last executing test programs: 12.864486211s ago: executing program 0 (id=371): setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040)={0x0, 0x0}, 0x10) socket$inet_udp(0x2, 0x2, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r0 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r0, &(0x7f00000006c0)={0x18, 0x2, {0x0, @local}}, 0x1e) connect$pptp(r0, &(0x7f0000000900)={0x18, 0x2, {0x0, @loopback}}, 0x1e) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0}, 0x90) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246) r3 = dup(r2) ioctl$PPPIOCCONNECT(r3, 0x40047435, &(0x7f00000002c0)=0x2) 11.675277521s ago: executing program 2 (id=373): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = fanotify_init(0x0, 0x0) readv(r1, &(0x7f00000003c0)=[{&(0x7f0000000480)=""/4096, 0x34}], 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x45830800000}, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) 11.521092749s ago: executing program 0 (id=375): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000180), r1) sendmsg$NFC_CMD_GET_TARGET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r2, 0x1}, 0x14}}, 0x0) sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c020000", @ANYRES16=0x0, @ANYBLOB="0000000000000000000005000000e00005800c00028008000100000000000c00028000000100000000004c00028008000100000000000800010000000000080003000000000008000200000000000000020000000000080004000000000000000400000000000800040000000000080001"], 0x23c}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000740), r1) r3 = syz_genetlink_get_family_id$nbd(0x0, r1) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="c0000000", @ANYRES16=r3, @ANYBLOB="010028bd7000fddbdf25040000000d000a0000000030323135340000000008"], 0xc0}}, 0x0) 10.82047068s ago: executing program 0 (id=376): r0 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)) ioctl$HIDIOCGSTRING(0xffffffffffffffff, 0x81044804, &(0x7f0000000900)={0x7b, "f476e5039341860673224631133405f2692479708e63e65ef34de87a21e6af61af77e798b12f18650095260d7b31c61c00ce57e30e09c3d5f65a58af7f65b95e0ee6500085c41b48f511e82be2f26ae26ea0a3c6403fb1e33a3b91c016a9e1f32de266bc171d65b39ab083705a8c970126964db5f3ba33186d46eb"}) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fanotify_init(0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000800009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) dup(0xffffffffffffffff) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000080)={0x3ff}, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000100000500010001"], 0x24}}, 0x0) sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="20000000010401010000000000000000000000000a0002"], 0x20}}, 0x0) ioprio_set$pid(0x1, 0x0, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x20000023896) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x25) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)={0x40, 0x3a, 0x9, 0x0, 0x0, {0x1}, [@typed={0x4}, @nested={0x8, 0x2, 0x0, 0x1, [@generic="9dfa5f8a"]}, @typed={0xc, 0x3, 0x0, 0x0, @u64}, @typed={0x14, 0x5, 0x0, 0x0, @ipv6=@private1}]}, 0x40}}, 0x0) 10.639604086s ago: executing program 2 (id=378): mq_open(0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000180), r2) sendmsg$NFC_CMD_GET_TARGET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r3, 0x1}, 0x14}}, 0x0) sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c020000", @ANYRES16=0x0, @ANYBLOB="0000000000000000000005000000e00005800c00028008000100000000000c00028000000100000000004c00028008000100000000000800010000000000080003000000000008000200000000000000020000000000080004000000000000000400000000000800040000000000080001"], 0x23c}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000740), r2) r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), r2) sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="c0000000", @ANYRES16=r4, @ANYBLOB="010028bd7000fddbdf25040000000d000a0000000030323135340000000008"], 0xc0}}, 0x0) 10.341941752s ago: executing program 2 (id=380): r0 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) ioctl$HIDIOCGSTRING(0xffffffffffffffff, 0x81044804, &(0x7f0000000900)={0x7b, "f476e5039341860673224631133405f2692479708e63e65ef34de87a21e6af61af77e798b12f18650095260d7b31c61c00ce57e30e09c3d5f65a58af7f65b95e0ee6500085c41b48f511e82be2f26ae26ea0a3c6403fb1e33a3b91c016a9e1f32de266bc171d65b39ab083705a8c970126964db5f3ba33186d46eb"}) r1 = getpid() sched_setscheduler(r1, 0x0, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fanotify_init(0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000800009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) dup(0xffffffffffffffff) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000080)={0x3ff}, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000100000500010001"], 0x24}}, 0x0) sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="20000000010401010000000000000000000000000a0002"], 0x20}}, 0x0) ioprio_set$pid(0x1, 0x0, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x20000023896) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x25) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)={0x40, 0x3a, 0x9, 0x0, 0x0, {0x1}, [@typed={0x4}, @nested={0x8, 0x2, 0x0, 0x1, [@generic="9dfa5f8a"]}, @typed={0xc, 0x3, 0x0, 0x0, @u64}, @typed={0x14, 0x5, 0x0, 0x0, @ipv6=@private1}]}, 0x40}}, 0x0) 9.547096946s ago: executing program 3 (id=382): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) request_key(0x0, 0x0, 0x0, 0xffffffffffffffff) open(0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000000)='./file0\x00', 0x2a08095, &(0x7f00000024c0)=ANY=[], 0x0, 0x2b0, &(0x7f00000017c0)="$eJzs3MFrI1UYAPAvm3Y3XZD0sLIo4o548VTaFe8p0sJqQFGCKB4sbhYlUxc2UEgO2+zJf0LxP9CjBy+CB/HiwX9ABKmCF/cmIow0M8kmu0kTXZJI/f0ueX3v+9775k3oDKW89545bN283b51//5JVJ4txVotavFnxGZciHLkegEAnCd/ZFn8nuVWXQsAsByP9/wvLaIkAGDB5nz+v55/HC+rLABggfz9HwD+f958+51Xd+v1vTeSpBJx+PFR46jR/9woAm7Fh5FGM7ajGn9FFK8KXxWj2f6N+t52cuqXzWgcHhf5x0eN/L8Hdwf5O1GNzWF+/20jy7Jr+zdKeztJbjx/PS4X+T9ejmZcj2pceSS/v/71ifkX44XnR9bfimr88H7cjjRunhY+kn93J0lefq2exFqM5F/qx/VtDLerPLJ1r1x5sracmwQAAAAAAAAAAAAAAAAAAAAAwLmzlQxNPL9na2vaeJ6/O/l8oCzLojI4X2d74vk8a/H02mqvHQAAAAAAAAAAAAAAAAAAAP4r2p1u6yBdz3/opWnzTt4z1vjou8+/mTL0oHHyfe+tWTHdVqlY96yY5TSeeO7nT6bH3CsN9ycuTIkpPdRTi/GYcjHHPyzs62sP9bxbnmOeUm/SUOU07UFPpdj92WWUZ5T67ckHT73YvvrS5JhyPM7d2fh393T9rK/Wb9W4VIyPD92bOmGx6zFr9S9W+jUeXPXM4Kuf1g6+vPvTr/POvOBfPAAAAAAAAAAAAAAAAAAAwCPanW6rsuoiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDF2p1u6yBNmxej0/0s0rR5Z9BzZmN/jphhY9XXCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfwcAAP//27d+8A==") getpid() r3 = socket$nl_netfilter(0x10, 0x3, 0xc) splice(r3, 0x0, 0xffffffffffffffff, 0x0, 0x6, 0x0) writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000000)='5', 0xfdef}], 0x1) writev(0xffffffffffffffff, &(0x7f00000013c0)=[{&(0x7f00000001c0)="f3", 0x1}], 0x1) dup3(r3, 0xffffffffffffffff, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)={0x14, 0x2, 0x6, 0x301}, 0x14}}, 0x0) 7.418528235s ago: executing program 3 (id=385): setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040)={0x0, 0x0}, 0x10) socket$inet_udp(0x2, 0x2, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r0 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r0, &(0x7f00000006c0)={0x18, 0x2, {0x0, @local}}, 0x1e) connect$pptp(r0, &(0x7f0000000900)={0x18, 0x2, {0x0, @loopback}}, 0x1e) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0}, 0x90) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246) r3 = dup(r2) ioctl$PPPIOCCONNECT(r3, 0x40047435, &(0x7f00000002c0)=0x2) 7.261427356s ago: executing program 4 (id=386): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000180), r1) sendmsg$NFC_CMD_GET_TARGET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r2, 0x1}, 0x14}}, 0x0) sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c020000", @ANYRES16=0x0, @ANYBLOB="0000000000000000000005000000e00005800c00028008000100000000000c00028000000100000000004c00028008000100000000000800010000000000080003000000000008000200000000000000020000000000080004000000000000000400000000000800040000000000080001"], 0x23c}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000740), r1) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="c0000000", @ANYRES16=r3, @ANYBLOB="010028bd7000fddbdf25040000000d000a0000000030323135340000000008"], 0xc0}}, 0x0) 6.997595802s ago: executing program 4 (id=387): socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_sctp(0xa, 0x0, 0x84) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x26e1, 0x0) close(r1) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xa, 0x4, 0x8, 0x8}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000001bc0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001500), &(0x7f0000001400), 0x1006, r1}, 0x38) 6.991971501s ago: executing program 3 (id=388): sendmsg$IEEE802154_ADD_IFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x14}, 0x14}}, 0x0) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3") ptrace$getregset(0x4205, r0, 0x200, &(0x7f0000000480)={&(0x7f00000000c0)=""/112, 0x70}) 6.738018794s ago: executing program 3 (id=389): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = fanotify_init(0x0, 0x0) readv(r1, &(0x7f00000003c0)=[{&(0x7f0000000480)=""/4096, 0x34}], 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x45830800000}, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) 6.511847465s ago: executing program 4 (id=390): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d00000018", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000004000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='kfree\x00', r1}, 0x10) r2 = socket$netlink(0x10, 0x3, 0x6) writev(r2, &(0x7f00000001c0)=[{&(0x7f0000000000)="480000001500190a20ffff7fffffff5602113e850e1de0974881030491720000de213ee23ffbf510040041feff5aff2b0000000000000700"/68, 0x44}, {&(0x7f0000000080)="c1130389", 0x4}], 0x2) 6.386294109s ago: executing program 0 (id=391): mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuseblk(&(0x7f0000002440), &(0x7f0000002480)='./file0\x00', &(0x7f00000024c0), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYBLOB=',rootmode=00000000000000000020000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',max_read=0x0']) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00') read$FUSE(r0, &(0x7f0000002140)={0x2020}, 0x2100) 6.20642105s ago: executing program 4 (id=392): syz_mount_image$jfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x210004, &(0x7f00000003c0)=ANY=[@ANYBLOB='usrquota,errors=continue,nodiscard,uid=', @ANYRESHEX=0x0, @ANYBLOB=',quota,iocharset=iso8859-9,usrquota,usrquota,gid=', @ANYRESHEX=0x0, @ANYBLOB="170069ecc37729febff5915fd3d800daf1fe547bc0f9457a2b2edc04b9eb4745c49b6e47107e7d01efed603ebb468b0d26081843497e16d50714d853ae7b0b93ace02241330e6bbb3e8aba2688e3bf25b261ca1ffa61a7777f3bc2f471f9ba4c0b435921e32b595a7bf1f9ec58a368b657056dbe56650770985d6636efa46b2d69d4cdbff4167eb5b8e45b2989d078d2e9ed625bf9183b6cfed11a2d0c2db272da9d8278a4000000000000000000000000670e0ecce384b440b5b4aa47ac1215fb8f5824be26ded840085b10b87f83053a6ec123c9b9bc4855aa103b69cad5793ab93e9892779366d2c89d038edd21443a91705e56704204d86104c270745681eb7bd414b4ff6ba5f6f672f5dcff3da3b2d4742f4e39825df3e9e1"], 0x3, 0x62b5, &(0x7f00000069c0)="$eJzs3UuPHFfZB/Cn+jYXv3GsLKK8FkKTxFxCiK/BGAIkWcCCDQvkLbI1mUQWDiDbICey8ESzYcGHACGxRIglKz5AFmzZ8QGwZCOBskqhmjlnXNPpdo/Hma4en99Pmql6+lRNn/K/qy+uqj4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMQPf/Djc1VEXPlVuuFExP9FP6IXsdLUaxGxsnYiLz+IiBdiuzmej4jhUkSz/vavZyNej4iPj0fcf3Bnvbn5/D778f0//+MPPzn2o7//aXjmv3+51X9j2nK3b//2P3+9+2TbDAAAAKWp67qu0sf8k+nzfa/rTgEAc5Ff/+sk365euHpzwfqjVqvV6iNYt9WT3W0XEbHZXqd5z+BwPAAcMZvxSdddoEPyL9ogIo513QlgoVVdd4BDcf/BnfUq5Vu1Xw/WdtrzuSB78t+sdq/vmDadZfwck3k9vraiH89N6c/KnPqwSHL+vfH8r+y0j9Jyh53/vEzLf7Rz6VNxcv798fzHpPyXt38f6fx7E/MvVc5/sL/8d2z25Q8AAAAAAAss////iY6P/y4dpPMHOIjwqOO/awfpAwAAAAAAAAAsgCcd/2+X8f8AAABgYTWf1Ru/O/7wtmnfxdbcfrmKeGZseaAw6WKZ1a77AQAAAAAAAAAAAAAlGeycw3u5ihhGxDOrq3VdNz9t4/XjetL1j7rStx9K1vWTPAAA7Pj4+Ni1/FXEckRcTt/1N1xdXa3r5ZXVerVeWcrvZ0dLy/VK63Ntnja3LY328YZ4MKqbP7bcWq9t1uflWe3jf6+5r1Hd30fH5qPDwAEgInZeje57RXrK1PWz0fW7HI4G+//Tx/7PfnT9OAUAAAAOX13XdZW+zvtkOubf67pTAMBc5Nf/8eMCarVarVarn766rZ7sbruIiM32Os17BsPxA8ARsxmfdN0FOiT/og0i4oWuOwEstKrrDnAo7j+4s16lfKv260Ea3z2fC7In/81qe728/qTpLOPnmMzr8bUV/XhuSn+en1MfFknOvzee/5Wd9lFa7qD5T8u1q3OMpuXfbOeJDvrTtZx/fzz/MYe9/8/LVvQm5l+qnP/gsfLvyx8AAAAAABZY/v//Ewt1/Hd00M2Z6VHHf9cO7V4BAAAAAAAA4HDdf3BnPV/3mo//f2HCcq7/fDrl/Cv5Fynn3xvL/6tjy/Vb8/fefpj/vx/cWf/jrX/9f57uN/+lPFOlR1aVHhFVuqdqkKZPsnWftTXsj5p7Gla9fnMPa7t//3psxNk9y/bSv0c9fDeubbef29Pe9HS43V73d9rP72kf7Lbn9S/saR+mM53qldx+Otbj53E93tlub9qWZmz/8oz2ekZ7zr9v/y9Szn/Q+mnyX03t1di0ce+j3mf2+/Z00v28de2Lvzl7+Jsz01b0d7etrdm+lzroz/a/ybFR/PLmxo3Tt6/eunXjXKTJnlvPR5p8znL+w/Sz+/z/8k57ft5v76/3Pho9dv6LYisGU/N/uTXfbO8rc+5bF3L+o/ST838ntU/e/49y/tP3/1c76A8AAAAAAAAAAAAAAAA8Sl3X25eIvhURF9P1P11dmwkAzFd+/a+TfPu86v6c70+tPuJ1tWD9mWv9ab1Y/VGrj2LdVk/2ZruIiL+112neM/x60h8DABbZpxHxz647QWfkX7D8fX/N9NSeb/kFnnY3P/jwp1evX9+4cbPrngAAAAAAAAAAB5XH/1xrjf98qq7ru2PL7Rn/9e1Ye9LxPwd5ZneA0SkDVX/OpyRt9Ub9Xmu48RejPT53e4Ti4e7co8b/Hsy4v+GM9tGM9qUZ7csz2ide6NGS83+xNd75qYg4OTb8egnjv46PeV+CnP9Lrcdzk/9XxpZr51///ijn39uT/5lb7//izM0PPnzt2vtX39t4b+NnF86dO3vh4sVLly6deffa9Y2zO7877PHhyvnnsa9z/pQh558zl39Zcv5fSrX8y5Lz/3Kq5V+WnH9+vyf/suT882cf+Zcl5/9KquVflpz/11It/7Lk/F9NtfzLkvP/eqrlX5ac/2upln9Zcv6nUy3/suT8z6R6n/mvHHa/mI+cfz7CZf8vS84/n9kg/7Lk/M+nWv5lyflfSLX8y5Lzfz3V8i9Lzv8bqZZ/WXL+F1Mt/7Lk/L+ZavmXJed/KdXyL0vO/1upln9Zcv7fTrX8y5LzfyPV8i9Lzv87qZZ/WXL+3021/MuS8/9equVflpz/m6mWf1kefv//os7kS+wXpT9mzJQw0/UzEwAAAAAAAAAAAAAwbh6nE3e9jQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwP3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhb27jZHjru8APvfoswOJgZA6qSEXx4SQOLmznfiBNsWEx4anEgiFPmC7vrM5cGzHZ5dAI9lRoETCqAjRNrxoCwi1kaoKq+IFrQDlBWpVqRK0L+gbRIWK1KgKKCBVaivIVTvz//9vd29u9863d96d+Xwk++fbnZ35z+x/5/Z35+8OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADS75Q2znxrKsqzxJ/9ra5a9qPHvzZNb89tee7VHCAAAAKzVL/K/n78u3XBoBQ9qWuYfX/mdry0sLCxk7x/547HPLyykOyazbGxTluX3RZd/+IGh5mWCJ7KJoeGmr4e7bH6ky/2jXe4f63L/eJf7N3W5f6LL/UsOwBKbi5/H5Cvbmf9za3FIs+uzsfy+nSWPemJo0/Bw/FlObih/zMLY8WwuO5nNZtMtyxfLDuXLf+OWxrbemsVtDTdta3tjhvz0sWNxDEPhGO9s2dbiOqMfvz6b/NlPHzv2l+eeu7Gsdj0MLesrxnn7jsY4PxFuKcY6lG1KxySOc7hpnNtLnpORlnEO5Y9r/Lt9nM+vcJwji8PcUO3P+UQ2nP/7u/lxGm3+sV46TtvDbf9za5ZlFxeH3b7Mkm1lw9mWlluGF5+fiWJGNtbRmEovzUZXNU9vWcE8bdSZna3ztP01EZ//W8LjRpcZQ/PT9OPHx5ue958vXMk8jRp7vdxrpX0O9vq10i9zMM6L7+Y7/WTpHNwZ9v+x25afg6Vzp2QOpv1umoM7us3B4fGRfMzpSRjKH7M4B3e3LD+Sb2kor8/e1nkOTp17+MzU/Mc+ftfcw0dPzJ6YPbV39+7pvfv2HThwYOr43MnZ6eLvKzza/W9LNpxeAzvCsYuvgVe3Lds8VRe+NL7k/Hulr8OJDq/DrW3L9vp1ONq+c0Mb84JcOqeL18Z7Gwd94tJwtsxrLH9+7lj76zDtd9PrcLTpdVj6PaXkdTi6gtdhY5kzd6zsPcto05+yMSz/vWBtc3Br0xxsfz/SPgd7/X6kX+bgRJgX379j+e8F28N4n9y12vcjI0vmYNrdcO5p3JLe708cyEvZvLypccc149n5+dmzdz969Ny5s7uzUDbEy5rmSvt83dK0T9mS+Tq86vl6aO6VT95UcvvWcKwm7mr8NbHsc9VY5p67Oz9X+Xe38uPZcuueLJQe2+jjWfbdvHE8x7PsC99+/MFvPvaFNyx7PBv95iem1v5ePPWlTeffsWXOv7Hvf6HYXlrVEyNjo8XrdyQdnbGW83HrUzWan7uG8m0/P7Wy8/FY+LPR5+PrO5yPt7Ut2+vz8Vj7zsXz8VC3n3asTfvzORHmycnpzufjxjLb9qx2To52PB/fGupQOP6vCZ1C6oua5s5y8zZta3R0LOzXaNxC6zzd27L8WOjNGtt6es+VzdPbby3WNZL2btFGzdPJtmV7PU/Tz76Wm6dD3X76dmXan8+JMC+u39t5njaWeeaetZ87N8d/Np07x7vNwbGR8caYx9IkzM/32cLmOAfvzo5lp7OT2Ux+73g+n4bybe26d2VzcDz82ehz5bYOc/D2tmV7PQfT97Hl5t7Q6NKd74H253MizIun7u08BxvLvHF/b9+73h5uScs0vXdt//nacj/zuqntMK3XXBkN4/z2/s4/m20sc/LAavvMzsfpznDLNSXHqf31u9xraibbmOO0LYzzuQPLH6fGeBrLfP7gCufToSzLLjxyf/7z3vD7lb89/72vtfzepex3Ohceuf8nLz7+D6sZPwCD74WibCm+1zX9Zmolv/8HAAAABkLs+4dDTfT/AAAAUBmx74//KzzR/wMAAEBlxL5/NNSkJv3/tjc+N/fChSwl8xeCeH86DA8Uy8WM63T4enJhUeP2+78y+99/f2Fl2x7OsuznD/xB6fLbHojjKkyGcV5+U+vtS3ztrhVt+8hDF9J2m/PrXwzrj/uz0mlQFsGdzrLsG9d9Jt/O5Acu5fWZB47k9cGLTz7RWOb5g8XX8fHPvqxY/s9C+PfQ8aMtj382HIcfhTr9tvLjER/31Uuv2b7/fYvbi48b2nFtvttPfbBYb/ycnM8+USwfj/Ny4//mp5/+amP5R19VPv4Lw+Xjfzqs9yuh/u8riuWbn4PG1/Fxnwzjb2yvMUPj4+7+8rdKx3/5U8XyZ95cLHck1Lj928PXO9/83Fzz8Xp06GjLfmVvKZaL25/+3h/l98f1xfW3j3/i8KWW49E+P57512I9U23Lx9vjdqK/a9t+Yz3N8zNu/+k/PNJynLtt//KDz76isd727d/ZttyZR+7It7+4vtZPbPrzT36mdHtxPIf+5kzL/hx6d3gdh+0/9cEwH8P9/3e5WF/7pysceXfr+Scu/8WtF1r2J3rrz4rtX37dibxumti85ZoXvfjaizc3jl2WfXdTsb5u2z/xF6dbxv+lG4rjEe+PGf327S8nbv/sR3edOj1/fm4mHdXHrss/O+ftxXjieK8L59b2rw+fPveh2bOT05PTWTZZ3Y/Qu2JfDvUnRbnYeemFJWfQOx4Kz+dNf/qNLbf9y6fj7f/23uL2S28rvm+9Oiz32XD71vD8rW77Sz11yw3563vomTDChaWfF7wW23f+14EVLRj2v/19QZzvZ17+ofw4NO7Lv2/E1/Uax/+DmWI9Xw/HdSF8MvOOGxa317x8/GyES+8pXu9rPn7hNBef178Kz/c7flSsP44r7u8PwvuYb21rPd/F+fH1C8Pt688/xeNiOJ9kF4v741LxeF96/obS4cXPIcku3ph//bm0nhtXtZvLmf/Y/NTJuVPnH506Nzt/bmr+Yx8//PDp86fOHc4/y/Pwh7s9fvH8tCU/P83M7rsny89Wp4uyzq72+M88dGxm//RtM7PHj54/fu6hM7NnTxybnz82OzN/29Hjx2c/2u3xczP37d5zcO/+PbtOzM3cd+Dgwb0Hd82dOt0YRjGoLvZNf2TXqbOH84fM33fPwd333nvP9K6HT8/M3rd/enrX+W6Pz7837Wo8+vd3nZ09efTc3MOzu+bnPj573+6D+/bt6fppgA+fOT4/OXX2/Kmp8/OzZ6eKfZk8l9/c+N7X7fFU0/y/F+9n2w0VH8SXvevOfenzWRu+8viyqyoWafsA0efCZ9H800vOHFjJ17HvHws1qUn/DwAAAHUQ+/7xUBP9PwAAAFRG7Ps3hZro/wEAAKAyYt8/EWpSk/6/cvn/bRdWtH35/8HL/2fy//L/bftzxfn/9/Rb/r84X8j/98Za8/fy/4H8v/y//L/8v/w/PdBv+f/Y92/Oslr2/wAAAFAHse/fEmqi/wcAAIDKiH3/NaEm+n8AAACojNj3vyjUpCb9v/y//L/8v/y//H/59leR/9+UrYD8/8aQ/++s5vn/4a4DkP+fyuqV/7/Yy/HXN/9f9FDy/5Tpt/x/7PtfHGpSk/4fAAAAKuU/y2+Off+1oSb6fwAAAKiM2PdfF2qi/wcAAIDKiH3/1lCTmvT/8v/y//L/8v/y/+Xbd/3/wST/31nN8//dyf+7/r/8v+v/01P9lv+Pff9LQk1q0v8DAABAHcS+/6WhJvp/AAAA6D+jV/aw2Pe/LNRkSf9/hRsAAAAArrrY91+ftQXBa/L7f/l/+X/5f/l/+f/y7a88/z+Syf/3D/n/zuT/u5D/l/+X/5f/p6f6Lf+f9/3ZRPbyUJOa9P8AAABQB7HvvyHURP8PAAAAlRH7/l8KNdH/AwAAQGXEvn9bqElN+n/5/0rm/xtPk/y//P+y269A/j8/WfdP/n9dr/8/GwKb8v8rJP/fmfx/F/L/8v/y//L/9FS/5f9j339jqElN+n8AAACog9j33xRqov8HAACAyoh9/y+Hmuj/AQAAoDJi37891KQm/b/8f5/n/2Ny1PX/5f8X8/+PyP8XapL/d/3/VZL/70z+vwv5f/l/+X/5f3qq3/L/se9/RahJTfp/AAAAqIPY978y1ET/DwAAAJUR+/6bQ030/wAAAFAZse+fDDWpSf8v/9/n+f8ru/6//H+18/+ruv7/zfL/8v81I//fmfx/F/L/8v/y//L/9FS/5f9j339LqElN+n8AAACog9j37wg10f8DAABAZcS+/9ZQE/0/AAAAVEbs+3eGmtSk/5f/l/+X/692/r9s+/L/8v9VJv/fmfx/F/L/8v/y//L/9FS/5f9j3/+qUJOa9P8AAABQB7Hvvy3URP8PAAAAlRH7/leHmuj/AQAAoDJi3397qElN+n/5f/l/+X/5/5rn/y/I/1eL/H9n8v9dyP/3Ij//Dvl/+X/5f6J+y//Hvv81oSY16f8BAACgDmLff0eoif4fAAAAKiP2/XeGmuj/AQAAoDJi378r1KQm/b/8v/y//L/8f83z/67/XzF9kP+fWMv25f/l/yuQ/3f9f/l/+X+Sq5X/z7Ly/H/s++8KNalJ/w8AAAB1EPv+u0NN9P8AAAAwgDaX3hr7/qlQE/0/AAAAVEbs+6dDTWrS/8v/y//L/9c6/39x1fn/mxfXK/9fkP/vL+uW/x/OXP9f/l/+v4tBy/+3/3awP/L/Y/L/VMoV5f+/Wrqqnlz/P/b9u0NNatL/AwAAQB3Evn9PqIn+HwAAACoj9v17Q030/wAAAFAZse+/J9SkJv2//P/G5f9HM/l/+f++y/+7/r/8f+X0wfX/17T9wcv/x12U/5f/H7z8f6/H7/r/8v8sdUX5/3I9yf/Hvv/eUJOa9P8AAABQB7Hv3xdqov8HAACAyoh9//5QE/0/AAAAVEbs+w+EmtSk/5f/d/1/+X/5f/n/8u3L/w8m+f/OXP+/C/l/+X/5f/l/eqrf8v+x7z8YalKT/h8AAADqIPb9rw010f8DAABAZcS+/1dCTfT/AAAAUBmx7//VUJOa9P/y//L/8v/y//L/5duX/x9M8v+dyf93If8v/y//L/9PT/Vb/j/2/feFmtSk/wcAAIA6iH3/r4Wa6P8BAACgMmLf/7pQE/0/AAAAVEbs+w+FmtSk/5f/X2H+f3Pn9cn/t45f/r98fsj/y//L/68/+f/O5P+7kP+X/69g/v9x+X+uon7L/8e+//WhJjXp/wEAAKAOYt9/f6iJ/h8AAAAqI/b9bwg10f8DAABAZcS+/42hJjXp/+X/Xf9f/l/+X/6/fPvy/4NJ/r8z+f8u5P/l/yuY/9+A6/+Phyr/zxIrzf/H91Xrnf+Pff+bQk1q0v8DAABAHcS+/82hJvp/AAAAqIzY978l1ET/DwAAAJUR+/63hprUpP+X/5f/l/+X/5f/L9++/P9gkv/vTP6/C/l/+f8Byf9/r+TxVzH/n3P9f8r02/X/Y9//66EmNen/AQAAoA5i3/9AqIn+HwAAACoj9v1vCzXR/wMAAEBlxL7/7aEmNen/e5f/H5f/byP/L//fPj/k/+X/5f/Xn/x/ZwOW///FteF2+f+C/P86jX/yc8WBH6D8f5nS/P8Pl8v/L2xqf7z8P+uh3/L/se9/R6hJTfp/AAAAqIPY978z1ET/DwAAAJUR+/53hZro/wEAAGDwLRTxgdj3/0aoSU36f9f/b4xjMb28zvn/v5b/l/+X/5f/l/9fX/L/nQ1Y/t/1/9vI//f3+Psy/+/6/1xl/Zb/j33/u0NNatL/AwAAQB3Evv/BUBP9PwAAAFRG7PvfE2qi/wcAAIDKiH3/e0NNatL/y/+7/r/8/4Dn/yezLJP/l/8nkf/vTP6/C/l/+f9+y///h/w/g63f8v+x738o1KQm/T8AAADUQez73xdqov8HAACAyoh9/2+Gmuj/AQAAoDJi3//+UJOa9P/y/4OS/5+U/5f/d/3/tv2R/5f/LyP/39nG5/9X94ZK/l/+f5DH7/r/8v8s1W/5/9j3fyDUZOXfriZWvCQAAABwVcS+/7dCTWry+38AAACog9j3/3aoif4fAAAAKiP2/b8TalKT/l/+f1Dy/67/n8n/y/+37Y/8v/x/mY3L/8czj/y/6//L/0fy//L/8v+067f8f+z7fzfUpCb9PwAAANRB7Ps/GGqi/wcAAICBUPZ/stvFvv9wqEn3/n/V/6cPAAAAuDpi338k1KQmv/+X/5f/l//v0/z/n+z45+9/551Hdsv/y//L/6/Khl7/v/Hid/1/+X/5/0T+X/6/NP+/Sf6/ztYh/z/WfONq8/+x7z8aalKT/h8AAADqIPb9vxdqov8HAACAyoh9/7FQE/0/AAAAVEbs+2dCTWrS/8v/y//L//dp/n+V1/8fCtvph/x/PB7y/616lv+PJ135/1Ibmv9/32JOXP5/tfn/8dJb5f9XnP/P37jJ//fX+OX/Xf+fpXqV/x9ZzP+3WG3+P/b9s6EmNen/AQAAoA5C3z98vKiLd+j/AQAAoDJi338i1ET/DwAAAJUR+/4PhZrUpP+X/5f/l/+vRv7f9f8Xl698/t/1/zuS/++sf/L/5eT/Xf9/kMcv/y//z1LrcP3/FqvN/8e+fy7UpCb9PwAAANRB7Ps/HGqi/wcAAIDKiH3/R0JN9P8AAABQGbHvPxlq8v/s3dmT5fVZx/HT2FPMFBeWVVZ54YXcW/4