946][ T6972] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  233.230159][ T6972] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  233.248731][ T6972] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  233.279553][ T6972] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  233.314075][ T6979] veth0_macvtap: entered promiscuous mode
[  233.403819][ T6979] veth1_macvtap: entered promiscuous mode
[  233.431071][ T7016] 8021q: adding VLAN 0 to HW filter on device batadv0
[  233.465895][ T7179] loop1: detected capacity change from 0 to 32768
[  233.549487][ T7179] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  233.566862][ T6979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  233.603797][ T6979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  233.614063][ T6979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  233.626384][ T6979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  233.632536][ T7179] XFS (loop1): Ending clean mount
[  233.636727][ T6979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  233.653297][ T6979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  233.672288][ T6979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  233.676996][ T5282] XFS (loop1): Metadata CRC error detected at xfs_agfl_read_verify+0x160/0x230, xfs_agfl block 0x3 
[  233.698245][ T6979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  233.712654][ T6979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  233.726639][ T5282] XFS (loop1): Unmount and run xfs_repair
[  233.734256][ T5282] XFS (loop1): First 128 bytes of corrupted metadata buffer:
[  233.740648][ T6979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  233.755134][ T6979] batman_adv: batadv0: Interface activated: batadv_slave_0
[  233.770355][ T5282] 00000000: 58 41 46 4c 00 00 00 00 00 00 00 00 00 00 80 86  XAFL............
[  233.772779][ T6979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  233.792384][ T6979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  233.802645][ T6979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  233.807554][ T5282] 00000010: af d4 a8 f7 47 a7 4b ab 00 00 00 00 00 00 00 00  ....G.K.........
[  233.822011][ T6979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  233.822033][ T6979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  233.822051][ T6979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  233.822069][ T6979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  233.822084][ T6979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  233.822097][ T6979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  233.822111][ T6979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  233.823810][ T6979] batman_adv: batadv0: Interface activated: batadv_slave_1
[  233.859465][ T5282] 00000020: 5e fe 9e 73 ff ff ff ff 00 00 02 0a 00 00 02 0b  ^..s............
[  233.965838][   T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  234.003825][   T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  234.043160][ T5282] 00000030: 00 00 02 0c 00 00 02 0d 00 00 02 0e 00 00 02 0f  ................
[  234.043954][ T6979] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  234.074053][ T5282] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  234.092144][ T6979] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  234.101259][ T5282] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  234.110382][ T6979] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  234.119537][ T5282] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  234.128573][ T6979] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  234.137741][ T5282] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  234.291535][ T7179] XFS (loop1): metadata I/O error in "xfs_alloc_read_agfl+0x273/0x4c0" at daddr 0x3 len 1 error 74
[  234.321581][ T7179] XFS (loop1): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x663/0xad0 (fs/xfs/xfs_trans_buf.c:296).  Shutting down filesystem.
[  234.337008][ T7179] XFS (loop1): Please unmount the filesystem and rectify the problem(s)
[  234.383540][ T7016] veth0_vlan: entered promiscuous mode
[  234.406380][    C1] eth0: bad gso: type: 1, size: 1408
[  234.432917][ T5223] XFS (loop1): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  234.477795][  T992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  234.506687][ T7016] veth1_vlan: entered promiscuous mode
[  234.514279][  T992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  234.734513][ T1307] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  234.787282][ T1307] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  234.851879][ T7016] veth0_macvtap: entered promiscuous mode
[  234.915015][ T7016] veth1_macvtap: entered promiscuous mode
[  235.027068][ T7016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  235.053193][ T7016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  235.104270][ T7016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  235.150618][ T7250] netlink: 'syz.1.355': attribute type 10 has an invalid length.
[  235.155338][ T7016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  235.178966][ T7250] netlink: 132 bytes leftover after parsing attributes in process `syz.1.355'.