FXMC1/gFeeOONVZRV4gLuC4P7ivuGC7ivuIAibriCCmpCQvaQlSRkTwhJCElqUsw8zzOnu0//Tvf06enf+T6v10UeGTM5nXGcySfDu75N9r/+X/+v/9f/6/9Xf/7l/n/36r+u/n876P+n6f/X0P/r//X/+n82am79f+7+b4pbmux/AAAA6CB3/x1xi/0PAAAAw8jd/81xi/0PAAAAw8jd/y1xS5P9r//X/w/b/9+q/z/s8/X/3v8fmf5/mv5/jS3q/7/0vP5/bl+//l//z0Fz6/9z939r3NJk/wMAAEAHufu/LW6x/wEAAGAYufvvjFvsfwAAABhG7v674pYm+39f/7+z6Nn/Z8ar/x+p//f+/6Gfr//X/4/s+vb/97zyK5/+X//v/f+g/9f/6//Zb279f+7+b49bmux/AAAA6CB3/3fELfY/AAAADCN3/3fGLfY/AAAADCN3/3fFLU32/8ne/98dpf8vG+j/d7JF1//r//f//ND/6//1/6fP+//TOvX/dz5z0x0vPPLljx7n8/X/+n/9v/6fzZpb/5+7/7vjlib7HwAAADrI3f89cYv9DwAAAMPI3f+9cYv9DwAAAEN4/qsWtfu/L25psv9P1v8P8/5/8f6//v/yN+j/9f/6/62l/5/Wqf+/ls/X/+v/r+Hrr98G9f/6fw6aW/+fu//745Ym+x8AAAA6yN3/A3GL/Q8AAADDyN1/d9xi/wMAAMAwcvdfjFua7H/9/+n3/5/X/299/39uof+/Qv+v/58//f80/f8a+n/9v/f/9f9s1Nz6/9z998QtTfY/AAAAdJC7/wfjFvsfAAAAhpG7/4fiFvsfAAAAhpG7/4fjlib7X//v/X/9v/f/9f+rP1//v530/9P0/2vo/0/az5/T/+v/9f8sO2b///LEL9sb6f9z9/9I3NJk/wMAAEAHuft/NG6x/wEAAGAYuft/LG6x/wEAAGAYuft/PG5psv/1//p//b/+X/+/+vP1/9tJ/z9tNv3/zu7Kb9b/b33/7/1//b/+nz3m9v5/7v6fiFua7H8AAADoIHf/T8Yt9j8AAAAMI3f/T8Ut9j8AAAAMI3f/T8ctTfa//l//r//X/+v/V3/+VP//6NLXp/+fl432/zv6f+//6//1//p//T8nMbf+P3f/z8QtTfY/AAAAdJC7/964xf4HAACAYeTu/9m4ZWn/7/97UQEAAIDtkrv/5+KWJn/+v7r/v/q/1/8fzXXq/3f1//r/K//3vvKvqP+f7P9v8/5/T97/n7a+/89fUfX/+n/9/0b6/8XOKP3/hXXfX//PKnPr/3P3/3zc0mT/AwAAQAe5+38hbrH/AQAAYBi5+38xbrH/AQAAYBi5+38pbmmy/73/v1X9v/f/e/X/D5zz/v9lc3z/f3Hd+/9d/f8R6f+nef9/Df2//t/7/97/Z6Pm1v/n7v/luKXJ/gcAAIAOcvf/Stxi/wMAAMB2WP57Bw55xD93/6/GLfY/AAAADCN3/6/FLU32/+D9/62H/dP0//r/5R+vmfb/h77/r/+/olf/7/3/o9L/T9P/r6H/P41+fnew/v/+w77/HPr/u/X/zMye/v+xq99+Vv1/7v5fj1ua7H8AAADoIHf/fXGL/Q8AAADDyN3/G3GL/Q8AAADDyN3/m3FLk/1/6v3/hcM/2/v/+n/9v/5f/6//3zT9/zT9/xr7+/9X/qOh/t/7/97/1/9zzfb0/0vOqv/P3f9bcUuT/Q8AAAAd5O7/7bjF/gcAAIBh5O6/P26x/wEAAGAYufsfiFua7P/B3/8/lP5f/7/846X/1/+v+nz9/3bS/0/T/6/h/X/9/1n0//ETQP/PiObW/+fu/524pcn+BwAAgA5y9/9u3GL/AwAAwDBy9/9e3GL/AwAAwDBy9/9+3NJk/+v/T7f/z2/X/+v/F/p//b/+/7po2//vrPqd6KBD+v+nbr/4NXu/Rf+v/x+y/3/uVL9+7//r/zloFv3/pav/6TJ3/x/ELU32PwAAAHSQu/8P4xb7HwAAAIaRu/+P4hb7HwAAAIaRu/+P45Ym+3+p/8/kQv/v/X/9v/5f/6//31pt+/8j8v7/tJfi36/+f9T+/3S/fv2//p+DZtH/L/117v4/iVua7H8AAADoIHf/n8Yt9j8AAAAMI3f/n8Ut9j8AAAAMI3f/n8ctTfa/9/979P83LvT/+n/9v/6/B/3/NP3/Gt7/1//r//X/bNTc+v/c/Q/GLU32PwAAAHSQu/8v4hb7HwAAAIaRu/8v4xb7HwAAAIaRu/+v4pYm+1//f0j/vxir//f+v/5/of/X/zeh/5921v3/qt8vl12X/v+hiS9gVf9/6Ub9/5b3/+eP+P31//p/Nm9u/X/u/r+OW5rsfwAAAOggd/9DcYv9DwAAAMPI3f9w3GL/AwAAwDBy9/9N3NJk/+v/e7z/r//X/y/0//r/JvT/01b3/zcc/Cbv/3v/f6D+3/v/+n/Oztz6/9z9fxu3NNn/AAAA0EHu/kfiFvsfAAAAhpG7/+/iFvsfAAAAhpG7/9G4pcn+1//r//X/+n/9/+rP1/9vp9Pr/xcD9/8r6P/1//p//b/+nw2YW/+fu//v45Ym+x8AAAA6yN3/D3GL/Q8AAADDyN3/j3GL/Q8AAADDyN3/T3FLk/1/Vv3/bfp//b/+X/+v/68fVf3/5nj/f5r+fw39v/5f/6//Z6Pm1v/n7v/nuKXJ/gcAAIAOcvc/FrfY/wAAADCM3P3/ErfY/wAAADCM3P3/Grc02f/e/9f/7+3/F4uZ9//5/6T6f/3/CP3/+YX+f+P0/9P0/2vo/8fs/29YDNT/Xzj0++v/maO59f+5+/8tbmmy/wEAAKCD3P3/HrfY/wAAADCM3P3/EbfY/wAAADCM3P3/Gbc02f/6f/2/9//H6f8ff3H1z0f9/2z7//pR1f9vjv5/mv5/Df3/mP2/9//1/5yZufX/ufsfj1ua7H8AAADoIHf/E/v/DNX+BwAAgGE8cfkfzy/+K26x/wEAAGAYufv/O25psv/1//p//f84/b/3/6/Q//d2Rv3/zqY+X/+v/9f/b+/Xr//X/3PQ3Pr/3P3/E7c02f8AAADQQe7+J+MW+x8AAACGkbv/qbjF/gcAAIBh5O7/37ilyf7X/+v/9f/b2f+f1/8P3//nV6b/P565vP9/yy1f/bT+X/+v/9f/6//1/93Nrf/P3f9/cUuT/Q8AAAAd5O7//7jF/gcAAIBh5O5/Vdxi/wMAAMAwcve/Om5psv8P9v/nFlcK1StW9f/RqOn/l+j/9379+v/VPz+8/6//9/7/6ZtL/+/9/2v7+ufW/9+l/9f/n1b/f/PB76//Z0Rz6/9z9z8dtzTZ/wAAANBB7v7XxC32PwAAAMzYqr8T+3C5+18bt9j/AAAAMIzc/c/ELU32v/f/9f/6f/2//n/156/r/5P+f170/9P0/2t4/1//3+j9//j9r36dqv7/i/T/bM7c+v/c/a+LW5rsfwAAAOggd//r4xb7HwAAAIaRu/8NcYv9DwAAAMPI3f/GuKXJ/tf/b7T/313+Nv2//n/fzw/9/2D9v/f/50n/P03/v4b+X//fqP/fz/v/nIa59f+5+98UtzTZ/wAAANBB7v43xy1H2v8XTumrAgAAADYpd/9b4hZ//g8AAADDyN3/1rilyf6fa/9/93b2/3vo/+fS/3+9/n/f5+v/9f8j0//n7+ir6f/X0P8ft59/afkv9P/6f/0/+82t/8/d/2zc0mT/AwAAQAe5+98Wt9j/AAAAMIzc/W+PW+x/AAAAGEbu/nfELU32/1z7/y19/3+POfb/O4uO/b/3/y//9c6O/l//34L+f5r+f43N9v/3NOj/99D/6//1/+w3t/4/d/8745Ym+x8AAAC21dd+5Tc+e9R/bu7+d8Ut9j8AAAAMI3f/u+MW+x8AAACGkbv/ubilyf7X//fq/3u+/6//9/6//r8T/f80/f8a3v/X/+v/9f9s1Nz6/9z974lblobf7rH/XQIAAABzkrv/vXFLkz//BwAAgA5y978vbjmw/y8d8e9qBwAAAOYmd//zcUuTP/8/cf+/2NH/n2b/v9D/6//1//p//f9x6P+nnbD/v7Sj/9f/T9D/6//1/yy7MMP+P3f/++OWJvsfAAAABrXnv1HI3f+BuMX+BwAAgGHk7v9g3GL/AwAAwDBy938obmmy/73/P/P+/5re/79Q/5P+v3n/f+/5lZ+v/9f/j0z/f6gvidvp/f9LX6z/P5az7ue3/evX/+v/OWhu/X/u/g/HLU32PwAAAHSQu/8jcYv9DwAAAMPI3f/RuMX+BwAAgGHk7v9Y3NJk/+v/R+z/vf+v/5/+/HH6/y+76eKTX/cNDz+o/+eq69n/58+FLen/Lzvh+//b1v8f5/Pvu/yP+n/9v/7/2P3/zXH1/6wyt/4/d//H45Ym+x8AAAA6yN3/Qtxi/wMAAMAwcvd/Im6x/wEAAGAYuftfjFua7P+t6v+/Qv8/cv+fP9Zn0P9f3L7+P5vi7v2/9//1/wd5/3+a/n8N/b/+X//v/X82am79f+7+T8YtTfY/AAAAdJC7/1Nxi/0PAAAAw8jd/+m4xf4HAACAYeTufyluabL/t6r/9/7/0P1/upb+Pz/f+//6/4X+vz39/5Ldg9+k/19D/6//1//r/9moufX/ufs/E7c02f8AAADQQe7+l+MW+x8AAACGkbv/s3GL/Q8AAADDyN3/ubilyf7X/+v/R+j/T/j+/9n0/6/8cqP/1//r/zdO/z9N/7+G/l//377/v13/z0bNrf/P3f+FAAAA//9/pV3V") prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r2, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) listen(0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x3e, &(0x7f0000000100)=r3, 0x4) sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc) 6.098439647s ago: executing program 0 (id=393): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) ioctl$HIDIOCGSTRING(0xffffffffffffffff, 0x81044804, &(0x7f0000000900)={0x7b, "f476e5039341860673224631133405f2692479708e63e65ef34de87a21e6af61af77e798b12f18650095260d7b31c61c00ce57e30e09c3d5f65a58af7f65b95e0ee6500085c41b48f511e82be2f26ae26ea0a3c6403fb1e33a3b91c016a9e1f32de266bc171d65b39ab083705a8c970126964db5f3ba33186d46eb"}) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fanotify_init(0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000800009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) dup(0xffffffffffffffff) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000080)={0x3ff}, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000100000500010001"], 0x24}}, 0x0) sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="20000000010401010000000000000000000000000a0002"], 0x20}}, 0x0) ioprio_set$pid(0x1, 0x0, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x20000023896) 5.754888826s ago: executing program 2 (id=394): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)) r0 = socket$vsock_stream(0x28, 0x1, 0x0) r1 = syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000080)=0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) dup(0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x49, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="14000000100001005031490100aa444df1d52495382b940000000000000a01010000000000000000010000000900010073797a300000000048000000030a01010000000000000000010000000900010073797a30000000000900030073797a3100000000080007006e617400140004800800014000000000080701000000000000000000020a030600000000000000000007000014000000000000000000"], 0xa4}}, 0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r1, 0x16, &(0x7f0000000000)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f0000000a40)=ANY=[@ANYBLOB="b70200000d000000bfa300000000000005000000000000007a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67d5b310efcfa89147a7fb0a93d035f2f206d2ef831ab7ea0c34f17e3ad6eecbb622003b538dfd8e012e79578e51bc53099e90f4580d7be3e8c254a5cba117cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e6a9f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d996d60a17e3c184b751c51160100000000000080148b9a31ee8dc8b544f3c4a532e60a0ac346dfebd31a08060000000200000000000000334d83239dd20100008000000000d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08a406f99f7b1e1ad828267d4eadd3964663e085354133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0183babc190ae2ebf8aad34732181feb28cb0bae7c34dc5e7c805210600000000000000c3dec04b25df45d4f71ab158c36657b7218baa07a99bd50499ccc421ace5e845885efb5b9964e4beba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d01776839b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb0015982730711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dab18fd0699fe3304000000323e9c707fe81436b024c2574980397bc49d70c060d57bc88fbe3bbaa058b040362ab926150763fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4e6068f1bf710d133d541da86e0477e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2b2ff7f9a7d365e63845f3e1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000010000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edef8ba72205beff7771bcb293747b88486cacee403000000a2919a4b09e168e4e4d5ff2ed893f2e314679fa69fc7e0cf761f91b18725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75e26b45264e3d3f8e0048e55ae289c2f884d0766cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2efce676a93110904d5e055af44664b53c764d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007976694b6a0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d201721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e671282a2d3066ac968c7d7d7db195f255b1b4a85eb9ee0a3b68c9e209756623adf685dd715d68ed1274b4d5502f512493af8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f74b6563a4be1fd82b73c8c2bc65f63982"], 0x0}, 0x90) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x0, r0, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}}) io_uring_enter(r1, 0x5b43, 0x0, 0x0, 0x0, 0x0) 5.656884973s ago: executing program 3 (id=395): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000c40), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5) ioctl$TCFLSH(r0, 0x8925, 0x20001100) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./bus\x00', 0x0, &(0x7f0000000280), 0x1, 0x787, &(0x7f0000001000)="$eJzs3ctrXNUfAPDvnSRNk/b3SwRB6yogaKB0YmpsFVxUXIhgoaBr22EyDTWTTMlMShMCtojgRlBxIeimax9159bHVv8LF9JSNS1WXEjkzqOdNjPppM3MBPL5wMmcc++dnPOdcx/nzr3MDWDPmkj/ZCIORcRHScRYfXoSEUPV3GDEidpyt9fX8mlKYmPjzT+S6jK31tfy0fSe1IF64cmI+PH9iMOZzfWWV1bnc8ViYalenqosnJ8qr6weObeQmyvMFRaPTc/MHD3+wvFjOxfrX7+sHrz+8WvPfnPin/eeuPrhT0mciIP1ec1x7JSJmKh/JkPpR3iPV3e6sj5L+t0AHkq6aQ7UtvI4FGMxUM21MdLLlgEA3fJuRGwAAHtM4vgPAHtM43uAW+tr+Ubq7zcSvXXjlYjYX4u/cX2zNmewfs1uf/U66Oit5J4rI0lEjO9A/RMR8cV3b3+Vpqj3g2tpQC9cuhwRZ8YnNu//k033LGzXc1vN3BiuvkzcN3mvHX+gn75Pxz8vthr/Ze6Mf6LF+Ge4xbb7MB68/Weu7UA1baXjv5eb7m273RR/3fhAvfS/6phvKDl7rlhI923/j4jJGBpOy9PVRVuP3CZv/nuzXf3N478/P3nny7T+9PXuEplrg8P3vmc2V8k9atwNNy5HPDXYKv7kTv8nbca/pzqs4/WXPvi83bw0/jTeRtocf3dtXIl4pmX/3+3LZMv7E6eqq8NUY6Vo4dtfPxttV39z/6cprb9xLtALaf+Pbh3/eNJ8v2Z5+3X8fGXsh3bzHhx/6/V/X/JWNb+vPu1irlJZmo7Yl7yxefrRu+9tlBvLp/FPPt16+69V23r9T88Jz3QY/+D1379++Pi7K41/dlv9v/3M1dvzA+3q76z/Z6q5yfqUTvZ/nTbwUT47AAAAAAAAAAAAAAAAAAAAAAAAAOhUJiIORpLJ3slnMtls7Rnej8doplgqVw6fLS0vzkb1WdnjMZRp/NTlWNPvoU7Xfw+/UT56X/n5iHgsIj4dHqmWs/lScbbfwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3YE2z/9P/Tbc79YBAF2zv98NAAB6zvEfAPae7R3/R7rWDgCgd5z/A8De0/Hx/0x32wEA9I7zfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrs1MmTadr4e30tn5ZnL6wsz5cuHJktlOezC8v5bL60dD47VyrNFQvZfGmh7T+6VHsplkrnZ2Jx+eJUpVCuTJVXVk8vlJYXK6fPLeTmCqcLQz2LDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6V15Znc8Vi4UlmS0zI7ujGbsmMxi7ohkyXcs07yVG+reDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjl/gsAAP//IIYqoQ==") openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143041, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') r1 = inotify_init1(0x0) fcntl$getownex(r1, 0x10, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(0xffffffffffffffff, 0x40086610, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000480)=@bpf_lsm={0x1d, 0x0, 0x0, 0x0, 0x0, 0xf6, &(0x7f0000001000)=""/246, 0x41100, 0x11, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000b00)={0x8}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4b1}, 0x90) ioctl$BTRFS_IOC_DEFRAG(0xffffffffffffffff, 0x50009402, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x15, 0x3, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0xc}, 0x8}, 0x90) 5.024442735s ago: executing program 1 (id=398): setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040)={0x0, 0x0}, 0x10) socket$inet_udp(0x2, 0x2, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r0 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r0, &(0x7f00000006c0)={0x18, 0x2, {0x0, @local}}, 0x1e) connect$pptp(r0, &(0x7f0000000900)={0x18, 0x2, {0x0, @loopback}}, 0x1e) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0}, 0x90) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246) r3 = dup(r2) ioctl$PPPIOCCONNECT(r3, 0x40047435, &(0x7f00000002c0)=0x2) 4.927642613s ago: executing program 1 (id=399): creat(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_inet_SIOCGIFBRDADDR(r4, 0x8919, 0x0) syz_80211_inject_frame(&(0x7f0000000040), &(0x7f0000000300)=ANY=[@ANYBLOB="d0000000080211000000080211000001ffffffffffff0000030000000000000000d8aae09a2ac0054ecc14f00a16a0cac2207b63f71fc3d345c4f51147a94e2c8b9d43985263fef7478d9ef262af9897a56a9e07868661"], 0x21) socket(0x18, 0x0, 0x0) connect$llc(r3, &(0x7f0000000140)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, 0x10) sendto$llc(r3, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = socket$inet_smc(0x2b, 0x1, 0x0) sendto$inet(r5, 0x0, 0x0, 0x200048e0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), 0xffffffffffffffff) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000100)={'ip6gre0\x00', 0x4e}) ioctl$DRM_IOCTL_MODE_ADDFB2(0xffffffffffffffff, 0xc06864b8, &(0x7f0000000580)={0x0, 0x2000, 0x80, 0x3231564e, 0x0, [0x2]}) 4.727635419s ago: executing program 2 (id=400): socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_sctp(0xa, 0x0, 0x84) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x26e1, 0x0) close(r1) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xa, 0x4, 0x8, 0x8}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000001bc0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001500), &(0x7f0000001400), 0x1006, r1}, 0x38) 3.480313852s ago: executing program 3 (id=401): r0 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) ioctl$HIDIOCGSTRING(0xffffffffffffffff, 0x81044804, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fanotify_init(0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000800009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) dup(0xffffffffffffffff) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000080)={0x3ff}, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000100000500010001"], 0x24}}, 0x0) sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="20000000010401010000000000000000000000000a0002"], 0x20}}, 0x0) ioprio_set$pid(0x1, 0x0, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x20000023896) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x25) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)={0x40, 0x3a, 0x9, 0x0, 0x0, {0x1}, [@typed={0x4}, @nested={0x8, 0x2, 0x0, 0x1, [@generic="9dfa5f8a"]}, @typed={0xc, 0x3, 0x0, 0x0, @u64}, @typed={0x14, 0x5, 0x0, 0x0, @ipv6=@private1}]}, 0x40}}, 0x0) 3.002454631s ago: executing program 4 (id=402): creat(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_inet_SIOCGIFBRDADDR(r4, 0x8919, 0x0) syz_80211_inject_frame(&(0x7f0000000040), &(0x7f0000000300)=ANY=[@ANYBLOB="d0000000080211000000080211000001ffffffffffff0000030000000000000000d8aae09a2ac0054ecc14f00a16a0cac2207b63f71fc3d345c4f51147a94e2c8b9d43985263fef7478d9ef262af9897a56a9e07868661"], 0x21) socket(0x18, 0x0, 0x0) connect$llc(r3, &(0x7f0000000140)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, 0x10) sendto$llc(r3, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = socket$inet_smc(0x2b, 0x1, 0x0) sendto$inet(r5, 0x0, 0x0, 0x200048e0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), 0xffffffffffffffff) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000100)={'ip6gre0\x00', 0x4e}) ioctl$DRM_IOCTL_MODE_ADDFB2(0xffffffffffffffff, 0xc06864b8, &(0x7f0000000580)={0x0, 0x2000, 0x80, 0x3231564e, 0x0, [0x2]}) 2.892717295s ago: executing program 1 (id=403): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d00000018", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000004000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='kfree\x00', r1}, 0x10) r2 = socket$netlink(0x10, 0x3, 0x6) writev(r2, &(0x7f00000001c0)=[{&(0x7f0000000000)="480000001500190a20ffff7fffffff5602113e850e1de0974881030491720000de213ee23ffbf510040041feff5aff2b0000000000000700"/68, 0x44}, {&(0x7f0000000080)="c1130389", 0x4}], 0x2) 2.86723594s ago: executing program 2 (id=404): r0 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) ioctl$HIDIOCGSTRING(0xffffffffffffffff, 0x81044804, &(0x7f0000000900)={0x7b, "f476e5039341860673224631133405f2692479708e63e65ef34de87a21e6af61af77e798b12f18650095260d7b31c61c00ce57e30e09c3d5f65a58af7f65b95e0ee6500085c41b48f511e82be2f26ae26ea0a3c6403fb1e33a3b91c016a9e1f32de266bc171d65b39ab083705a8c970126964db5f3ba33186d46eb"}) r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fanotify_init(0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000800009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) dup(0xffffffffffffffff) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000080)={0x3ff}, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000100000500010001"], 0x24}}, 0x0) sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="20000000010401010000000000000000000000000a0002"], 0x20}}, 0x0) ioprio_set$pid(0x1, 0x0, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x20000023896) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x25) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)={0x40, 0x3a, 0x9, 0x0, 0x0, {0x1}, [@typed={0x4}, @nested={0x8, 0x2, 0x0, 0x1, [@generic="9dfa5f8a"]}, @typed={0xc, 0x3, 0x0, 0x0, @u64}, @typed={0x14, 0x5, 0x0, 0x0, @ipv6=@private1}]}, 0x40}}, 0x0) 2.799737523s ago: executing program 1 (id=405): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = fanotify_init(0x0, 0x0) readv(r1, &(0x7f00000003c0)=[{&(0x7f0000000480)=""/4096, 0x34}], 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x45830800000}, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) 1.076017964s ago: executing program 0 (id=406): mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuseblk(&(0x7f0000002440), &(0x7f0000002480)='./file0\x00', &(0x7f00000024c0), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYBLOB=',rootmode=00000000000000000020000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',max_read=0x0']) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00') read$FUSE(r0, &(0x7f0000002140)={0x2020}, 0x2100) 1.071983671s ago: executing program 4 (id=407): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000300)=0x1) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0x0, &(0x7f0000000140)={0x0, 0x4000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r4, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private1}]}, &(0x7f0000000380)=0x10) 591.117305ms ago: executing program 1 (id=408): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000180), r1) sendmsg$NFC_CMD_GET_TARGET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r2, 0x1}, 0x14}}, 0x0) sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c020000", @ANYRES16=0x0, @ANYBLOB="0000000000000000000005000000e00005800c00028008000100000000000c00028000000100000000004c00028008000100000000000800010000000000080003000000000008000200000000000000020000000000080004000000000000000400000000000800040000000000080001"], 0x23c}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000740), r1) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="c0000000", @ANYRES16=r3, @ANYBLOB="010028bd7000fddbdf25040000000d000a0000000030323135340000000008"], 0xc0}}, 0x0) 0s ago: executing program 1 (id=409): setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040)={0x0, 0x0}, 0x10) socket$inet_udp(0x2, 0x2, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0x3) r0 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r0, &(0x7f00000006c0)={0x18, 0x2, {0x0, @local}}, 0x1e) connect$pptp(r0, &(0x7f0000000900)={0x18, 0x2, {0x0, @loopback}}, 0x1e) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0}, 0x90) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246) r3 = dup(r2) ioctl$PPPIOCCONNECT(r3, 0x40047435, &(0x7f00000002c0)=0x2) kernel console output (not intermixed with test programs): ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 135.896921][ T5279] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 135.908486][ T6030] XFS (loop3): metadata I/O error in "xfs_alloc_read_agfl+0x273/0x4c0" at daddr 0x3 len 1 error 74 [ 136.014916][ T6030] XFS (loop3): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x663/0xad0 (fs/xfs/xfs_trans_buf.c:296). Shutting down filesystem. [ 136.094413][ T6030] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 136.098950][ T5922] chnl_net:caif_netlink_parms(): no params data found [ 136.796687][ T5238] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 136.998586][ T5225] XFS (loop3): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 137.014290][ T5238] usb 2-1: Using ep0 maxpacket: 16 [ 137.026960][ T5238] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 137.094247][ T5238] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 137.164282][ T5238] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 137.197589][ T5922] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.224323][ T5238] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 137.226605][ T5922] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.234092][ T5238] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 137.295301][ T5922] bridge_slave_0: entered allmulticast mode [ 137.328527][ T5922] bridge_slave_0: entered promiscuous mode [ 137.353830][ T5238] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 137.379303][ T5922] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.397950][ T5922] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.416947][ T5238] usb 2-1: New USB device found, idVendor=0525, idProduct=9ea1, bcdDevice= 0.40 [ 137.424551][ T5922] bridge_slave_1: entered allmulticast mode [ 137.443249][ T5922] bridge_slave_1: entered promiscuous mode [ 137.464565][ T5238] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 137.492864][ T5238] usb 2-1: Product: syz [ 137.504418][ T5238] usb 2-1: Manufacturer: syz [ 137.519325][ T5238] usb 2-1: SerialNumber: syz [ 137.607592][ T5922] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 137.651585][ T5922] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 137.773916][ T6069] loop2: detected capacity change from 0 to 4096 [ 137.805853][ T6069] ntfs3: loop2: Different NTFS sector size (2048) and media sector size (512). [ 137.883267][ T6069] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 137.889118][ T5922] team0: Port device team_slave_0 added [ 137.922331][ T5922] team0: Port device team_slave_1 added [ 138.131863][ T5922] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 138.158085][ T5922] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 138.230032][ T5922] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 138.267920][ T5922] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 138.276390][ T5235] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 138.291804][ T5235] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 138.297325][ T5922] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 138.336701][ T5235] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 138.361634][ T5922] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 138.374080][ T5235] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 138.390204][ T5235] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 138.395151][ T6086] loop3: detected capacity change from 0 to 2048 [ 138.415182][ T5235] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 138.457965][ T2499] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 138.500391][ T6086] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 138.515136][ T6082] mkiss: ax0: crc mode is auto. [ 138.693764][ T2499] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 138.769312][ T5922] hsr_slave_0: entered promiscuous mode [ 138.785363][ T5922] hsr_slave_1: entered promiscuous mode [ 138.909218][ T5238] cdc_ncm 2-1:1.0: bind() failure [ 138.918431][ T5238] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 138.927133][ T5238] cdc_ncm 2-1:1.1: bind() failure [ 138.936203][ T5922] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 138.947402][ T5238] usb 2-1: USB disconnect, device number 4 [ 138.956746][ T5922] Cannot create hsr debugfs directory [ 138.963655][ T5225] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.052808][ T2499] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.063965][ T5282] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 139.102219][ T6095] loop1: detected capacity change from 0 to 256 [ 139.239718][ T2499] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.288423][ T5282] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 139.304147][ T5282] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 139.321545][ T5282] usb 3-1: Product: syz [ 139.338306][ T5282] usb 3-1: Manufacturer: syz [ 139.351630][ T5282] usb 3-1: SerialNumber: syz [ 139.369087][ T5282] usb 3-1: config 0 descriptor?? [ 139.735200][ T5283] usb 3-1: USB disconnect, device number 3 [ 139.877638][ T2499] bridge_slave_1: left allmulticast mode [ 139.883383][ T2499] bridge_slave_1: left promiscuous mode [ 139.935332][ T2499] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.005355][ T2499] bridge_slave_0: left allmulticast mode [ 140.011045][ T2499] bridge_slave_0: left promiscuous mode [ 140.071351][ T2499] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.178838][ T6094] loop3: detected capacity change from 0 to 32768 [ 140.230591][ T6094] jfs: Unrecognized mount option "gid=0x0000000000000000" or missing value [ 140.474905][ T5235] Bluetooth: hci2: command tx timeout [ 141.550232][ T6120] netlink: 'syz.3.152': attribute type 10 has an invalid length. [ 141.559111][ T6120] netlink: 148 bytes leftover after parsing attributes in process `syz.3.152'. [ 141.764813][ T2499] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 141.794326][ T2499] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 141.818157][ T2499] bond0 (unregistering): Released all slaves [ 142.270966][ T5282] usb 3-1: new low-speed USB device number 4 using dummy_hcd [ 142.552514][ T5282] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 142.560115][ T5235] Bluetooth: hci2: command tx timeout [ 142.594240][ T5282] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 142.608779][ T5282] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 142.623382][ T5282] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 142.640852][ T5282] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 142.681872][ T5282] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 142.706856][ T5282] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 142.733852][ T5282] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 142.780286][ T5282] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 142.802895][ T5282] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 142.850521][ T5282] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 142.880963][ T5282] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 142.940915][ T5282] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 142.971053][ T5282] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 142.987984][ T5282] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 143.100137][ T5282] usb 3-1: string descriptor 0 read error: -22 [ 143.122482][ T5282] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 143.151084][ T5282] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.160187][ T2499] hsr_slave_0: left promiscuous mode [ 143.202769][ T5282] adutux 3-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 143.210652][ T2499] hsr_slave_1: left promiscuous mode [ 143.245475][ T2499] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 143.275850][ T2499] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 143.305769][ T2499] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 143.313185][ T2499] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 143.399586][ T2499] veth1_macvtap: left promiscuous mode [ 143.414713][ T2499] veth0_macvtap: left promiscuous mode [ 143.431488][ T2499] veth1_vlan: left promiscuous mode [ 143.443068][ T5283] usb 3-1: USB disconnect, device number 4 [ 143.443145][ T2499] veth0_vlan: left promiscuous mode [ 143.980942][ T6133] loop1: detected capacity change from 0 to 32768 [ 144.014906][ T6133] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 144.222267][ T6133] XFS (loop1): Ending clean mount [ 144.233826][ T6140] loop3: detected capacity change from 0 to 4096 [ 144.257530][ T6140] ntfs3: loop3: Different NTFS sector size (2048) and media sector size (512). [ 144.259883][ T5279] XFS (loop1): Metadata CRC error detected at xfs_agfl_read_verify+0x160/0x230, xfs_agfl block 0x3 [ 144.285399][ T5279] XFS (loop1): Unmount and run xfs_repair [ 144.298119][ T5279] XFS (loop1): First 128 bytes of corrupted metadata buffer: [ 144.326842][ T5279] 00000000: 58 41 46 4c 00 00 00 00 00 00 00 00 00 00 80 86 XAFL............ [ 144.348503][ T5279] 00000010: af d4 a8 f7 47 a7 4b ab 00 00 00 00 00 00 00 00 ....G.K......... [ 144.392464][ T5279] 00000020: 5e fe 9e 73 ff ff ff ff 00 00 02 0a 00 00 02 0b ^..s............ [ 144.405287][ T5279] 00000030: 00 00 02 0c 00 00 02 0d 00 00 02 0e 00 00 02 0f ................ [ 144.410032][ T6140] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 144.414962][ T5279] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 144.432591][ T5279] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 144.442018][ T5279] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 144.467885][ T5279] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 144.477334][ T6133] XFS (loop1): metadata I/O error in "xfs_alloc_read_agfl+0x273/0x4c0" at daddr 0x3 len 1 error 74 [ 144.494496][ T6133] XFS (loop1): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x663/0xad0 (fs/xfs/xfs_trans_buf.c:296). Shutting down filesystem. [ 144.512008][ T6133] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 144.634712][ T5235] Bluetooth: hci2: command tx timeout [ 144.738115][ T2499] team0 (unregistering): Port device team_slave_1 removed [ 144.792741][ T2499] team0 (unregistering): Port device team_slave_0 removed [ 144.851550][ T5223] XFS (loop1): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 145.308266][ T6156] loop2: detected capacity change from 0 to 256 [ 146.033535][ T6161] loop1: detected capacity change from 0 to 2048 [ 146.137899][ T6161] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 146.205700][ T6168] netlink: 'syz.2.161': attribute type 10 has an invalid length. [ 146.213556][ T6168] netlink: 148 bytes leftover after parsing attributes in process `syz.2.161'. [ 146.352373][ T6158] Falling back ldisc for ptm0. [ 146.435012][ T6084] chnl_net:caif_netlink_parms(): no params data found [ 146.448159][ T5223] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.754707][ T5235] Bluetooth: hci2: command tx timeout [ 147.492448][ T6084] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.535650][ T6084] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.542884][ T6084] bridge_slave_0: entered allmulticast mode [ 147.599992][ T6084] bridge_slave_0: entered promiscuous mode [ 147.636961][ T6084] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.681782][ T6084] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.694424][ T6084] bridge_slave_1: entered allmulticast mode [ 147.705772][ T6084] bridge_slave_1: entered promiscuous mode [ 147.751247][ T6170] loop3: detected capacity change from 0 to 32768 [ 147.767119][ T6170] jfs: Unrecognized mount option "gid=0x0000000000000000" or missing value [ 147.913719][ T6084] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 147.975665][ T6084] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 148.051571][ T6084] team0: Port device team_slave_0 added [ 148.091415][ T6084] team0: Port device team_slave_1 added [ 148.226358][ T6186] loop2: detected capacity change from 0 to 4096 [ 148.270940][ T6186] ntfs3: loop2: Different NTFS sector size (2048) and media sector size (512). [ 148.669586][ T6084] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 148.689775][ T6084] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 148.751548][ T6084] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 148.796022][ T6084] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 148.823411][ T6084] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 148.880586][ T6084] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 148.912843][ T5922] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 148.950251][ T6186] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 148.950908][ T6184] loop1: detected capacity change from 0 to 32768 [ 149.018080][ T5922] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 149.034071][ T6184] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 149.112609][ T6184] XFS (loop1): Ending clean mount [ 149.122306][ T5922] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 149.152582][ T5281] XFS (loop1): Metadata CRC error detected at xfs_agfl_read_verify+0x160/0x230, xfs_agfl block 0x3 [ 149.169529][ T6084] hsr_slave_0: entered promiscuous mode [ 149.175579][ T5281] XFS (loop1): Unmount and run xfs_repair [ 149.181332][ T5281] XFS (loop1): First 128 bytes of corrupted metadata buffer: [ 149.189415][ T5281] 00000000: 58 41 46 4c 00 00 00 00 00 00 00 00 00 00 80 86 XAFL............ [ 149.199873][ T5281] 00000010: af d4 a8 f7 47 a7 4b ab 00 00 00 00 00 00 00 00 ....G.K......... [ 149.208833][ T5281] 00000020: 5e fe 9e 73 ff ff ff ff 00 00 02 0a 00 00 02 0b ^..s............ [ 149.221785][ T5281] 00000030: 00 00 02 0c 00 00 02 0d 00 00 02 0e 00 00 02 0f ................ [ 149.253196][ T5281] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 149.274973][ T6084] hsr_slave_1: entered promiscuous mode [ 149.286184][ T5281] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 149.307923][ T5281] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 149.317368][ T5281] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 149.326651][ T6084] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 149.335466][ T6184] XFS (loop1): metadata I/O error in "xfs_alloc_read_agfl+0x273/0x4c0" at daddr 0x3 len 1 error 74 [ 149.346766][ T6084] Cannot create hsr debugfs directory [ 149.357062][ T5922] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 149.377918][ T6184] XFS (loop1): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x663/0xad0 (fs/xfs/xfs_trans_buf.c:296). Shutting down filesystem. [ 149.468403][ T6184] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 149.526210][ T5238] usb 4-1: new low-speed USB device number 5 using dummy_hcd [ 149.704985][ T5223] XFS (loop1): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 149.767058][ T5238] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 149.799672][ T5238] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 149.847293][ T5238] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 149.885250][ T5238] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 149.946508][ T5238] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 150.014300][ T5238] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 150.021773][ T5238] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 150.076102][ T5238] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 150.122628][ T5238] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 150.168661][ T5922] 8021q: adding VLAN 0 to HW filter on device bond0 [ 150.187049][ T5238] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 150.239492][ T5238] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 150.267649][ T5238] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 150.322046][ T5922] 8021q: adding VLAN 0 to HW filter on device team0 [ 150.329626][ T5238] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 150.384329][ T5238] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 150.432420][ T5283] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.434342][ T5238] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 150.439676][ T5283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 150.518236][ T5238] usb 4-1: string descriptor 0 read error: -22 [ 150.530576][ T5238] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 150.561613][ T5238] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 150.640541][ T5283] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.647698][ T5283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 150.667728][ T5238] adutux 4-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 150.935883][ T6225] loop1: detected capacity change from 0 to 256 [ 150.951058][ T5283] usb 4-1: USB disconnect, device number 5 [ 150.991584][ T6084] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 151.066071][ T6084] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 151.124549][ T6084] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 151.161006][ T6084] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 151.576063][ T6084] 8021q: adding VLAN 0 to HW filter on device bond0 [ 151.647519][ T5922] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 151.735951][ T6238] netlink: 'syz.1.171': attribute type 10 has an invalid length. [ 151.763534][ T6238] netlink: 148 bytes leftover after parsing attributes in process `syz.1.171'. [ 151.815415][ T6084] 8021q: adding VLAN 0 to HW filter on device team0 [ 151.886826][ T5282] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.894015][ T5282] bridge0: port 1(bridge_slave_0) entered forwarding state [ 151.952063][ T5282] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.959279][ T5282] bridge0: port 2(bridge_slave_1) entered forwarding state [ 152.130834][ T6242] mkiss: ax0: crc mode is auto. [ 152.143290][ T6244] loop1: detected capacity change from 0 to 2048 [ 152.219106][ T6244] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 152.728617][ T5223] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 153.639390][ T5922] veth0_vlan: entered promiscuous mode [ 153.669883][ T6084] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 153.740285][ T5922] veth1_vlan: entered promiscuous mode [ 153.842183][ T6084] veth0_vlan: entered promiscuous mode [ 153.889160][ T5922] veth0_macvtap: entered promiscuous mode [ 153.922547][ T6084] veth1_vlan: entered promiscuous mode [ 153.949522][ T5922] veth1_macvtap: entered promiscuous mode [ 154.008016][ T5922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 154.041811][ T5922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.072104][ T5922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 154.099018][ T5922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.119370][ T5922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 154.140209][ T5922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.162299][ T5922] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 154.210631][ T5922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 154.243684][ T5922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.275617][ T5922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 154.289092][ T5922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.299426][ T5922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 154.310375][ T5922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.332898][ T5922] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 154.389892][ T5922] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.414914][ T5922] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.446729][ T5922] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.468272][ T5922] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.508751][ T6084] veth0_macvtap: entered promiscuous mode [ 154.570385][ T6084] veth1_macvtap: entered promiscuous mode [ 154.700298][ T6084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 154.734233][ T6084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.744128][ T6084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 154.764251][ T6084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.768666][ T6273] loop3: detected capacity change from 0 to 32768 [ 154.775628][ T6084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 154.810937][ T6084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.830223][ T6273] jfs: Unrecognized mount option "gid=0x0000000000000000" or missing value [ 154.853405][ T6084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 155.000326][ T6084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.066039][ T6084] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 155.119230][ T6084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.140415][ T6084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.164211][ T6084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.199074][ T6084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.521964][ T6084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.533893][ T6084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.567922][ T6084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.645813][ T6084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.693202][ T6084] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 155.802265][ C1] eth0: bad gso: type: 1, size: 1408 [ 155.859580][ T6084] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.911213][ T6084] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.963680][ T6084] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.985677][ T6084] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.043536][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 156.087163][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 156.228732][ T6312] loop3: detected capacity change from 0 to 256 [ 156.258155][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 156.284746][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 156.454143][ T1307] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 156.462184][ T1307] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 156.577343][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 156.613651][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 157.108027][ T6324] loop4: detected capacity change from 0 to 1764 [ 157.124645][ T6327] netlink: 'syz.3.180': attribute type 10 has an invalid length. [ 157.145178][ T6324] iso9660: Unknown parameter 'oession' [ 157.160996][ T6327] netlink: 144 bytes leftover after parsing attributes in process `syz.3.180'. [ 157.306481][ T6333] loop4: detected capacity change from 0 to 512 [ 157.442701][ T6333] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.117: corrupted in-inode xattr: invalid ea_ino [ 157.458531][ T6333] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.117: couldn't read orphan inode 15 (err -117) [ 157.475081][ T6333] EXT4-fs (loop4): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 157.534397][ T46] usb 2-1: new low-speed USB device number 5 using dummy_hcd [ 157.816344][ T46] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 157.825280][ T46] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 157.840151][ T46] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 157.850836][ T46] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 157.863083][ T46] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 157.987194][ T46] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 157.994824][ T46] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 158.007944][ T46] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 158.063714][ T6340] mkiss: ax0: crc mode is auto. [ 158.092870][ T46] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 158.148711][ T6347] loop2: detected capacity change from 0 to 2048 [ 158.158374][ T6341] loop3: detected capacity change from 0 to 4096 [ 158.174270][ T46] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 158.203324][ T6341] NILFS (loop3): invalid segment: Checksum error in segment payload [ 158.220419][ T46] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 158.231850][ T6341] NILFS (loop3): trying rollback from an earlier position [ 158.240734][ T46] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 158.284329][ T46] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 158.309734][ T6347] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 158.335309][ T46] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 158.347852][ T46] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 158.350360][ T6341] NILFS (loop3): recovery complete [ 158.393586][ T46] usb 2-1: string descriptor 0 read error: -22 [ 158.399889][ T5922] EXT4-fs (loop4): unmounting filesystem 00000007-0000-0000-0000-000000000000. [ 158.465953][ T46] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 158.476642][ T6353] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 158.514862][ T46] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 158.588658][ T46] adutux 2-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 158.680773][ T5366] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 158.708414][ T6341] loop3: detected capacity change from 4096 to 0 [ 158.740569][ C1] I/O error, dev loop3, sector 24 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 158.752002][ T6360] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0) [ 158.844516][ T5283] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 159.804791][ T5226] usb 2-1: USB disconnect, device number 5 [ 159.817496][ T5283] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 159.832424][ T6353] segctord: attempt to access beyond end of device [ 159.832424][ T6353] loop3: rw=0, sector=24, nr_sectors = 2 limit=0 [ 159.866727][ T5283] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 159.911311][ T6353] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0) [ 159.915388][ T5283] usb 1-1: Product: syz [ 159.953840][ T6353] segctord: attempt to access beyond end of device [ 159.953840][ T6353] loop3: rw=0, sector=24, nr_sectors = 2 limit=0 [ 159.960579][ T5283] usb 1-1: Manufacturer: syz [ 159.974635][ T6353] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0) [ 160.019064][ T5283] usb 1-1: SerialNumber: syz [ 160.034363][ T6353] segctord: attempt to access beyond end of device [ 160.034363][ T6353] loop3: rw=0, sector=24, nr_sectors = 2 limit=0 [ 160.052327][ T5283] usb 1-1: config 0 descriptor?? [ 160.134250][ T6353] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0) [ 160.175136][ T5225] syz-executor: attempt to access beyond end of device [ 160.175136][ T5225] loop3: rw=0, sector=24, nr_sectors = 2 limit=0 [ 160.194545][ T5225] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0) [ 160.203272][ T5225] syz-executor: attempt to access beyond end of device [ 160.203272][ T5225] loop3: rw=0, sector=24, nr_sectors = 2 limit=0 [ 160.281434][ T5225] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0) [ 160.308163][ T5225] syz-executor: attempt to access beyond end of device [ 160.308163][ T5225] loop3: rw=0, sector=24, nr_sectors = 2 limit=0 [ 160.371404][ T5225] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0) [ 160.385501][ T6378] loop1: detected capacity change from 0 to 256 [ 160.448380][ T5225] syz-executor: attempt to access beyond end of device [ 160.448380][ T5225] loop3: rw=0, sector=24, nr_sectors = 2 limit=0 [ 160.511885][ T5225] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0) [ 161.224310][ T5225] NILFS (loop3): disposed unprocessed dirty file(s) when stopping log writer [ 161.253770][ T5225] syz-executor: attempt to access beyond end of device [ 161.253770][ T5225] loop3: rw=395265, sector=2, nr_sectors = 2 limit=0 [ 161.277315][ T5225] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 161.295696][ T5225] NILFS (loop3): unable to write superblock: err=-5 [ 161.323458][ T5225] syz-executor: attempt to access beyond end of device [ 161.323458][ T5225] loop3: rw=395265, sector=4088, nr_sectors = 2 limit=0 [ 161.338372][ T5226] usb 1-1: USB disconnect, device number 2 [ 161.384643][ T5225] Buffer I/O error on dev loop3, logical block 2044, lost sync page write [ 161.409877][ T5225] NILFS (loop3): unable to write superblock: err=-5 [ 162.234605][ T6370] loop2: detected capacity change from 0 to 32768 [ 162.329404][ T6370] XFS (loop2): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 162.583878][ T6370] XFS (loop2): Ending clean mount [ 162.661582][ T5226] XFS (loop2): Metadata CRC error detected at xfs_agfl_read_verify+0x160/0x230, xfs_agfl block 0x3 [ 162.715196][ T5226] XFS (loop2): Unmount and run xfs_repair [ 162.720960][ T5226] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 162.785290][ T5226] 00000000: 58 41 46 4c 00 00 00 00 00 00 00 00 00 00 80 86 XAFL............ [ 162.820700][ T5226] 00000010: af d4 a8 f7 47 a7 4b ab 00 00 00 00 00 00 00 00 ....G.K......... [ 162.832785][ T6417] loop0: detected capacity change from 0 to 1764 [ 162.846036][ T5226] 00000020: 5e fe 9e 73 ff ff ff ff 00 00 02 0a 00 00 02 0b ^..s............ [ 162.874484][ T5226] 00000030: 00 00 02 0c 00 00 02 0d 00 00 02 0e 00 00 02 0f ................ [ 162.884088][ T6417] iso9660: Unknown parameter 'oession' [ 162.910917][ T5226] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 162.934915][ T5226] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 162.978336][ T5226] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 163.047844][ T5226] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 163.085457][ T6370] XFS (loop2): metadata I/O error in "xfs_alloc_read_agfl+0x273/0x4c0" at daddr 0x3 len 1 error 74 [ 163.112467][ T6423] loop0: detected capacity change from 0 to 512 [ 163.146044][ T6370] XFS (loop2): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x663/0xad0 (fs/xfs/xfs_trans_buf.c:296). Shutting down filesystem. [ 163.253431][ T6423] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.194: corrupted in-inode xattr: invalid ea_ino [ 163.292880][ T6370] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 163.395233][ T6423] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.194: couldn't read orphan inode 15 (err -117) [ 163.412216][ T6423] EXT4-fs (loop0): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 163.450562][ T6397] loop3: detected capacity change from 0 to 32768 [ 163.459860][ T5366] XFS (loop2): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 163.470352][ T6397] jfs: Unrecognized mount option "gid=0x0000000000000000" or missing value [ 163.837634][ T6084] EXT4-fs (loop0): unmounting filesystem 00000007-0000-0000-0000-000000000000. [ 164.041746][ T6438] mkiss: ax0: crc mode is auto. [ 164.163380][ T6438] loop0: detected capacity change from 0 to 2048 [ 165.398256][ T6438] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 165.546948][ T6452] loop3: detected capacity change from 0 to 4096 [ 165.600246][ T6452] NILFS (loop3): invalid segment: Checksum error in segment payload [ 165.632122][ T6452] NILFS (loop3): trying rollback from an earlier position [ 165.709649][ T6452] NILFS (loop3): recovery complete [ 165.726948][ T6084] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.741454][ T6460] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 165.824485][ T5238] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 166.094868][ T6452] loop3: detected capacity change from 4096 to 0 [ 166.267119][ C1] I/O error, dev loop3, sector 24 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 166.299219][ T6463] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0) [ 166.815262][ T5238] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 166.833156][ T5238] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 166.841387][ T5238] usb 3-1: Product: syz [ 166.845613][ T5238] usb 3-1: Manufacturer: syz [ 166.850208][ T5238] usb 3-1: SerialNumber: syz [ 166.857132][ T5238] usb 3-1: config 0 descriptor?? [ 166.895553][ T6460] segctord: attempt to access beyond end of device [ 166.895553][ T6460] loop3: rw=0, sector=24, nr_sectors = 2 limit=0 [ 166.944384][ T6460] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0) [ 166.973687][ T6460] segctord: attempt to access beyond end of device [ 166.973687][ T6460] loop3: rw=0, sector=24, nr_sectors = 2 limit=0 [ 167.026470][ T6460] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0) [ 167.074455][ T6460] segctord: attempt to access beyond end of device [ 167.074455][ T6460] loop3: rw=0, sector=24, nr_sectors = 2 limit=0 [ 167.129363][ T6460] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0) [ 167.159162][ T5225] syz-executor: attempt to access beyond end of device [ 167.159162][ T5225] loop3: rw=0, sector=24, nr_sectors = 2 limit=0 [ 167.174336][ T943] usb 1-1: new low-speed USB device number 3 using dummy_hcd [ 167.212312][ T5225] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0) [ 167.224326][ T5283] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 167.254982][ T5225] syz-executor: attempt to access beyond end of device [ 167.254982][ T5225] loop3: rw=0, sector=24, nr_sectors = 2 limit=0 [ 167.293340][ T46] usb 3-1: USB disconnect, device number 5 [ 167.467001][ T5225] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0) [ 167.488691][ T943] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 167.502655][ T5225] syz-executor: attempt to access beyond end of device [ 167.502655][ T5225] loop3: rw=0, sector=24, nr_sectors = 2 limit=0 [ 168.198815][ T943] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 168.231790][ T943] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 168.233308][ T5283] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 168.276206][ T5283] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 168.288131][ T943] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 168.303762][ T5283] usb 2-1: Product: syz [ 168.308499][ T5283] usb 2-1: Manufacturer: syz [ 168.320244][ T5225] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0) [ 168.331526][ T5283] usb 2-1: SerialNumber: syz [ 168.351561][ T5225] syz-executor: attempt to access beyond end of device [ 168.351561][ T5225] loop3: rw=0, sector=24, nr_sectors = 2 limit=0 [ 168.368574][ T5283] usb 2-1: config 0 descriptor?? [ 168.373236][ T943] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 168.398508][ T5225] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0) [ 168.427867][ T943] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 168.453075][ T5225] NILFS (loop3): disposed unprocessed dirty file(s) when stopping log writer [ 168.458322][ T943] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 168.501451][ T5225] syz-executor: attempt to access beyond end of device [ 168.501451][ T5225] loop3: rw=395265, sector=2, nr_sectors = 2 limit=0 [ 168.514613][ T6485] loop4: detected capacity change from 0 to 512 [ 168.549724][ T5225] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 168.570275][ T943] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 168.624232][ T5225] NILFS (loop3): unable to write superblock: err=-5 [ 168.641050][ T943] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 168.663057][ T5225] syz-executor: attempt to access beyond end of device [ 168.663057][ T5225] loop3: rw=395265, sector=4088, nr_sectors = 2 limit=0 [ 168.692277][ T6485] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.205: corrupted in-inode xattr: invalid ea_ino [ 168.827439][ T6485] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.205: couldn't read orphan inode 15 (err -117) [ 168.856458][ T6485] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 168.864501][ T943] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 168.872317][ T5225] Buffer I/O error on dev loop3, logical block 2044, lost sync page write [ 168.941150][ T5225] NILFS (loop3): unable to write superblock: err=-5 [ 168.955563][ T943] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 168.962997][ T943] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 169.025992][ T8] usb 2-1: USB disconnect, device number 6 [ 169.048035][ T943] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 169.107542][ T943] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 169.179941][ T943] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 169.226353][ T943] usb 1-1: string descriptor 0 read error: -22 [ 169.233709][ T943] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 169.261650][ T5922] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.280385][ T943] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 169.331306][ T6499] loop3: detected capacity change from 0 to 256 [ 169.382986][ T943] adutux 1-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 170.451377][ T5335] usb 1-1: USB disconnect, device number 3 [ 171.448029][ T6525] netlink: 'syz.3.211': attribute type 10 has an invalid length. [ 171.474323][ T6525] netlink: 156 bytes leftover after parsing attributes in process `syz.3.211'. [ 171.900973][ T6532] loop0: detected capacity change from 0 to 4096 [ 171.996739][ T6532] NILFS (loop0): invalid segment: Checksum error in segment payload [ 172.180111][ T6532] NILFS (loop0): trying rollback from an earlier position [ 172.667154][ T6532] NILFS (loop0): recovery complete [ 172.716373][ T6542] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 172.934328][ T6532] loop0: detected capacity change from 4096 to 0 [ 172.985428][ C1] I/O error, dev loop0, sector 24 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 173.014289][ T6544] NILFS (loop0): I/O error reading meta-data file (ino=3, block-offset=0) [ 173.131769][ T6542] segctord: attempt to access beyond end of device [ 173.131769][ T6542] loop0: rw=0, sector=24, nr_sectors = 2 limit=0 [ 173.173396][ T6542] NILFS (loop0): I/O error reading meta-data file (ino=3, block-offset=0) [ 173.209590][ T6542] segctord: attempt to access beyond end of device [ 173.209590][ T6542] loop0: rw=0, sector=24, nr_sectors = 2 limit=0 [ 173.238129][ T6542] NILFS (loop0): I/O error reading meta-data file (ino=3, block-offset=0) [ 173.257132][ T6542] segctord: attempt to access beyond end of device [ 173.257132][ T6542] loop0: rw=0, sector=24, nr_sectors = 2 limit=0 [ 173.290852][ T6542] NILFS (loop0): I/O error reading meta-data file (ino=3, block-offset=0) [ 173.494671][ T6084] syz-executor: attempt to access beyond end of device [ 173.494671][ T6084] loop0: rw=0, sector=24, nr_sectors = 2 limit=0 [ 173.529640][ T6084] NILFS (loop0): I/O error reading meta-data file (ino=3, block-offset=0) [ 173.539771][ T6084] syz-executor: attempt to access beyond end of device [ 173.539771][ T6084] loop0: rw=0, sector=24, nr_sectors = 2 limit=0 [ 173.553207][ T6084] NILFS (loop0): I/O error reading meta-data file (ino=3, block-offset=0) [ 173.562607][ T6084] syz-executor: attempt to access beyond end of device [ 173.562607][ T6084] loop0: rw=0, sector=24, nr_sectors = 2 limit=0 [ 173.575811][ T6084] NILFS (loop0): I/O error reading meta-data file (ino=3, block-offset=0) [ 173.584668][ T6084] syz-executor: attempt to access beyond end of device [ 173.584668][ T6084] loop0: rw=0, sector=24, nr_sectors = 2 limit=0 [ 173.600693][ T6084] NILFS (loop0): I/O error reading meta-data file (ino=3, block-offset=0) [ 174.373566][ T6084] NILFS (loop0): disposed unprocessed dirty file(s) when stopping log writer [ 174.450464][ T6084] syz-executor: attempt to access beyond end of device [ 174.450464][ T6084] loop0: rw=395265, sector=2, nr_sectors = 2 limit=0 [ 174.505385][ T6084] Buffer I/O error on dev loop0, logical block 1, lost sync page write [ 174.513758][ T6084] NILFS (loop0): unable to write superblock: err=-5 [ 174.531456][ T6084] syz-executor: attempt to access beyond end of device [ 174.531456][ T6084] loop0: rw=395265, sector=4088, nr_sectors = 2 limit=0 [ 174.570076][ T6084] Buffer I/O error on dev loop0, logical block 2044, lost sync page write [ 174.601641][ T6084] NILFS (loop0): unable to write superblock: err=-5 [ 174.876798][ T6562] mkiss: ax0: crc mode is auto. [ 174.934289][ T5283] usb 3-1: new low-speed USB device number 6 using dummy_hcd [ 175.007207][ T6562] loop0: detected capacity change from 0 to 2048 [ 175.056102][ T6565] loop4: detected capacity change from 0 to 256 [ 175.186451][ T5283] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 175.213100][ T5283] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 175.256411][ T6562] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 175.530075][ T5283] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 175.669914][ T5283] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 175.742630][ T5283] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 175.752756][ T5281] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 175.810931][ T5283] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 175.851084][ T5283] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 175.886814][ T5283] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 175.901237][ T6084] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 175.914299][ T5283] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 175.953087][ T5283] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 175.971486][ T5281] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 176.004640][ T5281] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.018903][ T5283] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 176.049522][ T5281] usb 2-1: Product: syz [ 176.057621][ T5283] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 176.080283][ T5281] usb 2-1: Manufacturer: syz [ 176.100683][ T5281] usb 2-1: SerialNumber: syz [ 176.106091][ T5283] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 176.127706][ T5281] usb 2-1: config 0 descriptor?? [ 176.146590][ T5283] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 176.172151][ T5283] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 176.196166][ T5283] usb 3-1: string descriptor 0 read error: -22 [ 176.208063][ T5283] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 176.219249][ T5283] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.237923][ T6577] netlink: 'syz.0.224': attribute type 10 has an invalid length. [ 176.249315][ T5283] adutux 3-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 176.294336][ T6577] netlink: 156 bytes leftover after parsing attributes in process `syz.0.224'. [ 176.354437][ T5335] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 176.521251][ T5283] usb 3-1: USB disconnect, device number 6 [ 176.561038][ T8] usb 2-1: USB disconnect, device number 7 [ 176.613498][ T5335] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 176.699468][ T5335] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.768163][ T5335] usb 5-1: Product: syz [ 176.784966][ T5335] usb 5-1: Manufacturer: syz [ 176.811873][ T5335] usb 5-1: SerialNumber: syz [ 177.003119][ T5335] usb 5-1: config 0 descriptor?? [ 178.870187][ T46] usb 5-1: USB disconnect, device number 3 [ 179.220200][ T6596] loop3: detected capacity change from 0 to 4096 [ 179.454112][ T6596] NILFS (loop3): invalid segment: Checksum error in segment payload [ 179.797755][ T6596] NILFS (loop3): trying rollback from an earlier position [ 180.226650][ T6596] NILFS (loop3): recovery complete [ 180.277609][ T6603] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 180.390827][ T6608] loop4: detected capacity change from 0 to 256 [ 181.208432][ C1] eth0: bad gso: type: 1, size: 1408 [ 181.355904][ T6621] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 181.366336][ T6596] loop3: detected capacity change from 4096 to 0 [ 181.404994][ T6620] netlink: 'syz.0.235': attribute type 10 has an invalid length. [ 181.417229][ C1] I/O error, dev loop3, sector 24 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 181.428629][ T6610] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0) [ 181.459478][ T6620] netlink: 156 bytes leftover after parsing attributes in process `syz.0.235'. [ 181.744719][ T6603] segctord: attempt to access beyond end of device [ 181.744719][ T6603] loop3: rw=0, sector=24, nr_sectors = 2 limit=0 [ 181.774520][ T6603] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0) [ 181.804607][ T6603] segctord: attempt to access beyond end of device [ 181.804607][ T6603] loop3: rw=0, sector=24, nr_sectors = 2 limit=0 [ 181.927670][ T6603] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0) [ 182.044584][ T6603] segctord: attempt to access beyond end of device [ 182.044584][ T6603] loop3: rw=0, sector=24, nr_sectors = 2 limit=0 [ 182.103160][ T6603] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0) [ 182.125332][ T5225] syz-executor: attempt to access beyond end of device [ 182.125332][ T5225] loop3: rw=0, sector=24, nr_sectors = 2 limit=0 [ 182.156228][ T5225] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0) [ 182.364848][ T5225] syz-executor: attempt to access beyond end of device [ 182.364848][ T5225] loop3: rw=0, sector=24, nr_sectors = 2 limit=0 [ 182.595201][ T5225] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0) [ 182.714435][ T5225] syz-executor: attempt to access beyond end of device [ 182.714435][ T5225] loop3: rw=0, sector=24, nr_sectors = 2 limit=0 [ 182.779058][ T5225] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0) [ 182.817914][ T5225] syz-executor: attempt to access beyond end of device [ 182.817914][ T5225] loop3: rw=0, sector=24, nr_sectors = 2 limit=0 [ 182.871712][ T5225] NILFS (loop3): I/O error reading meta-data file (ino=3, block-offset=0) [ 182.880766][ T5225] NILFS (loop3): disposed unprocessed dirty file(s) when stopping log writer [ 182.891076][ T5225] syz-executor: attempt to access beyond end of device [ 182.891076][ T5225] loop3: rw=395265, sector=2, nr_sectors = 2 limit=0 [ 182.905630][ T5225] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 182.914540][ T5225] NILFS (loop3): unable to write superblock: err=-5 [ 182.921188][ T5225] syz-executor: attempt to access beyond end of device [ 182.921188][ T5225] loop3: rw=395265, sector=4088, nr_sectors = 2 limit=0 [ 182.951826][ T5225] Buffer I/O error on dev loop3, logical block 2044, lost sync page write [ 182.964320][ T5225] NILFS (loop3): unable to write superblock: err=-5 [ 183.094316][ T6636] loop4: detected capacity change from 0 to 4096 [ 183.147099][ T6636] NILFS (loop4): invalid segment: Checksum error in segment payload [ 183.181315][ T6636] NILFS (loop4): trying rollback from an earlier position [ 183.229255][ T6636] NILFS (loop4): recovery complete [ 183.246325][ T6640] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 183.404357][ T46] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 183.608184][ T46] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 183.633539][ T46] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 183.657055][ T46] usb 4-1: Product: syz [ 183.661258][ T46] usb 4-1: Manufacturer: syz [ 183.694603][ T46] usb 4-1: SerialNumber: syz [ 183.716626][ T46] usb 4-1: config 0 descriptor?? [ 183.966216][ T5282] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 184.091837][ T5281] usb 4-1: USB disconnect, device number 6 [ 184.114586][ T46] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 184.175814][ T5282] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 184.209085][ T5282] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 184.251417][ T5282] usb 5-1: Product: syz [ 184.272092][ T5282] usb 5-1: Manufacturer: syz [ 184.277851][ T5282] usb 5-1: SerialNumber: syz [ 184.305699][ T5282] usb 5-1: config 0 descriptor?? [ 184.311531][ T6647] loop2: detected capacity change from 0 to 512 [ 184.337489][ T46] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 184.359672][ T46] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 184.383172][ T6647] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.244: corrupted in-inode xattr: invalid ea_ino [ 184.401727][ T46] usb 2-1: Product: syz [ 184.417442][ T6647] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.244: couldn't read orphan inode 15 (err -117) [ 184.437270][ T46] usb 2-1: Manufacturer: syz [ 184.463313][ T46] usb 2-1: SerialNumber: syz [ 184.491260][ T6647] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 184.510857][ T46] usb 2-1: config 0 descriptor?? [ 184.553506][ T6647] EXT4-fs error (device loop2): ext4_find_dest_de:2067: inode #2: block 13: comm syz.2.244: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 184.655336][ T6647] EXT4-fs error (device loop2): ext4_find_dest_de:2067: inode #2: block 13: comm syz.2.244: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 184.791483][ T46] usb 5-1: USB disconnect, device number 4 [ 184.907641][ T5366] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 184.960434][ T5281] usb 2-1: USB disconnect, device number 8 [ 186.400762][ T6651] loop0: detected capacity change from 0 to 32768 [ 186.438238][ T6651] XFS (loop0): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 186.518518][ T6651] XFS (loop0): Ending clean mount [ 186.539709][ T6651] XFS (loop0): Metadata CRC error detected at xfs_agfl_read_verify+0x160/0x230, xfs_agfl block 0x3 [ 186.553756][ T6651] XFS (loop0): Unmount and run xfs_repair [ 186.560199][ T6651] XFS (loop0): First 128 bytes of corrupted metadata buffer: [ 186.568013][ T6651] 00000000: 58 41 46 4c 00 00 00 00 00 00 00 00 00 00 80 86 XAFL............ [ 186.577862][ T6651] 00000010: af d4 a8 f7 47 a7 4b ab 00 00 00 00 00 00 00 00 ....G.K......... [ 186.591645][ T6651] 00000020: 5e fe 9e 73 ff ff ff ff 00 00 02 0a 00 00 02 0b ^..s............ [ 186.621011][ T6651] 00000030: 00 00 02 0c 00 00 02 0d 00 00 02 0e 00 00 02 0f ................ [ 186.655976][ T6651] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 186.693728][ T6651] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 186.716893][ T6671] loop3: detected capacity change from 0 to 1764 [ 186.737485][ T6651] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 186.754445][ T6651] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 186.763457][ T6651] XFS (loop0): metadata I/O error in "xfs_alloc_read_agfl+0x273/0x4c0" at daddr 0x3 len 1 error 74 [ 186.767482][ T29] audit: type=1804 audit(1722549137.497:10): pid=6673 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.245" name="/newroot/13/file0/bus" dev="loop0" ino=1065 res=1 errno=0 [ 186.782083][ T6651] XFS (loop0): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x663/0xad0 (fs/xfs/xfs_trans_buf.c:296). Shutting down filesystem. [ 186.825546][ T6671] iso9660: Unknown parameter 'oession' [ 186.836164][ T6651] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 186.983839][ T6676] loop3: detected capacity change from 0 to 512 [ 187.039801][ T6084] XFS (loop0): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 187.076216][ T6676] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.248: corrupted in-inode xattr: invalid ea_ino [ 187.105346][ T6676] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.248: couldn't read orphan inode 15 (err -117) [ 187.315079][ T6676] EXT4-fs (loop3): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 188.419949][ T6693] loop4: detected capacity change from 0 to 512 [ 188.489182][ T5225] EXT4-fs (loop3): unmounting filesystem 00000007-0000-0000-0000-000000000000. [ 188.509413][ T6693] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.256: corrupted in-inode xattr: invalid ea_ino [ 188.602151][ T6693] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.256: couldn't read orphan inode 15 (err -117) [ 188.659124][ T6693] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 188.696313][ T6693] EXT4-fs error (device loop4): ext4_find_dest_de:2067: inode #2: block 13: comm syz.4.256: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 188.719319][ T6693] EXT4-fs error (device loop4): ext4_find_dest_de:2067: inode #2: block 13: comm syz.4.256: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 188.839425][ T5922] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.744385][ T46] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 190.120413][ T46] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 190.138481][ T46] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 190.171980][ T46] usb 2-1: Product: syz [ 190.191343][ T46] usb 2-1: Manufacturer: syz [ 190.201484][ T46] usb 2-1: SerialNumber: syz [ 190.220732][ T46] usb 2-1: config 0 descriptor?? [ 190.444372][ T5281] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 190.449682][ T6699] loop3: detected capacity change from 0 to 32768 [ 190.557474][ T6699] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 190.584655][ T46] usb 2-1: USB disconnect, device number 9 [ 190.684210][ T5281] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 190.711133][ T5281] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 190.721013][ T5281] usb 5-1: Product: syz [ 190.729561][ T5281] usb 5-1: Manufacturer: syz [ 190.734455][ T5281] usb 5-1: SerialNumber: syz [ 190.750292][ T5281] usb 5-1: config 0 descriptor?? [ 190.888821][ T6699] XFS (loop3): Ending clean mount [ 190.910077][ T6699] XFS (loop3): Quotacheck needed: Please wait. [ 190.932213][ T6729] loop0: detected capacity change from 0 to 4096 [ 190.983820][ T6729] NILFS (loop0): invalid segment: Checksum error in segment payload [ 191.005769][ T6699] XFS (loop3): Quotacheck: Done. [ 191.023145][ T6729] NILFS (loop0): trying rollback from an earlier position [ 191.123220][ T6729] NILFS (loop0): recovery complete [ 191.144068][ T8] usb 5-1: USB disconnect, device number 5 [ 191.173901][ T6733] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 191.274285][ T5243] Bluetooth: hci0: command 0x0406 tx timeout [ 191.277123][ T5229] Bluetooth: hci1: command 0x0406 tx timeout [ 191.362202][ T5225] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 191.572103][ T6737] loop2: detected capacity change from 0 to 512 [ 191.696909][ T6737] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.268: corrupted in-inode xattr: invalid ea_ino [ 191.802868][ T6737] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.268: couldn't read orphan inode 15 (err -117) [ 191.821117][ T6737] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 191.869921][ T6737] EXT4-fs error (device loop2): ext4_find_dest_de:2067: inode #2: block 13: comm syz.2.268: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 191.898630][ T6737] EXT4-fs error (device loop2): ext4_find_dest_de:2067: inode #2: block 13: comm syz.2.268: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 191.993136][ T5366] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.034586][ T6743] loop3: detected capacity change from 0 to 1764 [ 192.054231][ T5281] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 192.098319][ T6743] iso9660: Unknown parameter 'oession' [ 192.262143][ T6747] loop3: detected capacity change from 0 to 512 [ 192.278106][ T5281] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 192.321452][ T5281] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 192.360436][ T6747] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.267: corrupted in-inode xattr: invalid ea_ino [ 192.390737][ T6747] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.267: couldn't read orphan inode 15 (err -117) [ 192.414707][ T5281] usb 1-1: Product: syz [ 192.427103][ C1] eth0: bad gso: type: 1, size: 1408 [ 192.432098][ T6747] EXT4-fs (loop3): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 192.450997][ T5281] usb 1-1: Manufacturer: syz [ 192.464893][ T5281] usb 1-1: SerialNumber: syz [ 192.481703][ T5281] usb 1-1: config 0 descriptor?? [ 193.647277][ T8] usb 1-1: USB disconnect, device number 4 [ 193.657388][ T5225] EXT4-fs (loop3): unmounting filesystem 00000007-0000-0000-0000-000000000000. [ 194.149545][ T6771] loop3: detected capacity change from 0 to 4096 [ 194.190074][ T6771] NILFS (loop3): invalid segment: Checksum error in segment payload [ 194.222246][ T6771] NILFS (loop3): trying rollback from an earlier position [ 194.274925][ T6771] NILFS (loop3): recovery complete [ 194.301455][ T6772] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 194.320088][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.335234][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.603687][ T6775] loop0: detected capacity change from 0 to 512 [ 194.657748][ T6763] loop4: detected capacity change from 0 to 32768 [ 194.666123][ T6763] jfs: Unrecognized mount option "gid=0x0000000000000000" or missing value [ 194.671996][ T6769] loop1: detected capacity change from 0 to 32768 [ 194.698955][ T6775] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.281: corrupted in-inode xattr: invalid ea_ino [ 194.724378][ T6775] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.281: couldn't read orphan inode 15 (err -117) [ 194.814560][ T6769] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 194.873938][ T6775] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 195.082036][ T6084] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 195.166065][ T6769] XFS (loop1): Ending clean mount [ 195.178853][ T6769] XFS (loop1): Quotacheck needed: Please wait. [ 195.428060][ T6769] XFS (loop1): Quotacheck: Done. [ 195.776598][ T6784] loop3: detected capacity change from 0 to 32768 [ 195.862895][ T6784] XFS (loop3): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 195.982713][ T5223] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 196.045358][ T6784] XFS (loop3): Ending clean mount [ 196.117340][ T5281] XFS (loop3): Metadata CRC error detected at xfs_agfl_read_verify+0x160/0x230, xfs_agfl block 0x3 [ 196.128601][ T46] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 196.143832][ T6803] loop4: detected capacity change from 0 to 1764 [ 196.154423][ T5281] XFS (loop3): Unmount and run xfs_repair [ 196.160736][ T5281] XFS (loop3): First 128 bytes of corrupted metadata buffer: [ 196.181846][ T5281] 00000000: 58 41 46 4c 00 00 00 00 00 00 00 00 00 00 80 86 XAFL............ [ 196.209681][ T6803] iso9660: Unknown parameter 'oession' [ 196.224484][ T5281] 00000010: af d4 a8 f7 47 a7 4b ab 00 00 00 00 00 00 00 00 ....G.K......... [ 196.261905][ T5281] 00000020: 5e fe 9e 73 ff ff ff ff 00 00 02 0a 00 00 02 0b ^..s............ [ 196.288003][ T5281] 00000030: 00 00 02 0c 00 00 02 0d 00 00 02 0e 00 00 02 0f ................ [ 196.314291][ T5281] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 196.343644][ T5281] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 196.390912][ T46] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 196.403720][ T5281] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 196.418165][ T46] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 196.432694][ T6805] loop4: detected capacity change from 0 to 512 [ 196.449199][ T5281] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 196.465830][ T46] usb 1-1: Product: syz [ 196.478949][ T46] usb 1-1: Manufacturer: syz [ 196.488439][ T6784] XFS (loop3): metadata I/O error in "xfs_alloc_read_agfl+0x273/0x4c0" at daddr 0x3 len 1 error 74 [ 196.504027][ T46] usb 1-1: SerialNumber: syz [ 196.527966][ T6784] XFS (loop3): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x663/0xad0 (fs/xfs/xfs_trans_buf.c:296). Shutting down filesystem. [ 196.547149][ T46] usb 1-1: config 0 descriptor?? [ 196.560699][ T6805] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.286: corrupted in-inode xattr: invalid ea_ino [ 196.574603][ T6784] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 196.635325][ T6805] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.286: couldn't read orphan inode 15 (err -117) [ 196.667550][ T6805] EXT4-fs (loop4): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 196.921160][ T5225] XFS (loop3): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 197.732444][ T8] usb 1-1: USB disconnect, device number 5 [ 197.938112][ T5922] EXT4-fs (loop4): unmounting filesystem 00000007-0000-0000-0000-000000000000. [ 198.359088][ T6830] loop3: detected capacity change from 0 to 512 [ 198.388630][ T6830] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.294: corrupted in-inode xattr: invalid ea_ino [ 198.419191][ T6830] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.294: couldn't read orphan inode 15 (err -117) [ 198.461151][ T6830] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 198.504313][ T8] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 198.528810][ T5225] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 198.594291][ T5281] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 198.859566][ T8] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 198.869240][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 198.890309][ T8] usb 2-1: Product: syz [ 198.904626][ T8] usb 2-1: Manufacturer: syz [ 198.917342][ T8] usb 2-1: SerialNumber: syz [ 198.943161][ T8] usb 2-1: config 0 descriptor?? [ 198.957352][ T5281] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 198.996168][ T5281] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18 [ 199.015674][ T5281] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 199.031478][ T5281] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 199.049376][ T5281] usb 3-1: SerialNumber: syz [ 199.066847][ T5281] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22 [ 199.268342][ T8] usb 2-1: USB disconnect, device number 10 [ 199.402447][ T6828] loop2: detected capacity change from 0 to 1764 [ 199.447680][ T6828] iso9660: Bad value for 'gid' [ 199.474417][ T6828] iso9660: Bad value for 'gid' [ 199.747514][ T8] usb 3-1: USB disconnect, device number 7 [ 200.305175][ T6839] loop0: detected capacity change from 0 to 32768 [ 200.335456][ T6839] jfs: Unrecognized mount option "gid=0x0000000000000000" or missing value [ 200.561226][ T6847] overlayfs: failed to resolve './file0': -2 [ 203.652658][ T6855] loop0: detected capacity change from 0 to 1764 [ 203.690094][ T6855] iso9660: Unknown parameter 'oession' [ 204.104949][ T46] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 204.394303][ T46] usb 4-1: Using ep0 maxpacket: 16 [ 204.460762][ T46] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 204.482612][ T46] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 204.523318][ T46] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 204.544314][ T46] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 204.567018][ T46] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 204.590524][ T46] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 204.617091][ T6869] loop0: detected capacity change from 0 to 512 [ 204.636535][ T46] usb 4-1: New USB device found, idVendor=0525, idProduct=9ea1, bcdDevice= 0.40 [ 204.659264][ T46] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 204.692579][ T46] usb 4-1: Product: syz [ 204.698693][ T46] usb 4-1: Manufacturer: syz [ 204.705953][ T6869] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.301: corrupted in-inode xattr: invalid ea_ino [ 204.734662][ T46] usb 4-1: SerialNumber: syz [ 204.764190][ T6869] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.301: couldn't read orphan inode 15 (err -117) [ 204.828025][ T6869] EXT4-fs (loop0): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 204.830435][ T6873] loop2: detected capacity change from 0 to 512 [ 204.885596][ T6873] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.306: corrupted in-inode xattr: invalid ea_ino [ 204.940764][ T6873] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.306: couldn't read orphan inode 15 (err -117) [ 204.989123][ T6873] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 205.129375][ T6084] EXT4-fs (loop0): unmounting filesystem 00000007-0000-0000-0000-000000000000. [ 205.140730][ T5366] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 205.353689][ T6878] loop0: detected capacity change from 0 to 47 [ 205.436368][ T29] audit: type=1800 audit(1722549156.197:11): pid=6878 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.307" name="bus" dev="loop0" ino=8 res=0 errno=0 [ 205.471413][ T6878] minix_free_block (loop0:20): bit already cleared [ 205.493081][ T6878] minix_free_block (loop0:21): bit already cleared [ 205.508332][ T6878] minix_free_block (loop0:19): bit already cleared [ 205.585334][ T6866] loop1: detected capacity change from 0 to 32768 [ 205.596545][ T6084] MINIX-fs: deleted inode referenced: 9 [ 205.611753][ T6084] MINIX-fs: deleted inode referenced: 9 [ 205.643149][ T6084] MINIX-fs: deleted inode referenced: 9 [ 205.657215][ T6866] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 205.676284][ T6084] MINIX-fs: deleted inode referenced: 9 [ 205.893648][ T6889] overlayfs: failed to resolve './file0': -2 [ 206.128548][ T6866] XFS (loop1): Ending clean mount [ 206.160273][ T6866] XFS (loop1): Quotacheck needed: Please wait. [ 206.314120][ T6866] XFS (loop1): Quotacheck: Done. [ 206.595404][ T46] cdc_ncm 4-1:1.0: bind() failure [ 207.337915][ T52] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.856850][ T46] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 208.863697][ T46] cdc_ncm 4-1:1.1: bind() failure [ 208.894341][ T46] usb 4-1: USB disconnect, device number 7 [ 208.941583][ T5223] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 209.126776][ T52] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.308060][ T52] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 210.420582][ T52] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 210.547267][ T6901] loop3: detected capacity change from 0 to 1764 [ 210.596641][ T6901] iso9660: Unknown parameter 'oession' [ 210.646680][ T6907] loop4: detected capacity change from 0 to 47 [ 210.676055][ T6893] loop2: detected capacity change from 0 to 32768 [ 210.750598][ T6893] XFS (loop2): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 210.773874][ T6913] loop3: detected capacity change from 0 to 512 [ 210.830494][ T6907] minix_free_block (loop4:20): bit already cleared [ 210.831014][ T29] audit: type=1800 audit(1722549161.577:12): pid=6907 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.319" name="bus" dev="loop4" ino=8 res=0 errno=0 [ 210.889340][ T6907] minix_free_block (loop4:21): bit already cleared [ 210.896117][ T6907] minix_free_block (loop4:19): bit already cleared [ 210.958347][ T5922] MINIX-fs: deleted inode referenced: 9 [ 210.971513][ T5922] MINIX-fs: deleted inode referenced: 9 [ 210.985179][ T5922] MINIX-fs: deleted inode referenced: 9 [ 210.999697][ T5922] MINIX-fs: deleted inode referenced: 9 [ 211.012209][ T6913] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.317: corrupted in-inode xattr: invalid ea_ino [ 211.035630][ T6913] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.317: couldn't read orphan inode 15 (err -117) [ 211.075701][ T6913] EXT4-fs (loop3): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 211.076122][ T52] bridge_slave_1: left allmulticast mode [ 211.124544][ T52] bridge_slave_1: left promiscuous mode [ 211.142152][ T6893] XFS (loop2): Ending clean mount [ 211.144733][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.217884][ T5238] XFS (loop2): Metadata CRC error detected at xfs_agfl_read_verify+0x160/0x230, xfs_agfl block 0x3 [ 211.248793][ T52] bridge_slave_0: left allmulticast mode [ 211.278531][ T5238] XFS (loop2): Unmount and run xfs_repair [ 211.288961][ T52] bridge_slave_0: left promiscuous mode [ 211.308113][ T5238] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 211.319576][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.350365][ T5238] 00000000: 58 41 46 4c 00 00 00 00 00 00 00 00 00 00 80 86 XAFL............ [ 211.393591][ T5238] 00000010: af d4 a8 f7 47 a7 4b ab 00 00 00 00 00 00 00 00 ....G.K......... [ 211.418024][ T5235] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 211.426956][ T5238] 00000020: 5e fe 9e 73 ff ff ff ff 00 00 02 0a 00 00 02 0b ^..s............ [ 211.436350][ T5235] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 211.455050][ T5235] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 211.469500][ T5235] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 211.477527][ T5235] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 211.484904][ T5235] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 211.509993][ T5238] 00000030: 00 00 02 0c 00 00 02 0d 00 00 02 0e 00 00 02 0f ................ [ 211.543157][ T5225] EXT4-fs (loop3): unmounting filesystem 00000007-0000-0000-0000-000000000000. [ 211.552467][ T5238] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 211.602357][ T5238] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 211.627140][ T5238] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 211.644279][ T5238] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 211.654229][ T6893] XFS (loop2): metadata I/O error in "xfs_alloc_read_agfl+0x273/0x4c0" at daddr 0x3 len 1 error 74 [ 211.723553][ T6893] XFS (loop2): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x663/0xad0 (fs/xfs/xfs_trans_buf.c:296). Shutting down filesystem. [ 211.763815][ T6893] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 211.786242][ T29] audit: type=1804 audit(1722549162.547:13): pid=6934 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.314" name="/newroot/54/file0/bus" dev="loop2" ino=1065 res=1 errno=0 [ 212.305621][ T6595] XFS (loop2): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 212.466795][ T6940] loop3: detected capacity change from 0 to 32768 [ 212.475658][ T6940] jfs: Unrecognized mount option "gid=0x0000000000000000" or missing value [ 212.597928][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 212.626026][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 212.649890][ T52] bond0 (unregistering): Released all slaves [ 213.532201][ T5235] Bluetooth: hci2: command tx timeout [ 213.782801][ T52] hsr_slave_0: left promiscuous mode [ 213.831427][ T52] hsr_slave_1: left promiscuous mode [ 213.853322][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 213.879263][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 213.916207][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 213.923632][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 214.044081][ T52] veth1_macvtap: left promiscuous mode [ 214.074844][ T52] veth0_macvtap: left promiscuous mode [ 214.080543][ T52] veth1_vlan: left promiscuous mode [ 214.124569][ T52] veth0_vlan: left promiscuous mode [ 214.793961][ T5235] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 214.818038][ T5235] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 214.916917][ T5235] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 214.927924][ T5235] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 214.935668][ T5235] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 214.943383][ T5235] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 215.339926][ T6978] netlink: 44 bytes leftover after parsing attributes in process `syz.3.330'. [ 215.491920][ T5240] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 215.497053][ T6982] loop3: detected capacity change from 0 to 47 [ 215.506686][ T5240] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 215.514585][ T5240] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 215.524375][ T5240] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 215.544495][ T5240] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 215.554780][ T5240] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 215.604517][ T5235] Bluetooth: hci2: command tx timeout [ 215.610063][ T29] audit: type=1800 audit(1722549166.367:14): pid=6982 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.331" name="bus" dev="loop3" ino=8 res=0 errno=0 [ 215.616262][ T6982] minix_free_block (loop3:20): bit already cleared [ 215.654573][ T6982] minix_free_block (loop3:21): bit already cleared [ 215.664534][ T6982] minix_free_block (loop3:19): bit already cleared [ 215.730717][ T5225] MINIX-fs: deleted inode referenced: 9 [ 215.739631][ T5225] MINIX-fs: deleted inode referenced: 9 [ 215.745766][ T5225] MINIX-fs: deleted inode referenced: 9 [ 215.751509][ T5225] MINIX-fs: deleted inode referenced: 9 [ 215.856744][ T6986] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 216.396436][ T52] team0 (unregistering): Port device team_slave_1 removed [ 216.527452][ T52] team0 (unregistering): Port device team_slave_0 removed [ 217.054877][ T5235] Bluetooth: hci3: command tx timeout [ 217.594280][ T5235] Bluetooth: hci4: command tx timeout [ 217.674240][ T5235] Bluetooth: hci2: command tx timeout [ 218.738182][ T6925] chnl_net:caif_netlink_parms(): no params data found [ 218.969021][ T6979] chnl_net:caif_netlink_parms(): no params data found [ 219.119565][ T5235] Bluetooth: hci3: command tx timeout [ 219.321319][ T5240] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 219.333473][ T5240] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 219.349092][ T5240] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 219.359142][ T5240] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 219.367944][ T5240] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 219.377621][ T5240] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 219.568636][ T6972] chnl_net:caif_netlink_parms(): no params data found [ 219.674223][ T5240] Bluetooth: hci4: command tx timeout [ 219.676404][ T52] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 219.765768][ T5240] Bluetooth: hci2: command tx timeout [ 219.905888][ T6925] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.924356][ T6925] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.931598][ T6925] bridge_slave_0: entered allmulticast mode [ 219.950398][ T6925] bridge_slave_0: entered promiscuous mode [ 219.960531][ T6925] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.975610][ T6925] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.982795][ T6925] bridge_slave_1: entered allmulticast mode [ 219.996414][ T6925] bridge_slave_1: entered promiscuous mode [ 220.037618][ T52] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.106821][ T6979] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.114562][ T6979] bridge0: port 1(bridge_slave_0) entered disabled state [ 220.121754][ T6979] bridge_slave_0: entered allmulticast mode [ 220.137391][ T6979] bridge_slave_0: entered promiscuous mode [ 220.271489][ T7034] netlink: 44 bytes leftover after parsing attributes in process `syz.1.340'. [ 220.296333][ T52] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.311739][ T6979] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.319345][ T6979] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.327735][ T6979] bridge_slave_1: entered allmulticast mode [ 220.336551][ T6979] bridge_slave_1: entered promiscuous mode [ 220.354103][ T6925] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 220.471384][ T52] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.495066][ T6925] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 220.549590][ T6972] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.567106][ T6972] bridge0: port 1(bridge_slave_0) entered disabled state [ 220.583921][ T6972] bridge_slave_0: entered allmulticast mode [ 220.591893][ T6972] bridge_slave_0: entered promiscuous mode [ 220.608670][ T6972] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.620760][ T6972] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.631222][ T6972] bridge_slave_1: entered allmulticast mode [ 220.652959][ T6972] bridge_slave_1: entered promiscuous mode [ 220.699847][ T6925] team0: Port device team_slave_0 added [ 220.756681][ T6979] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 220.778346][ T6979] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 220.789872][ T6925] team0: Port device team_slave_1 added [ 220.819068][ T6972] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 220.905043][ T6925] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 220.912126][ T6925] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 220.966262][ T6925] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 220.980444][ T6925] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 220.994186][ T6925] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.020566][ T6925] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 221.035597][ T6972] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 221.070238][ T6979] team0: Port device team_slave_0 added [ 221.149507][ T6979] team0: Port device team_slave_1 added [ 221.173045][ T6925] hsr_slave_0: entered promiscuous mode [ 221.182126][ T6925] hsr_slave_1: entered promiscuous mode [ 221.188835][ T6925] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 221.196778][ T5240] Bluetooth: hci3: command tx timeout [ 221.203620][ T6925] Cannot create hsr debugfs directory [ 221.230019][ T6972] team0: Port device team_slave_0 added [ 221.242362][ T6972] team0: Port device team_slave_1 added [ 221.434606][ T5240] Bluetooth: hci1: command tx timeout [ 221.543957][ T6972] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 221.563802][ T6972] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.642295][ T6972] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 221.754642][ T5240] Bluetooth: hci4: command tx timeout [ 221.764745][ T6972] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 221.785747][ T6972] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.852890][ T6972] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 221.894748][ T52] bridge_slave_1: left allmulticast mode [ 221.900510][ T52] bridge_slave_1: left promiscuous mode [ 221.909277][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 221.921765][ T52] bridge_slave_0: left allmulticast mode [ 221.927913][ T52] bridge_slave_0: left promiscuous mode [ 221.933678][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 222.095033][ T5283] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 222.240940][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 222.256681][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 222.271658][ T52] bond0 (unregistering): Released all slaves [ 222.295752][ T6979] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 222.302725][ T6979] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 222.329707][ T6979] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 222.331890][ T5283] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 222.357534][ T7016] chnl_net:caif_netlink_parms(): no params data found [ 222.364918][ T5283] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18 [ 222.393947][ T5283] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 222.404523][ T5283] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 222.412666][ T5283] usb 2-1: SerialNumber: syz [ 222.442504][ T5283] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22 [ 222.475120][ T6979] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 222.484588][ T6979] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 222.510793][ T6979] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 222.681469][ T6972] hsr_slave_0: entered promiscuous mode [ 222.696120][ T7056] loop1: detected capacity change from 0 to 1764 [ 222.702832][ T6972] hsr_slave_1: entered promiscuous mode [ 222.703287][ T7056] iso9660: Bad value for 'gid' [ 222.723624][ T6972] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 222.724177][ T7056] iso9660: Bad value for 'gid' [ 222.731836][ T6972] Cannot create hsr debugfs directory [ 222.799915][ T6979] hsr_slave_0: entered promiscuous mode [ 222.811084][ T6979] hsr_slave_1: entered promiscuous mode [ 222.818072][ T6979] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 222.826090][ T6979] Cannot create hsr debugfs directory [ 222.932555][ T5335] usb 2-1: USB disconnect, device number 11 [ 223.050599][ T52] hsr_slave_0: left promiscuous mode [ 223.058402][ T52] hsr_slave_1: left promiscuous mode [ 223.064932][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 223.072360][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 223.080765][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 223.088236][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 223.110688][ T52] veth1_macvtap: left promiscuous mode [ 223.116509][ T52] veth0_macvtap: left promiscuous mode [ 223.122146][ T52] veth1_vlan: left promiscuous mode [ 223.127633][ T52] veth0_vlan: left promiscuous mode [ 223.276751][ T5240] Bluetooth: hci3: command tx timeout [ 223.461142][ C1] eth0: bad gso: type: 1, size: 1408 [ 223.514486][ T5240] Bluetooth: hci1: command tx timeout [ 223.632381][ T7066] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 223.662576][ T52] team0 (unregistering): Port device team_slave_1 removed [ 223.844331][ T5240] Bluetooth: hci4: command tx timeout [ 224.121150][ T52] team0 (unregistering): Port device team_slave_0 removed [ 225.281092][ T7016] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.289237][ T7016] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.297204][ T7016] bridge_slave_0: entered allmulticast mode [ 225.307542][ T7016] bridge_slave_0: entered promiscuous