[  235.193220][ T7016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  235.217993][ T7016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  235.228396][ T7016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  235.257201][ T7016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  235.286065][ T7016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  235.324421][ T7016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  235.351835][ T7016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  235.383980][ T7016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  235.412421][ T7016] batman_adv: batadv0: Interface activated: batadv_slave_0
[  235.433062][ T7016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  235.451657][ T1307] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  235.459738][ T7016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  235.471510][ T1307] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  235.475099][ T7258] loop1: detected capacity change from 0 to 256
[  235.480123][ T7016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  235.500975][ T7016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  235.513964][ T7016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  235.533461][ T7016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  235.553032][ T7016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  235.596562][ T7016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  235.627904][ T7016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  235.663142][ T7016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  235.696634][ T7016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  235.711900][ T7016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  235.734025][ T7016] batman_adv: batadv0: Interface activated: batadv_slave_1
[  235.794460][ T7016] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  235.825225][ T7016] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  235.853713][ T7016] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  235.866518][ T7016] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  236.110939][ T1307] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  236.139947][ T1307] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  236.280993][  T992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  236.302851][  T992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  236.442093][ T7265] fuseblk: Unknown parameter 'use00000000000000000000'
[  237.861989][ T7288] fuseblk: Unknown parameter 'user_id00000000000000000000'
[  238.274814][ T7294] netlink: 'syz.3.366': attribute type 10 has an invalid length.
[  238.326989][ T7294] netlink: 132 bytes leftover after parsing attributes in process `syz.3.366'.
[  238.993429][ T7284] loop1: detected capacity change from 0 to 32768
[  239.189861][ T7284] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  239.314878][ T7310] loop4: detected capacity change from 0 to 256
[  239.512606][ T7284] XFS (loop1): Ending clean mount
[  239.543744][ T5238] XFS (loop1): Metadata CRC error detected at xfs_agfl_read_verify+0x160/0x230, xfs_agfl block 0x3 
[  239.555988][ T5238] XFS (loop1): Unmount and run xfs_repair
[  239.561842][ T5238] XFS (loop1): First 128 bytes of corrupted metadata buffer:
[  239.570420][ T5238] 00000000: 58 41 46 4c 00 00 00 00 00 00 00 00 00 00 80 86  XAFL............
[  239.581233][ T5238] 00000010: af d4 a8 f7 47 a7 4b ab 00 00 00 00 00 00 00 00  ....G.K.........
[  239.606477][ T5238] 00000020: 5e fe 9e 73 ff ff ff ff 00 00 02 0a 00 00 02 0b  ^..s............
[  239.630626][ T5238] 00000030: 00 00 02 0c 00 00 02 0d 00 00 02 0e 00 00 02 0f  ................
[  239.659861][ T5238] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  239.686187][ T5238] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  239.710109][ T5238] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  239.731608][ T5238] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  239.775599][ T7284] XFS (loop1): metadata I/O error in "xfs_alloc_read_agfl+0x273/0x4c0" at daddr 0x3 len 1 error 74
[  239.840137][ T7284] XFS (loop1): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x663/0xad0 (fs/xfs/xfs_trans_buf.c:296).  Shutting down filesystem.
[  240.099049][ T7284] XFS (loop1): Please unmount the filesystem and rectify the problem(s)
[  241.062981][   T35] bridge_slave_1: left allmulticast mode
[  241.070294][ T5223] XFS (loop1): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  241.079935][   T35] bridge_slave_1: left promiscuous mode
[  241.114826][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  241.283582][   T35] bridge_slave_0: left allmulticast mode
[  241.440991][   T35] bridge_slave_0: left promiscuous mode
[  241.645428][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  242.135179][ T7341] netlink: 'syz.2.378': attribute type 10 has an invalid length.
[  242.174538][ T7341] netlink: 132 bytes leftover after parsing attributes in process `syz.2.378'.
[  243.285233][ T7358] loop3: detected capacity change from 0 to 256
[  243.478683][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  243.551481][ T7364] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  243.702656][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  245.144718][   T35] bond0 (unregistering): Released all slaves
[  245.214915][    C1] eth0: bad gso: type: 1, size: 1408
[  246.234229][   T35] hsr_slave_0: left promiscuous mode
[  246.271212][   T35] hsr_slave_1: left promiscuous mode
[  246.312614][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  246.353239][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  246.381144][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  246.403585][ T7388] fuseblk: Bad value for 'fd'
[  246.408397][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  246.514340][   T35] veth1_macvtap: left promiscuous mode
[  246.535161][   T35] veth0_macvtap: left promiscuous mode
[  246.563644][   T35] veth1_vlan: left promiscuous mode
[  246.582644][   T35] veth0_vlan: left promiscuous mode
[  247.461960][ T7403] loop3: detected capacity change from 0 to 2048
[  247.594125][ T7403] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  247.862772][ T7390] loop4: detected capacity change from 0 to 32768
[  247.935418][ T7390] jfs: Unrecognized mount option "gid=0x0000000000000000" or missing value
[  248.119018][ T7418] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  248.184531][ T7399] Falling back ldisc for ptm0.
[  249.152844][    C1] eth0: bad gso: type: 1, size: 1408
[  249.387546][ T7408] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  249.815720][ T7016] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  249.916603][ T7428] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  251.274562][    C0] DEBUG: holding rtnl_mutex for 520 jiffies.
[  251.281129][    C0] task:kworker/u8:2    state:R  running task     stack:19856 pid:35    tgid:35    ppid:2      flags:0x00004000
[  251.292996][    C0] Workqueue: netns cleanup_net
[  251.297847][    C0] Call Trace:
[  251.301147][    C0]  <TASK>
[  251.304106][    C0]  __schedule+0x1800/0x4a60
[  251.308722][    C0]  ? __pfx___schedule+0x10/0x10
[  251.313616][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[  251.318906][    C0]  ? mark_lock+0x9a/0x360
[  251.323300][    C0]  preempt_schedule_irq+0xfb/0x1c0
[  251.328473][    C0]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  251.334267][    C0]  irqentry_exit+0x5e/0x90
[  251.338722][    C0]  asm_sysvec_reschedule_ipi+0x1a/0x20
[  251.344254][    C0] RIP: 0010:synchronize_rcu+0x0/0x360
[  251.349652][    C0] Code: e1 07 80 c1 03 38 c1 0f 8c 97 fe ff ff 4c 89 f7 e8 65 38 81 00 e9 8a fe ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 e4 e0 48
[  251.369335][    C0] RSP: 0018:ffffc90000ab75d8 EFLAGS: 00000206
[  251.375480][    C0] RAX: dffffc0000000000 RBX: 1ffff92000156ec4 RCX: ffffffff94f2f903
[  251.383476][    C0] RDX: 0000777d5931ae01 RSI: ffffffff8c0ae240 RDI: ffffffff8c607c40
[  251.391489][    C0] RBP: ffffc90000ab76b8 R08: ffffffff8142a345 R09: 1ffffffff202faed
[  251.399513][    C0] R10: dffffc0000000000 R11: fffffbfff202faee R12: ffffffff94f1aeb8
[  251.407545][    C0] R13: 1ffff92000156ec0 R14: 0000000000000a02 R15: ffffc90000ab7620
[  251.415590][    C0]  ? __phys_addr+0x105/0x170
[  251.420210][    C0]  lockdep_unregister_key+0x4b7/0x540
[  251.425639][    C0]  ? __pfx_lockdep_unregister_key+0x10/0x10
[  251.431565][    C0]  ? rcu_is_watching+0x15/0xb0
[  251.436382][    C0]  ? qdisc_reset+0x3bf/0x5b0
[  251.441010][    C0]  __qdisc_destroy+0x165/0x410
[  251.445829][    C0]  dev_shutdown+0x357/0x450
[  251.450368][    C0]  unregister_netdevice_many_notify+0x97b/0x1c40
[  251.456763][    C0]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  251.463574][    C0]  ? unregister_netdevice_queue+0x26b/0x370
[  251.469550][    C0]  ? batadv_softif_destroy_netlink+0x1e3/0x270
[  251.475780][    C0]  default_device_exit_batch+0xa0f/0xa90
[  251.481457][    C0]  ? __pfx___might_resched+0x10/0x10
[  251.486825][    C0]  ? __pfx_default_device_exit_batch+0x10/0x10
[  251.493005][    C0]  ? cfg802154_pernet_exit+0xc3/0xe0
[  251.498316][    C0]  ? __pfx_default_device_exit_batch+0x10/0x10
[  251.504509][    C0]  cleanup_net+0x89d/0xcc0
[  251.508971][    C0]  ? __pfx_cleanup_net+0x10/0x10
[  251.513963][    C0]  ? process_scheduled_works+0x945/0x1830
[  251.519758][    C0]  process_scheduled_works+0xa2c/0x1830
[  251.525418][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  251.531422][    C0]  ? assign_work+0x364/0x3d0
[  251.536029][    C0]  worker_thread+0x86d/0xd40
[  251.540627][    C0]  ? __kthread_parkme+0x169/0x1d0
[  251.545666][    C0]  ? __pfx_worker_thread+0x10/0x10
[  251.550780][    C0]  kthread+0x2f0/0x390
[  251.554891][    C0]  ? __pfx_worker_thread+0x10/0x10
[  251.560067][    C0]  ? __pfx_kthread+0x10/0x10
[  251.564771][    C0]  ret_from_fork+0x4b/0x80
[  251.569326][    C0]  ? __pfx_kthread+0x10/0x10
[  251.574026][    C0]  ret_from_fork_asm+0x1a/0x30
[  251.579043][    C0]  </TASK>
[  251.582194][    C0] DEBUG: waiting rtnl_mutex for 526 jiffies.