mode [ 225.352865][ T7016] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.362910][ T7016] bridge0: port 2(bridge_slave_1) entered disabled state [ 225.370586][ T7016] bridge_slave_1: entered allmulticast mode [ 225.378288][ T7016] bridge_slave_1: entered promiscuous mode [ 225.595874][ T5240] Bluetooth: hci1: command tx timeout [ 225.617887][ T7016] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 225.671185][ T7016] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 225.825083][ T7082] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 226.963206][ T7016] team0: Port device team_slave_0 added [ 227.252625][ T7016] team0: Port device team_slave_1 added [ 227.452518][ T7016] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 227.459736][ T7016] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 227.489248][ T7016] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 227.506660][ T7016] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 227.513615][ T7016] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 227.540053][ T7016] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 227.604446][ T7016] hsr_slave_0: entered promiscuous mode [ 227.611575][ T7016] hsr_slave_1: entered promiscuous mode [ 227.624285][ T7016] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 227.631924][ T7016] Cannot create hsr debugfs directory [ 227.674400][ T5240] Bluetooth: hci1: command tx timeout [ 227.721449][ T6925] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 227.732900][ T6925] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 227.773760][ T6925] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 227.800838][ T6925] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 227.990294][ T6925] 8021q: adding VLAN 0 to HW filter on device bond0 [ 228.042407][ T6925] 8021q: adding VLAN 0 to HW filter on device team0 [ 228.137500][ T5238] bridge0: port 1(bridge_slave_0) entered blocking state [ 228.144705][ T5238] bridge0: port 1(bridge_slave_0) entered forwarding state [ 228.187635][ T5238] bridge0: port 2(bridge_slave_1) entered blocking state [ 228.194849][ T5238] bridge0: port 2(bridge_slave_1) entered forwarding state [ 228.333944][ T6979] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.384108][ T6972] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 228.408627][ T6925] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 228.437748][ T6972] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 228.459976][ T6972] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 228.541174][ T6979] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.594206][ T6972] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 228.738270][ T6979] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.900765][ T6979] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.032305][ T6925] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 229.148187][ T6972] 8021q: adding VLAN 0 to HW filter on device bond0 [ 229.233865][ T6972] 8021q: adding VLAN 0 to HW filter on device team0 [ 229.245264][ T6979] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 229.257874][ T6979] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 229.349257][ T7016] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.389461][ T6925] veth0_vlan: entered promiscuous mode [ 229.415623][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.422768][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 229.445975][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.453147][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 229.481293][ T6979] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 229.496590][ T6979] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 229.522801][ T6925] veth1_vlan: entered promiscuous mode [ 229.617300][ T7016] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.763001][ T7016] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.880281][ T6925] veth0_macvtap: entered promiscuous mode [ 229.951538][ T7016] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.989624][ T6925] veth1_macvtap: entered promiscuous mode [ 230.112968][ T6925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 230.134371][ T6925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.167099][ T6925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 230.178203][ T6925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.194663][ T6925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 230.213849][ T6925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.236256][ T6925] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 230.299483][ T6979] 8021q: adding VLAN 0 to HW filter on device bond0 [ 230.318139][ T6925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 230.344532][ T6925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.364244][ T6925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 230.396597][ T6925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.430465][ T6925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 230.454183][ T6925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.487535][ T6925] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 230.542718][ T6925] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 230.564512][ T6925] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 230.584609][ T6925] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 230.593333][ T6925] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 230.676409][ T6979] 8021q: adding VLAN 0 to HW filter on device team0 [ 230.702820][ T7016] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 230.812358][ T7016] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 230.840183][ T5238] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.847411][ T5238] bridge0: port 1(bridge_slave_0) entered forwarding state [ 230.891455][ T7016] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 230.918839][ T7016] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 230.961253][ T5238] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.968483][ T5238] bridge0: port 2(bridge_slave_1) entered forwarding state [ 230.997469][ T6972] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 231.111996][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 231.142774][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 231.333636][ T6979] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 231.430906][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 231.459792][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 231.591127][ T7016] 8021q: adding VLAN 0 to HW filter on device bond0 [ 231.793492][ T7167] loop0: detected capacity change from 0 to 256 [ 231.840089][ T7016] 8021q: adding VLAN 0 to HW filter on device team0 [ 231.907370][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.914571][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 231.969586][ T6972] veth0_vlan: entered promiscuous mode [ 231.991488][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.998728][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 232.062679][ T6972] veth1_vlan: entered promiscuous mode [ 232.195133][ T6979] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 232.321022][ T6972] veth0_macvtap: entered promiscuous mode [ 232.367187][ T6972] veth1_macvtap: entered promiscuous mode [ 232.476903][ T6979] veth0_vlan: entered promiscuous mode [ 232.521365][ T6979] veth1_vlan: entered promiscuous mode [ 232.577037][ T6972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 232.624788][ T6972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.644219][ T6972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 232.666598][ T6972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.693214][ T6972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 232.704305][ T7188] fuseblk: Unknown parameter 'use00000000000000000000' [ 232.726246][ T6972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.754222][ T6972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 232.781648][ T6972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.817173][ T6972] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 232.882679][ T6972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 232.914186][ T6972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.942898][ T6972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 232.977959][ T6972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.014201][ T6972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 233.054381][ T6972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.084185][ T6972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 233.121762][ T6972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.147126][ T6972] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 233.210946][ T6972] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.230159][ T6972] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.248731][ T6972] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.279553][ T6972] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.314075][ T6979] veth0_macvtap: entered promiscuous mode [ 233.403819][ T6979] veth1_macvtap: entered promiscuous mode [ 233.431071][ T7016] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 233.465895][ T7179] loop1: detected capacity change from 0 to 32768 [ 233.549487][ T7179] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 233.566862][ T6979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 233.603797][ T6979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.614063][ T6979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 233.626384][ T6979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.632536][ T7179] XFS (loop1): Ending clean mount [ 233.636727][ T6979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 233.653297][ T6979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.672288][ T6979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 233.676996][ T5282] XFS (loop1): Metadata CRC error detected at xfs_agfl_read_verify+0x160/0x230, xfs_agfl block 0x3 [ 233.698245][ T6979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.712654][ T6979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 233.726639][ T5282] XFS (loop1): Unmount and run xfs_repair [ 233.734256][ T5282] XFS (loop1): First 128 bytes of corrupted metadata buffer: [ 233.740648][ T6979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.755134][ T6979] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 233.770355][ T5282] 00000000: 58 41 46 4c 00 00 00 00 00 00 00 00 00 00 80 86 XAFL............ [ 233.772779][ T6979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 233.792384][ T6979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.802645][ T6979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 233.807554][ T5282] 00000010: af d4 a8 f7 47 a7 4b ab 00 00 00 00 00 00 00 00 ....G.K......... [ 233.822011][ T6979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.822033][ T6979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 233.822051][ T6979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.822069][ T6979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 233.822084][ T6979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.822097][ T6979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 233.822111][ T6979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.823810][ T6979] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 233.859465][ T5282] 00000020: 5e fe 9e 73 ff ff ff ff 00 00 02 0a 00 00 02 0b ^..s............ [ 233.965838][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 234.003825][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 234.043160][ T5282] 00000030: 00 00 02 0c 00 00 02 0d 00 00 02 0e 00 00 02 0f ................ [ 234.043954][ T6979] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.074053][ T5282] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 234.092144][ T6979] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.101259][ T5282] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 234.110382][ T6979] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.119537][ T5282] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 234.128573][ T6979] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.137741][ T5282] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 234.291535][ T7179] XFS (loop1): metadata I/O error in "xfs_alloc_read_agfl+0x273/0x4c0" at daddr 0x3 len 1 error 74 [ 234.321581][ T7179] XFS (loop1): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x663/0xad0 (fs/xfs/xfs_trans_buf.c:296). Shutting down filesystem. [ 234.337008][ T7179] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 234.383540][ T7016] veth0_vlan: entered promiscuous mode [ 234.406380][ C1] eth0: bad gso: type: 1, size: 1408 [ 234.432917][ T5223] XFS (loop1): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 234.477795][ T992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 234.506687][ T7016] veth1_vlan: entered promiscuous mode [ 234.514279][ T992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 234.734513][ T1307] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 234.787282][ T1307] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 234.851879][ T7016] veth0_macvtap: entered promiscuous mode [ 234.915015][ T7016] veth1_macvtap: entered promiscuous mode [ 235.027068][ T7016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.053193][ T7016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.104270][ T7016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.150618][ T7250] netlink: 'syz.1.355': attribute type 10 has an invalid length. [ 235.155338][ T7016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.178966][ T7250] netlink: 132 bytes leftover after parsing attributes in process `syz.1.355'. [ 235.193220][ T7016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.217993][ T7016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.228396][ T7016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.257201][ T7016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.286065][ T7016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.324421][ T7016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.351835][ T7016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.383980][ T7016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.412421][ T7016] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 235.433062][ T7016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 235.451657][ T1307] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 235.459738][ T7016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.471510][ T1307] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 235.475099][ T7258] loop1: detected capacity change from 0 to 256 [ 235.480123][ T7016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 235.500975][ T7016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.513964][ T7016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 235.533461][ T7016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.553032][ T7016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 235.596562][ T7016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.627904][ T7016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 235.663142][ T7016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.696634][ T7016] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 235.711900][ T7016] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.734025][ T7016] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 235.794460][ T7016] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 235.825225][ T7016] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 235.853713][ T7016] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 235.866518][ T7016] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.110939][ T1307] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 236.139947][ T1307] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 236.280993][ T992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 236.302851][ T992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 236.442093][ T7265] fuseblk: Unknown parameter 'use00000000000000000000' [ 237.861989][ T7288] fuseblk: Unknown parameter 'user_id00000000000000000000' [ 238.274814][ T7294] netlink: 'syz.3.366': attribute type 10 has an invalid length. [ 238.326989][ T7294] netlink: 132 bytes leftover after parsing attributes in process `syz.3.366'. [ 238.993429][ T7284] loop1: detected capacity change from 0 to 32768 [ 239.189861][ T7284] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 239.314878][ T7310] loop4: detected capacity change from 0 to 256 [ 239.512606][ T7284] XFS (loop1): Ending clean mount [ 239.543744][ T5238] XFS (loop1): Metadata CRC error detected at xfs_agfl_read_verify+0x160/0x230, xfs_agfl block 0x3 [ 239.555988][ T5238] XFS (loop1): Unmount and run xfs_repair [ 239.561842][ T5238] XFS (loop1): First 128 bytes of corrupted metadata buffer: [ 239.570420][ T5238] 00000000: 58 41 46 4c 00 00 00 00 00 00 00 00 00 00 80 86 XAFL............ [ 239.581233][ T5238] 00000010: af d4 a8 f7 47 a7 4b ab 00 00 00 00 00 00 00 00 ....G.K......... [ 239.606477][ T5238] 00000020: 5e fe 9e 73 ff ff ff ff 00 00 02 0a 00 00 02 0b ^..s............ [ 239.630626][ T5238] 00000030: 00 00 02 0c 00 00 02 0d 00 00 02 0e 00 00 02 0f ................ [ 239.659861][ T5238] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 239.686187][ T5238] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 239.710109][ T5238] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 239.731608][ T5238] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 239.775599][ T7284] XFS (loop1): metadata I/O error in "xfs_alloc_read_agfl+0x273/0x4c0" at daddr 0x3 len 1 error 74 [ 239.840137][ T7284] XFS (loop1): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x663/0xad0 (fs/xfs/xfs_trans_buf.c:296). Shutting down filesystem. [ 240.099049][ T7284] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 241.062981][ T35] bridge_slave_1: left allmulticast mode [ 241.070294][ T5223] XFS (loop1): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 241.079935][ T35] bridge_slave_1: left promiscuous mode [ 241.114826][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.283582][ T35] bridge_slave_0: left allmulticast mode [ 241.440991][ T35] bridge_slave_0: left promiscuous mode [ 241.645428][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 242.135179][ T7341] netlink: 'syz.2.378': attribute type 10 has an invalid length. [ 242.174538][ T7341] netlink: 132 bytes leftover after parsing attributes in process `syz.2.378'. [ 243.285233][ T7358] loop3: detected capacity change from 0 to 256 [ 243.478683][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 243.551481][ T7364] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 243.702656][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 245.144718][ T35] bond0 (unregistering): Released all slaves [ 245.214915][ C1] eth0: bad gso: type: 1, size: 1408 [ 246.234229][ T35] hsr_slave_0: left promiscuous mode [ 246.271212][ T35] hsr_slave_1: left promiscuous mode [ 246.312614][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 246.353239][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 246.381144][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 246.403585][ T7388] fuseblk: Bad value for 'fd' [ 246.408397][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 246.514340][ T35] veth1_macvtap: left promiscuous mode [ 246.535161][ T35] veth0_macvtap: left promiscuous mode [ 246.563644][ T35] veth1_vlan: left promiscuous mode [ 246.582644][ T35] veth0_vlan: left promiscuous mode [ 247.461960][ T7403] loop3: detected capacity change from 0 to 2048 [ 247.594125][ T7403] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 247.862772][ T7390] loop4: detected capacity change from 0 to 32768 [ 247.935418][ T7390] jfs: Unrecognized mount option "gid=0x0000000000000000" or missing value [ 248.119018][ T7418] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 248.184531][ T7399] Falling back ldisc for ptm0. [ 249.152844][ C1] eth0: bad gso: type: 1, size: 1408 [ 249.387546][ T7408] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 249.815720][ T7016] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 249.916603][ T7428] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 251.274562][ C0] DEBUG: holding rtnl_mutex for 520 jiffies. [ 251.281129][ C0] task:kworker/u8:2 state:R running task stack:19856 pid:35 tgid:35 ppid:2 flags:0x00004000 [ 251.292996][ C0] Workqueue: netns cleanup_net [ 251.297847][ C0] Call Trace: [ 251.301147][ C0] [ 251.304106][ C0] __schedule+0x1800/0x4a60 [ 251.308722][ C0] ? __pfx___schedule+0x10/0x10 [ 251.313616][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 251.318906][ C0] ? mark_lock+0x9a/0x360 [ 251.323300][ C0] preempt_schedule_irq+0xfb/0x1c0 [ 251.328473][ C0] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 251.334267][ C0] irqentry_exit+0x5e/0x90 [ 251.338722][ C0] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 251.344254][ C0] RIP: 0010:synchronize_rcu+0x0/0x360 [ 251.349652][ C0] Code: e1 07 80 c1 03 38 c1 0f 8c 97 fe ff ff 4c 89 f7 e8 65 38 81 00 e9 8a fe ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 e4 e0 48 [ 251.369335][ C0] RSP: 0018:ffffc90000ab75d8 EFLAGS: 00000206 [ 251.375480][ C0] RAX: dffffc0000000000 RBX: 1ffff92000156ec4 RCX: ffffffff94f2f903 [ 251.383476][ C0] RDX: 0000777d5931ae01 RSI: ffffffff8c0ae240 RDI: ffffffff8c607c40 [ 251.391489][ C0] RBP: ffffc90000ab76b8 R08: ffffffff8142a345 R09: 1ffffffff202faed [ 251.399513][ C0] R10: dffffc0000000000 R11: fffffbfff202faee R12: ffffffff94f1aeb8 [ 251.407545][ C0] R13: 1ffff92000156ec0 R14: 0000000000000a02 R15: ffffc90000ab7620 [ 251.415590][ C0] ? __phys_addr+0x105/0x170 [ 251.420210][ C0] lockdep_unregister_key+0x4b7/0x540 [ 251.425639][ C0] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 251.431565][ C0] ? rcu_is_watching+0x15/0xb0 [ 251.436382][ C0] ? qdisc_reset+0x3bf/0x5b0 [ 251.441010][ C0] __qdisc_destroy+0x165/0x410 [ 251.445829][ C0] dev_shutdown+0x357/0x450 [ 251.450368][ C0] unregister_netdevice_many_notify+0x97b/0x1c40 [ 251.456763][ C0] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 251.463574][ C0] ? unregister_netdevice_queue+0x26b/0x370 [ 251.469550][ C0] ? batadv_softif_destroy_netlink+0x1e3/0x270 [ 251.475780][ C0] default_device_exit_batch+0xa0f/0xa90 [ 251.481457][ C0] ? __pfx___might_resched+0x10/0x10 [ 251.486825][ C0] ? __pfx_default_device_exit_batch+0x10/0x10 [ 251.493005][ C0] ? cfg802154_pernet_exit+0xc3/0xe0 [ 251.498316][ C0] ? __pfx_default_device_exit_batch+0x10/0x10 [ 251.504509][ C0] cleanup_net+0x89d/0xcc0 [ 251.508971][ C0] ? __pfx_cleanup_net+0x10/0x10 [ 251.513963][ C0] ? process_scheduled_works+0x945/0x1830 [ 251.519758][ C0] process_scheduled_works+0xa2c/0x1830 [ 251.525418][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 251.531422][ C0] ? assign_work+0x364/0x3d0 [ 251.536029][ C0] worker_thread+0x86d/0xd40 [ 251.540627][ C0] ? __kthread_parkme+0x169/0x1d0 [ 251.545666][ C0] ? __pfx_worker_thread+0x10/0x10 [ 251.550780][ C0] kthread+0x2f0/0x390 [ 251.554891][ C0] ? __pfx_worker_thread+0x10/0x10 [ 251.560067][ C0] ? __pfx_kthread+0x10/0x10 [ 251.564771][ C0] ret_from_fork+0x4b/0x80 [ 251.569326][ C0] ? __pfx_kthread+0x10/0x10 [ 251.574026][ C0] ret_from_fork_asm+0x1a/0x30 [ 251.579043][ C0] [ 251.582194][ C0] DEBUG: waiting rtnl_mutex for 526 jiffies. [ 251.588319][ C0] task:kworker/0:4 state:D stack:21520 pid:5282 tgid:5282 ppid:2 flags:0x00004000 [ 251.598676][ C0] Workqueue: events linkwatch_event [ 251.603982][ C0] Call Trace: [ 251.607376][ C0] [ 251.610335][ C0] __schedule+0x1800/0x4a60 [ 251.614920][ C0] ? __pfx___schedule+0x10/0x10 [ 251.619827][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 251.625886][ C0] ? __pfx_lock_release+0x10/0x10 [ 251.630950][ C0] ? kick_pool+0x45c/0x620 [ 251.635428][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 251.640656][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 251.645916][ C0] ? schedule+0x90/0x320 [ 251.650192][ C0] schedule+0x14b/0x320 [ 251.654410][ C0] schedule_preempt_disabled+0x13/0x30 [ 251.659911][ C0] __mutex_lock+0x6a4/0xd70 [ 251.664477][ C0] ? __mutex_lock+0x527/0xd70 [ 251.669193][ C0] ? linkwatch_event+0xe/0x60 [ 251.673909][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 251.679007][ C0] ? get_rtnl_holder+0x144/0x190 [ 251.683982][ C0] ? process_scheduled_works+0x945/0x1830 [ 251.689767][ C0] linkwatch_event+0xe/0x60 [ 251.694436][ C0] process_scheduled_works+0xa2c/0x1830 [ 251.700064][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 251.706136][ C0] ? assign_work+0x364/0x3d0 [ 251.710761][ C0] worker_thread+0x86d/0xd40 [ 251.715420][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 251.721346][ C0] ? __kthread_parkme+0x169/0x1d0 [ 251.726448][ C0] ? __pfx_worker_thread+0x10/0x10 [ 251.731595][ C0] kthread+0x2f0/0x390 [ 251.735711][ C0] ? __pfx_worker_thread+0x10/0x10 [ 251.740854][ C0] ? __pfx_kthread+0x10/0x10 [ 251.745491][ C0] ret_from_fork+0x4b/0x80 [ 251.749943][ C0] ? __pfx_kthread+0x10/0x10 [ 251.754585][ C0] ret_from_fork_asm+0x1a/0x30 [ 251.759401][ C0] [ 251.762445][ C0] [ 251.762445][ C0] Showing all locks held in the system: [ 251.770197][ C0] 4 locks held by kworker/u8:2/35: [ 251.775733][ C0] 2 locks held by kworker/u8:4/61: [ 251.780913][ C0] 5 locks held by kworker/u8:11/3029: [ 251.786328][ C0] 1 lock held by udevd/4681: [ 251.790933][ C0] 2 locks held by getty/4984: [ 251.795644][ C0] #0: ffff88802b4e40a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 251.805483][ C0] #1: ffffc900031232f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 251.815669][ C0] 3 locks held by kworker/0:4/5282: [ 251.820880][ C0] #0: ffff888015880948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 251.831946][ C0] #1: ffffc90003fd7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 251.842932][ C0] #2: ffffffff8fc81d48 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 251.851915][ C0] 4 locks held by syz-executor/6925: [ 251.857201][ C0] 4 locks held by syz-executor/6972: [ 251.862475][ C0] [ 251.864807][ C0] ============================================= [ 251.864807][ C0] [ 252.298728][ T7448] fuseblk: Bad value for 'fd' [ 252.884165][ C0] DEBUG: holding rtnl_mutex for 681 jiffies. [ 252.890286][ C0] task:kworker/u8:2 state:R running task stack:19856 pid:35 tgid:35 ppid:2 flags:0x00004000 [ 252.902102][ C0] Workqueue: netns cleanup_net [ 252.906956][ C0] Call Trace: [ 252.910263][ C0] [ 252.913217][ C0] __schedule+0x1800/0x4a60 [ 252.917788][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 252.923802][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 252.930220][ C0] ? stack_depot_save_flags+0x29/0x830 [ 252.935741][ C0] ? __pfx___schedule+0x10/0x10 [ 252.940624][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 252.945884][ C0] ? mark_lock+0x9a/0x360 [ 252.950254][ C0] preempt_schedule_irq+0xfb/0x1c0 [ 252.955429][ C0] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 252.961189][ C0] irqentry_exit+0x5e/0x90 [ 252.965662][ C0] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 252.971191][ C0] RIP: 0010:synchronize_rcu+0x0/0x360 [ 252.976636][ C0] Code: e1 07 80 c1 03 38 c1 0f 8c 97 fe ff ff 4c 89 f7 e8 65 38 81 00 e9 8a fe ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 e4 e0 48 [ 252.996298][ C0] RSP: 7620:0000000000000a03 EFLAGS: 1ffff92000156ec0 [ 253.003102][ C0] ================================================================== [ 253.011155][ C0] BUG: KASAN: stack-out-of-bounds in __show_regs+0xa6/0x610 [ 253.018435][ C0] Read of size 8 at addr ffffc90000ab7578 by task syz.4.407/7439 [ 253.026141][ C0] [ 253.028466][ C0] CPU: 0 UID: 0 PID: 7439 Comm: syz.4.407 Not tainted 6.11.0-rc1-next-20240729-syzkaller #0 [ 253.038525][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 253.048576][ C0] Call Trace: [ 253.051849][ C0] [ 253.054686][ C0] dump_stack_lvl+0x241/0x360 [ 253.059368][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 253.064564][ C0] ? __pfx__printk+0x10/0x10 [ 253.069160][ C0] ? _printk+0xd5/0x120 [ 253.073322][ C0] print_report+0x169/0x550 [ 253.077821][ C0] ? __virt_addr_valid+0xbd/0x530 [ 253.082838][ C0] ? __show_regs+0xa6/0x610 [ 253.087337][ C0] kasan_report+0x143/0x180 [ 253.091832][ C0] ? show_opcodes+0x148/0x170 [ 253.096511][ C0] ? __show_regs+0xa6/0x610 [ 253.101021][ C0] __show_regs+0xa6/0x610 [ 253.105355][ C0] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 253.110985][ C0] ? wq_watchdog_touch+0xef/0x180 [ 253.116008][ C0] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 253.121636][ C0] show_trace_log_lvl+0x3d4/0x520 [ 253.126672][ C0] ? __pfx_synchronize_rcu+0x10/0x10 [ 253.131956][ C0] sched_show_task+0x506/0x6d0 [ 253.136717][ C0] ? report_rtnl_holders+0x2a5/0x400 [ 253.142000][ C0] ? __pfx__printk+0x10/0x10 [ 253.146586][ C0] ? __pfx_sched_show_task+0x10/0x10 [ 253.151868][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 253.157759][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 253.164103][ C0] report_rtnl_holders+0x327/0x400 [ 253.169231][ C0] call_timer_fn+0x18e/0x650 [ 253.173821][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 253.179454][ C0] ? call_timer_fn+0xc0/0x650 [ 253.184132][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 253.189775][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 253.194887][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 253.200522][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 253.206153][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 253.211784][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 253.216978][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 253.222177][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 253.227811][ C0] __run_timer_base+0x66a/0x8e0 [ 253.232669][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 253.238056][ C0] run_timer_softirq+0xb7/0x170 [ 253.242903][ C0] handle_softirqs+0x2c4/0x970 [ 253.247675][ C0] ? __irq_exit_rcu+0xf4/0x1c0 [ 253.252444][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 253.257728][ C0] ? irqtime_account_irq+0xd4/0x1e0 [ 253.262928][ C0] __irq_exit_rcu+0xf4/0x1c0 [ 253.267517][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 253.272715][ C0] irq_exit_rcu+0x9/0x30 [ 253.276952][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 253.282581][ C0] [ 253.285504][ C0] [ 253.288424][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 253.294401][ C0] RIP: 0010:finish_task_switch+0x1ea/0x870 [ 253.300199][ C0] Code: c9 50 e8 39 b8 0b 00 48 83 c4 08 4c 89 f7 e8 dd 38 00 00 0f 1f 44 00 00 4c 89 f7 e8 e0 b8 5f 0a e8 fb 85 37 00 fb 48 8b 5d c0 <48> 8d bb f8 15 00 00 48 89 f8 48 c1 e8 03 49 be 00 00 00 00 00 fc [ 253.319805][ C0] RSP: 0000:ffffc9000374fca8 EFLAGS: 00000286 [ 253.325876][ C0] RAX: 3e1b8c438cf29800 RBX: ffff888029a01e00 RCX: ffffffff94f2f903 [ 253.333840][ C0] RDX: dffffc0000000000 RSI: ffffffff8c0ad560 RDI: ffffffff8c607c40 [ 253.341803][ C0] RBP: ffffc9000374fcf0 R08: ffffffff9017d76f R09: 1ffffffff202faed [ 253.349770][ C0] R10: dffffc0000000000 R11: fffffbfff202faee R12: 1ffff11017247ef3 [ 253.357740][ C0] R13: dffffc0000000000 R14: ffff8880b923ea00 R15: ffff8880b923f798 [ 253.365713][ C0] ? finish_task_switch+0x1e5/0x870 [ 253.370910][ C0] __schedule+0x1808/0x4a60 [ 253.375421][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 253.381753][ C0] ? __pfx___schedule+0x10/0x10 [ 253.386605][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 253.392585][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 253.398916][ C0] schedule+0x14b/0x320 [ 253.403089][ C0] irqentry_exit_to_user_mode+0xe7/0x280 [ 253.408739][ C0] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 253.414211][ C0] RIP: 0033:0x7fa58de4f44b [ 253.418641][ C0] Code: 83 eb 08 49 8b 04 24 48 8b 0b 31 f6 48 89 dd 4c 89 e7 4c 29 e5 48 89 03 48 89 ea 48 c1 fa 03 e8 9b fa ff ff 48 83 fd 08 7f d5 <48> 83 c4 08 5b 5d 41 5c 41 5d c3 66 2e 0f 1f 84 00 00 00 00 00 48 [ 253.438256][ C0] RSP: 002b:00007ffe17ebdc00 EFLAGS: 00000283 [ 253.444333][ C0] RAX: 0000000000000078 RBX: 00007fa58d6655c0 RCX: ffffffff81423d45 [ 253.452296][ C0] RDX: 0000000000000012 RSI: 00007fa58d665638 RDI: 00007fa58d6655c0 [ 253.460259][ C0] RBP: 00007fa58d665550 R08: 00007fa58d6655c0 R09: 00007fa58e0f2000 [ 253.468221][ C0] R10: 0000000081cd36d0 R11: 000000000000000d R12: 00007fa58d6655c0 [ 253.476184][ C0] R13: 0000000000000012 R14: 00007fa58d601008 R15: ffffffffffffffff [ 253.484155][ C0] ? fixup_exception+0x85/0x1cc0 [ 253.489100][ C0] [ 253.492114][ C0] [ 253.494433][ C0] The buggy address belongs to the virtual mapping at [ 253.494433][ C0] [ffffc90000ab0000, ffffc90000ab9000) created by: [ 253.494433][ C0] copy_process+0x5d1/0x3d90 [ 253.512049][ C0] [ 253.514368][ C0] The buggy address belongs to the physical page: [ 253.520780][ C0] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x186cb [ 253.529540][ C0] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 253.536654][ C0] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 253.545248][ C0] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 253.553813][ C0] page dumped because: kasan: bad access detected [ 253.560215][ C0] page_owner tracks the page as allocated [ 253.565916][ C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 2, tgid 2 (kthreadd), ts 2652945322, free_ts 0 [ 253.583266][ C0] post_alloc_hook+0x1f3/0x230 [ 253.588047][ C0] get_page_from_freelist+0x2e4c/0x2f10 [ 253.593584][ C0] __alloc_pages_noprof+0x256/0x6c0 [ 253.598773][ C0] alloc_pages_mpol_noprof+0x3e8/0x680 [ 253.604227][ C0] __vmalloc_node_range_noprof+0x971/0x1460 [ 253.610114][ C0] dup_task_struct+0x444/0x8c0 [ 253.614875][ C0] copy_process+0x5d1/0x3d90 [ 253.619467][ C0] kernel_clone+0x226/0x8f0 [ 253.623972][ C0] kernel_thread+0x1bc/0x240 [ 253.628578][ C0] kthreadd+0x60d/0x810 [ 253.632740][ C0] ret_from_fork+0x4b/0x80 [ 253.637158][ C0] ret_from_fork_asm+0x1a/0x30 [ 253.641920][ C0] page_owner free stack trace missing [ 253.647274][ C0] [ 253.649589][ C0] Memory state around the buggy address: [ 253.655210][ C0] ffffc90000ab7400: f2 f2 00 00 00 00 00 00 f2 f2 f2 f2 00 00 00 00 [ 253.663261][ C0] ffffc90000ab7480: 00 f3 f3 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 [ 253.671311][ C0] >ffffc90000ab7500: 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 00 f3 f3 f3 [ 253.679363][ C0] ^ [ 253.687329][ C0] ffffc90000ab7580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 253.695378][ C0] ffffc90000ab7600: f1 f1 f1 f1 00 f2 f2 f2 00 f3 f3 f3 00 00 00 00 [ 253.703422][ C0] ================================================================== [ 253.711507][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 253.718708][ C0] CPU: 0 UID: 0 PID: 7439 Comm: syz.4.407 Not tainted 6.11.0-rc1-next-20240729-syzkaller #0 [ 253.728795][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 253.738906][ C0] Call Trace: [ 253.742202][ C0] [ 253.745062][ C0] dump_stack_lvl+0x241/0x360 [ 253.749771][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 253.754998][ C0] ? __pfx__printk+0x10/0x10 [ 253.759628][ C0] ? vscnprintf+0x5d/0x90 [ 253.763996][ C0] panic+0x349/0x870 [ 253.767924][ C0] ? check_panic_on_warn+0x21/0xb0 [ 253.773058][ C0] ? __pfx_panic+0x10/0x10 [ 253.777503][ C0] ? mark_lock+0x9a/0x360 [ 253.781861][ C0] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 253.787795][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 253.793715][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 253.800113][ C0] ? print_report+0x502/0x550 [ 253.804818][ C0] check_panic_on_warn+0x86/0xb0 [ 253.809788][ C0] ? __show_regs+0xa6/0x610 [ 253.814327][ C0] end_report+0x77/0x160 [ 253.818588][ C0] kasan_report+0x154/0x180 [ 253.823106][ C0] ? show_opcodes+0x148/0x170 [ 253.827812][ C0] ? __show_regs+0xa6/0x610 [ 253.832338][ C0] __show_regs+0xa6/0x610 [ 253.836703][ C0] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 253.842361][ C0] ? wq_watchdog_touch+0xef/0x180 [ 253.847426][ C0] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 253.853084][ C0] show_trace_log_lvl+0x3d4/0x520 [ 253.858147][ C0] ? __pfx_synchronize_rcu+0x10/0x10 [ 253.863458][ C0] sched_show_task+0x506/0x6d0 [ 253.868250][ C0] ? report_rtnl_holders+0x2a5/0x400 [ 253.873569][ C0] ? __pfx__printk+0x10/0x10 [ 253.878192][ C0] ? __pfx_sched_show_task+0x10/0x10 [ 253.883521][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 253.889451][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 253.895819][ C0] report_rtnl_holders+0x327/0x400 [ 253.900961][ C0] call_timer_fn+0x18e/0x650 [ 253.905568][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 253.911224][ C0] ? call_timer_fn+0xc0/0x650 [ 253.915919][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 253.921575][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 253.926710][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 253.932375][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 253.938046][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 253.943700][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 253.948930][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 253.954167][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 253.959826][ C0] __run_timer_base+0x66a/0x8e0 [ 253.964721][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 253.970124][ C0] run_timer_softirq+0xb7/0x170 [ 253.974987][ C0] handle_softirqs+0x2c4/0x970 [ 253.979782][ C0] ? __irq_exit_rcu+0xf4/0x1c0 [ 253.984581][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 253.989901][ C0] ? irqtime_account_irq+0xd4/0x1e0 [ 253.995141][ C0] __irq_exit_rcu+0xf4/0x1c0 [ 253.999765][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 254.005003][ C0] irq_exit_rcu+0x9/0x30 [ 254.009275][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 254.014944][ C0] [ 254.017889][ C0] [ 254.020834][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 254.026845][ C0] RIP: 0010:finish_task_switch+0x1ea/0x870 [ 254.032673][ C0] Code: c9 50 e8 39 b8 0b 00 48 83 c4 08 4c 89 f7 e8 dd 38 00 00 0f 1f 44 00 00 4c 89 f7 e8 e0 b8 5f 0a e8 fb 85 37 00 fb 48 8b 5d c0 <48> 8d bb f8 15 00 00 48 89 f8 48 c1 e8 03 49 be 00 00 00 00 00 fc [ 254.052304][ C0] RSP: 0000:ffffc9000374fca8 EFLAGS: 00000286 [ 254.058423][ C0] RAX: 3e1b8c438cf29800 RBX: ffff888029a01e00 RCX: ffffffff94f2f903 [ 254.066419][ C0] RDX: dffffc0000000000 RSI: ffffffff8c0ad560 RDI: ffffffff8c607c40 [ 254.074407][ C0] RBP: ffffc9000374fcf0 R08: ffffffff9017d76f R09: 1ffffffff202faed [ 254.082396][ C0] R10: dffffc0000000000 R11: fffffbfff202faee R12: 1ffff11017247ef3 [ 254.090385][ C0] R13: dffffc0000000000 R14: ffff8880b923ea00 R15: ffff8880b923f798 [ 254.098384][ C0] ? finish_task_switch+0x1e5/0x870 [ 254.103610][ C0] __schedule+0x1808/0x4a60 [ 254.108157][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 254.114506][ C0] ? __pfx___schedule+0x10/0x10 [ 254.119365][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 254.125360][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 254.131698][ C0] schedule+0x14b/0x320 [ 254.135861][ C0] irqentry_exit_to_user_mode+0xe7/0x280 [ 254.141507][ C0] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 254.146964][ C0] RIP: 0033:0x7fa58de4f44b [ 254.151379][ C0] Code: 83 eb 08 49 8b 04 24 48 8b 0b 31 f6 48 89 dd 4c 89 e7 4c 29 e5 48 89 03 48 89 ea 48 c1 fa 03 e8 9b fa ff ff 48 83 fd 08 7f d5 <48> 83 c4 08 5b 5d 41 5c 41 5d c3 66 2e 0f 1f 84 00 00 00 00 00 48 [ 254.170991][ C0] RSP: 002b:00007ffe17ebdc00 EFLAGS: 00000283 [ 254.177068][ C0] RAX: 0000000000000078 RBX: 00007fa58d6655c0 RCX: ffffffff81423d45 [ 254.185042][ C0] RDX: 0000000000000012 RSI: 00007fa58d665638 RDI: 00007fa58d6655c0 [ 254.193011][ C0] RBP: 00007fa58d665550 R08: 00007fa58d6655c0 R09: 00007fa58e0f2000 [ 254.200984][ C0] R10: 0000000081cd36d0 R11: 000000000000000d R12: 00007fa58d6655c0 [ 254.208956][ C0] R13: 0000000000000012 R14: 00007fa58d601008 R15: ffffffffffffffff [ 254.216938][ C0] ? fixup_exception+0x85/0x1cc0 [ 254.221888][ C0] [ 254.225251][ C0] Kernel Offset: disabled [ 254.229576][ C0] Rebooting in 86400 seconds..