[  251.588319][    C0] task:kworker/0:4     state:D stack:21520 pid:5282  tgid:5282  ppid:2      flags:0x00004000
[  251.598676][    C0] Workqueue: events linkwatch_event
[  251.603982][    C0] Call Trace:
[  251.607376][    C0]  <TASK>
[  251.610335][    C0]  __schedule+0x1800/0x4a60
[  251.614920][    C0]  ? __pfx___schedule+0x10/0x10
[  251.619827][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  251.625886][    C0]  ? __pfx_lock_release+0x10/0x10
[  251.630950][    C0]  ? kick_pool+0x45c/0x620
[  251.635428][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  251.640656][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[  251.645916][    C0]  ? schedule+0x90/0x320
[  251.650192][    C0]  schedule+0x14b/0x320
[  251.654410][    C0]  schedule_preempt_disabled+0x13/0x30
[  251.659911][    C0]  __mutex_lock+0x6a4/0xd70
[  251.664477][    C0]  ? __mutex_lock+0x527/0xd70
[  251.669193][    C0]  ? linkwatch_event+0xe/0x60
[  251.673909][    C0]  ? __pfx___mutex_lock+0x10/0x10
[  251.679007][    C0]  ? get_rtnl_holder+0x144/0x190
[  251.683982][    C0]  ? process_scheduled_works+0x945/0x1830
[  251.689767][    C0]  linkwatch_event+0xe/0x60
[  251.694436][    C0]  process_scheduled_works+0xa2c/0x1830
[  251.700064][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  251.706136][    C0]  ? assign_work+0x364/0x3d0
[  251.710761][    C0]  worker_thread+0x86d/0xd40
[  251.715420][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  251.721346][    C0]  ? __kthread_parkme+0x169/0x1d0
[  251.726448][    C0]  ? __pfx_worker_thread+0x10/0x10
[  251.731595][    C0]  kthread+0x2f0/0x390
[  251.735711][    C0]  ? __pfx_worker_thread+0x10/0x10
[  251.740854][    C0]  ? __pfx_kthread+0x10/0x10
[  251.745491][    C0]  ret_from_fork+0x4b/0x80
[  251.749943][    C0]  ? __pfx_kthread+0x10/0x10
[  251.754585][    C0]  ret_from_fork_asm+0x1a/0x30
[  251.759401][    C0]  </TASK>
[  251.762445][    C0] 
[  251.762445][    C0] Showing all locks held in the system:
[  251.770197][    C0] 4 locks held by kworker/u8:2/35:
[  251.775733][    C0] 2 locks held by kworker/u8:4/61:
[  251.780913][    C0] 5 locks held by kworker/u8:11/3029:
[  251.786328][    C0] 1 lock held by udevd/4681:
[  251.790933][    C0] 2 locks held by getty/4984:
[  251.795644][    C0]  #0: ffff88802b4e40a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  251.805483][    C0]  #1: ffffc900031232f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10
[  251.815669][    C0] 3 locks held by kworker/0:4/5282:
[  251.820880][    C0]  #0: ffff888015880948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  251.831946][    C0]  #1: ffffc90003fd7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  251.842932][    C0]  #2: ffffffff8fc81d48 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60
[  251.851915][    C0] 4 locks held by syz-executor/6925:
[  251.857201][    C0] 4 locks held by syz-executor/6972:
[  251.862475][    C0] 
[  251.864807][    C0] =============================================
[  251.864807][    C0] 
[  252.298728][ T7448] fuseblk: Bad value for 'fd'
[  252.884165][    C0] DEBUG: holding rtnl_mutex for 681 jiffies.
[  252.890286][    C0] task:kworker/u8:2    state:R  running task     stack:19856 pid:35    tgid:35    ppid:2      flags:0x00004000
[  252.902102][    C0] Workqueue: netns cleanup_net
[  252.906956][    C0] Call Trace:
[  252.910263][    C0]  <TASK>
[  252.913217][    C0]  __schedule+0x1800/0x4a60
[  252.917788][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  252.923802][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  252.930220][    C0]  ? stack_depot_save_flags+0x29/0x830
[  252.935741][    C0]  ? __pfx___schedule+0x10/0x10
[  252.940624][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[  252.945884][    C0]  ? mark_lock+0x9a/0x360
[  252.950254][    C0]  preempt_schedule_irq+0xfb/0x1c0
[  252.955429][    C0]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  252.961189][    C0]  irqentry_exit+0x5e/0x90
[  252.965662][    C0]  asm_sysvec_reschedule_ipi+0x1a/0x20
[  252.971191][    C0] RIP: 0010:synchronize_rcu+0x0/0x360
[  252.976636][    C0] Code: e1 07 80 c1 03 38 c1 0f 8c 97 fe ff ff 4c 89 f7 e8 65 38 81 00 e9 8a fe ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 e4 e0 48
[  252.996298][    C0] RSP: 7620:0000000000000a03 EFLAGS: 1ffff92000156ec0
[  253.003102][    C0] ==================================================================
[  253.011155][    C0] BUG: KASAN: stack-out-of-bounds in __show_regs+0xa6/0x610
[  253.018435][    C0] Read of size 8 at addr ffffc90000ab7578 by task syz.4.407/7439
[  253.026141][    C0] 
[  253.028466][    C0] CPU: 0 UID: 0 PID: 7439 Comm: syz.4.407 Not tainted 6.11.0-rc1-next-20240729-syzkaller #0
[  253.038525][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  253.048576][    C0] Call Trace:
[  253.051849][    C0]  <IRQ>
[  253.054686][    C0]  dump_stack_lvl+0x241/0x360
[  253.059368][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  253.064564][    C0]  ? __pfx__printk+0x10/0x10
[  253.069160][    C0]  ? _printk+0xd5/0x120
[  253.073322][    C0]  print_report+0x169/0x550
[  253.077821][    C0]  ? __virt_addr_valid+0xbd/0x530
[  253.082838][    C0]  ? __show_regs+0xa6/0x610
[  253.087337][    C0]  kasan_report+0x143/0x180
[  253.091832][    C0]  ? show_opcodes+0x148/0x170
[  253.096511][    C0]  ? __show_regs+0xa6/0x610
[  253.101021][    C0]  __show_regs+0xa6/0x610
[  253.105355][    C0]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  253.110985][    C0]  ? wq_watchdog_touch+0xef/0x180
[  253.116008][    C0]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  253.121636][    C0]  show_trace_log_lvl+0x3d4/0x520
[  253.126672][    C0]  ? __pfx_synchronize_rcu+0x10/0x10
[  253.131956][    C0]  sched_show_task+0x506/0x6d0
[  253.136717][    C0]  ? report_rtnl_holders+0x2a5/0x400
[  253.142000][    C0]  ? __pfx__printk+0x10/0x10
[  253.146586][    C0]  ? __pfx_sched_show_task+0x10/0x10
[  253.151868][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  253.157759][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  253.164103][    C0]  report_rtnl_holders+0x327/0x400
[  253.169231][    C0]  call_timer_fn+0x18e/0x650
[  253.173821][    C0]  ? __pfx_report_rtnl_holders+0x10/0x10
[  253.179454][    C0]  ? call_timer_fn+0xc0/0x650
[  253.184132][    C0]  ? __pfx_report_rtnl_holders+0x10/0x10
[  253.189775][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[  253.194887][    C0]  ? __pfx_report_rtnl_holders+0x10/0x10
[  253.200522][    C0]  ? __pfx_report_rtnl_holders+0x10/0x10
[  253.206153][    C0]  ? __pfx_report_rtnl_holders+0x10/0x10
[  253.211784][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  253.216978][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[  253.222177][    C0]  ? __pfx_report_rtnl_holders+0x10/0x10
[  253.227811][    C0]  __run_timer_base+0x66a/0x8e0
[  253.232669][    C0]  ? __pfx___run_timer_base+0x10/0x10
[  253.238056][    C0]  run_timer_softirq+0xb7/0x170
[  253.242903][    C0]  handle_softirqs+0x2c4/0x970
[  253.247675][    C0]  ? __irq_exit_rcu+0xf4/0x1c0
[  253.252444][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  253.257728][    C0]  ? irqtime_account_irq+0xd4/0x1e0
[  253.262928][    C0]  __irq_exit_rcu+0xf4/0x1c0
[  253.267517][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[  253.272715][    C0]  irq_exit_rcu+0x9/0x30
[  253.276952][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  253.282581][    C0]  </IRQ>
[  253.285504][    C0]  <TASK>
[  253.288424][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  253.294401][    C0] RIP: 0010:finish_task_switch+0x1ea/0x870
[  253.300199][    C0] Code: c9 50 e8 39 b8 0b 00 48 83 c4 08 4c 89 f7 e8 dd 38 00 00 0f 1f 44 00 00 4c 89 f7 e8 e0 b8 5f 0a e8 fb 85 37 00 fb 48 8b 5d c0 <48> 8d bb f8 15 00 00 48 89 f8 48 c1 e8 03 49 be 00 00 00 00 00 fc
[  253.319805][    C0] RSP: 0000:ffffc9000374fca8 EFLAGS: 00000286
[  253.325876][    C0] RAX: 3e1b8c438cf29800 RBX: ffff888029a01e00 RCX: ffffffff94f2f903
[  253.333840][    C0] RDX: dffffc0000000000 RSI: ffffffff8c0ad560 RDI: ffffffff8c607c40
[  253.341803][    C0] RBP: ffffc9000374fcf0 R08: ffffffff9017d76f R09: 1ffffffff202faed
[  253.349770][    C0] R10: dffffc0000000000 R11: fffffbfff202faee R12: 1ffff11017247ef3
[  253.357740][    C0] R13: dffffc0000000000 R14: ffff8880b923ea00 R15: ffff8880b923f798
[  253.365713][    C0]  ? finish_task_switch+0x1e5/0x870
[  253.370910][    C0]  __schedule+0x1808/0x4a60
[  253.375421][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  253.381753][    C0]  ? __pfx___schedule+0x10/0x10
[  253.386605][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  253.392585][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  253.398916][    C0]  schedule+0x14b/0x320
[  253.403089][    C0]  irqentry_exit_to_user_mode+0xe7/0x280
[  253.408739][    C0]  asm_sysvec_reschedule_ipi+0x1a/0x20
[  253.414211][    C0] RIP: 0033:0x7fa58de4f44b
[  253.418641][    C0] Code: 83 eb 08 49 8b 04 24 48 8b 0b 31 f6 48 89 dd 4c 89 e7 4c 29 e5 48 89 03 48 89 ea 48 c1 fa 03 e8 9b fa ff ff 48 83 fd 08 7f d5 <48> 83 c4 08 5b 5d 41 5c 41 5d c3 66 2e 0f 1f 84 00 00 00 00 00 48
[  253.438256][    C0] RSP: 002b:00007ffe17ebdc00 EFLAGS: 00000283
[  253.444333][    C0] RAX: 0000000000000078 RBX: 00007fa58d6655c0 RCX: ffffffff81423d45
[  253.452296][    C0] RDX: 0000000000000012 RSI: 00007fa58d665638 RDI: 00007fa58d6655c0
[  253.460259][    C0] RBP: 00007fa58d665550 R08: 00007fa58d6655c0 R09: 00007fa58e0f2000
[  253.468221][    C0] R10: 0000000081cd36d0 R11: 000000000000000d R12: 00007fa58d6655c0
[  253.476184][    C0] R13: 0000000000000012 R14: 00007fa58d601008 R15: ffffffffffffffff
[  253.484155][    C0]  ? fixup_exception+0x85/0x1cc0
[  253.489100][    C0]  </TASK>
[  253.492114][    C0] 
[  253.494433][    C0] The buggy address belongs to the virtual mapping at
[  253.494433][    C0]  [ffffc90000ab0000, ffffc90000ab9000) created by:
[  253.494433][    C0]  copy_process+0x5d1/0x3d90
[  253.512049][    C0] 
[  253.514368][    C0] The buggy address belongs to the physical page:
[  253.520780][    C0] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x186cb
[  253.529540][    C0] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  253.536654][    C0] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  253.545248][    C0] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[  253.553813][    C0] page dumped because: kasan: bad access detected
[  253.560215][    C0] page_owner tracks the page as allocated
[  253.565916][    C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 2, tgid 2 (kthreadd), ts 2652945322, free_ts 0
[  253.583266][    C0]  post_alloc_hook+0x1f3/0x230
[  253.588047][    C0]  get_page_from_freelist+0x2e4c/0x2f10
[  253.593584][    C0]  __alloc_pages_noprof+0x256/0x6c0
[  253.598773][    C0]  alloc_pages_mpol_noprof+0x3e8/0x680
[  253.604227][    C0]  __vmalloc_node_range_noprof+0x971/0x1460
[  253.610114][    C0]  dup_task_struct+0x444/0x8c0
[  253.614875][    C0]  copy_process+0x5d1/0x3d90
[  253.619467][    C0]  kernel_clone+0x226/0x8f0
[  253.623972][    C0]  kernel_thread+0x1bc/0x240
[  253.628578][    C0]  kthreadd+0x60d/0x810
[  253.632740][    C0]  ret_from_fork+0x4b/0x80
[  253.637158][    C0]  ret_from_fork_asm+0x1a/0x30
[  253.641920][    C0] page_owner free stack trace missing
[  253.647274][    C0] 
[  253.649589][    C0] Memory state around the buggy address:
[  253.655210][    C0]  ffffc90000ab7400: f2 f2 00 00 00 00 00 00 f2 f2 f2 f2 00 00 00 00
[  253.663261][    C0]  ffffc90000ab7480: 00 f3 f3 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00
[  253.671311][    C0] >ffffc90000ab7500: 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 00 f3 f3 f3
[  253.679363][    C0]                                                                 ^
[  253.687329][    C0]  ffffc90000ab7580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  253.695378][    C0]  ffffc90000ab7600: f1 f1 f1 f1 00 f2 f2 f2 00 f3 f3 f3 00 00 00 00
[  253.703422][    C0] ==================================================================
[  253.711507][    C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  253.718708][    C0] CPU: 0 UID: 0 PID: 7439 Comm: syz.4.407 Not tainted 6.11.0-rc1-next-20240729-syzkaller #0
[  253.728795][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  253.738906][    C0] Call Trace:
[  253.742202][    C0]  <IRQ>
[  253.745062][    C0]  dump_stack_lvl+0x241/0x360
[  253.749771][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  253.754998][    C0]  ? __pfx__printk+0x10/0x10
[  253.759628][    C0]  ? vscnprintf+0x5d/0x90
[  253.763996][    C0]  panic+0x349/0x870
[  253.767924][    C0]  ? check_panic_on_warn+0x21/0xb0
[  253.773058][    C0]  ? __pfx_panic+0x10/0x10
[  253.777503][    C0]  ? mark_lock+0x9a/0x360
[  253.781861][    C0]  ? _raw_spin_unlock_irqrestore+0xd8/0x140
[  253.787795][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  253.793715][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  253.800113][    C0]  ? print_report+0x502/0x550
[  253.804818][    C0]  check_panic_on_warn+0x86/0xb0
[  253.809788][    C0]  ? __show_regs+0xa6/0x610
[  253.814327][    C0]  end_report+0x77/0x160
[  253.818588][    C0]  kasan_report+0x154/0x180
[  253.823106][    C0]  ? show_opcodes+0x148/0x170
[  253.827812][    C0]  ? __show_regs+0xa6/0x610
[  253.832338][    C0]  __show_regs+0xa6/0x610
[  253.836703][    C0]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  253.842361][    C0]  ? wq_watchdog_touch+0xef/0x180
[  253.847426][    C0]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  253.853084][    C0]  show_trace_log_lvl+0x3d4/0x520
[  253.858147][    C0]  ? __pfx_synchronize_rcu+0x10/0x10
[  253.863458][    C0]  sched_show_task+0x506/0x6d0
[  253.868250][    C0]  ? report_rtnl_holders+0x2a5/0x400
[  253.873569][    C0]  ? __pfx__printk+0x10/0x10
[  253.878192][    C0]  ? __pfx_sched_show_task+0x10/0x10
[  253.883521][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  253.889451][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  253.895819][    C0]  report_rtnl_holders+0x327/0x400
[  253.900961][    C0]  call_timer_fn+0x18e/0x650
[  253.905568][    C0]  ? __pfx_report_rtnl_holders+0x10/0x10
[  253.911224][    C0]  ? call_timer_fn+0xc0/0x650
[  253.915919][    C0]  ? __pfx_report_rtnl_holders+0x10/0x10
[  253.921575][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[  253.926710][    C0]  ? __pfx_report_rtnl_holders+0x10/0x10
[  253.932375][    C0]  ? __pfx_report_rtnl_holders+0x10/0x10
[  253.938046][    C0]  ? __pfx_report_rtnl_holders+0x10/0x10
[  253.943700][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  253.948930][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[  253.954167][    C0]  ? __pfx_report_rtnl_holders+0x10/0x10
[  253.959826][    C0]  __run_timer_base+0x66a/0x8e0
[  253.964721][    C0]  ? __pfx___run_timer_base+0x10/0x10
[  253.970124][    C0]  run_timer_softirq+0xb7/0x170
[  253.974987][    C0]  handle_softirqs+0x2c4/0x970
[  253.979782][    C0]  ? __irq_exit_rcu+0xf4/0x1c0
[  253.984581][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  253.989901][    C0]  ? irqtime_account_irq+0xd4/0x1e0
[  253.995141][    C0]  __irq_exit_rcu+0xf4/0x1c0
[  253.999765][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[  254.005003][    C0]  irq_exit_rcu+0x9/0x30
[  254.009275][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  254.014944][    C0]  </IRQ>
[  254.017889][    C0]  <TASK>
[  254.020834][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  254.026845][    C0] RIP: 0010:finish_task_switch+0x1ea/0x870
[  254.032673][    C0] Code: c9 50 e8 39 b8 0b 00 48 83 c4 08 4c 89 f7 e8 dd 38 00 00 0f 1f 44 00 00 4c 89 f7 e8 e0 b8 5f 0a e8 fb 85 37 00 fb 48 8b 5d c0 <48> 8d bb f8 15 00 00 48 89 f8 48 c1 e8 03 49 be 00 00 00 00 00 fc
[  254.052304][    C0] RSP: 0000:ffffc9000374fca8 EFLAGS: 00000286
[  254.058423][    C0] RAX: 3e1b8c438cf29800 RBX: ffff888029a01e00 RCX: ffffffff94f2f903
[  254.066419][    C0] RDX: dffffc0000000000 RSI: ffffffff8c0ad560 RDI: ffffffff8c607c40
[  254.074407][    C0] RBP: ffffc9000374fcf0 R08: ffffffff9017d76f R09: 1ffffffff202faed
[  254.082396][    C0] R10: dffffc0000000000 R11: fffffbfff202faee R12: 1ffff11017247ef3
[  254.090385][    C0] R13: dffffc0000000000 R14: ffff8880b923ea00 R15: ffff8880b923f798
[  254.098384][    C0]  ? finish_task_switch+0x1e5/0x870
[  254.103610][    C0]  __schedule+0x1808/0x4a60
[  254.108157][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  254.114506][    C0]  ? __pfx___schedule+0x10/0x10
[  254.119365][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  254.125360][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  254.131698][    C0]  schedule+0x14b/0x320
[  254.135861][    C0]  irqentry_exit_to_user_mode+0xe7/0x280
[  254.141507][    C0]  asm_sysvec_reschedule_ipi+0x1a/0x20
[  254.146964][    C0] RIP: 0033:0x7fa58de4f44b
[  254.151379][    C0] Code: 83 eb 08 49 8b 04 24 48 8b 0b 31 f6 48 89 dd 4c 89 e7 4c 29 e5 48 89 03 48 89 ea 48 c1 fa 03 e8 9b fa ff ff 48 83 fd 08 7f d5 <48> 83 c4 08 5b 5d 41 5c 41 5d c3 66 2e 0f 1f 84 00 00 00 00 00 48
[  254.170991][    C0] RSP: 002b:00007ffe17ebdc00 EFLAGS: 00000283
[  254.177068][    C0] RAX: 0000000000000078 RBX: 00007fa58d6655c0 RCX: ffffffff81423d45
[  254.185042][    C0] RDX: 0000000000000012 RSI: 00007fa58d665638 RDI: 00007fa58d6655c0
[  254.193011][    C0] RBP: 00007fa58d665550 R08: 00007fa58d6655c0 R09: 00007fa58e0f2000
[  254.200984][    C0] R10: 0000000081cd36d0 R11: 000000000000000d R12: 00007fa58d6655c0
[  254.208956][    C0] R13: 0000000000000012 R14: 00007fa58d601008 R15: ffffffffffffffff
[  254.216938][    C0]  ? fixup_exception+0x85/0x1cc0
[  254.221888][    C0]  </TASK>
[  254.225251][    C0] Kernel Offset: disabled
[  254.229576][    C0] Rebooting in 86400 seconds..