last executing test programs:

8.04079786s ago: executing program 2:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x17ef, 0x6047, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000b80)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0x5, {[@local=@item_4={0x3, 0x2, 0x0, "763d25e1"}]}}, 0x0}, 0x0)

6.058842741s ago: executing program 2:
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x15, &(0x7f0000000200)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bf"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x1, 0x5, 0x2, 0x4}, 0x48)
r2 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0)
ioctl$EVIOCSMASK(r2, 0x40104593, &(0x7f0000000080)={0x0, 0x0, 0x0})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000900)=@filter={'filter\x00', 0x2, 0x4, 0x580, 0xffffffff, 0x0, 0x0, 0x278, 0xfeffffff, 0xffffffff, 0x4b0, 0x4b0, 0x4b0, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x7fffffff, 'syz1\x00'}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, [], [], 'ipvlan1\x00', 'vxcan1\x00'}, 0x0, 0x118, 0x188, 0x0, {}, [@common=@hbh={{0x48}}, @common=@ipv6header={{0x28}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "ddabf53d9b1435965491f65318776d8001e770b667f173dfa40b58c10327e3121114449fd20ba2be6e45cae72a972f25170163232ed996b4789b9d00"}}}, {{@uncond, 0x0, 0x210, 0x238, 0x0, {}, [@common=@rt={{0x138}, {0x0, [], 0x0, 0x0, 0x0, [@ipv4={'\x00', '\xff\xff', @multicast2}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @remote, @mcast2, @empty, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @remote, @mcast1, @loopback, @rand_addr=' \x01\x00', @mcast1, @mcast2, @empty, @private1, @mcast2]}}, @common=@unspec=@connmark={{0x30}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5e0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}]}})
statfs(&(0x7f0000000180)='./file0\x00', 0x0)
ioctl$EVIOCSKEYCODE_V2(r2, 0x80104592, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xfffffffe, "00207d2000000000201b14700c1e0ac74f000000001200000000000900"})
unshare(0x68060200)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000240)={[{@errors_continue}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x84}}, {@oldalloc}, {@max_batch_time={'max_batch_time', 0x3d, 0x7}}, {@lazytime}, {@jqfmt_vfsold}, {@dax}, {@data_err_abort}]}, 0x1, 0x60b, &(0x7f0000001500)="$eJzs3c9rXNUeAPDvnUzSpOl7Scvjvde3eB14PFp4r0mTto/wcNFupYT6AzdujE1aa9M2NBFNFZpi3QjiRkRwJWj9L7TYbVe6cuFCQZBCUelScGRm7k0zk5kkkya5offzgWnOvWfuPWc6+eaee+acMwEUVqX2TyniYETMJRFDydJyXjnSzErjeQ9/fetc7ZFEtfrcz0kk6b7s+Un6czA9uD8ivv4qiQM9q8udX7x+aWp2duZauj26cHludH7x+tGLl6cuzFyYuTL+v/GJcpycGDu2qdd1o82+M7defX3o3ckXP/v4t2Ts8+8mkzgVT6dPXPk6Ouvvqg6VqNT/T5LVWYMTXZ1p9+pJf09WvsVJOccK0ZXs/euNiL/FUPTEozdvKN55JtfKAduqmkRUgYJKxD8UVNYOyO7tW++DS7m0SoCd8OB0owNgdfyXG32D0V/vG9j7MImV3TpJRGyuZ67Zvoi4d3fy1vm7k7diw/1wwFZYuhkRf28X/0k9/oejP4br8V9qiv9au+Bs+rO2/9lNlt/aVSz+Yec04r9/zfiPDvH/UuNjg7qX25797R/XKb6/8ij9ykBT/A+sc6g7EwAAAAAAAGh153RE/Lfd5/+l5fE/0Wb8z56IOLUF5Vdatld//l+6vwXFAG08OB3xVNvxv6XsM/bhnjT1p/p4gN7k/MXZmWMR8eeIOBK9e2rbY2uUcfS9Ax91yquk4/+yR638e+lYwLQe98t7mo+ZnlqYetzXDUQ8uBnxj7bjf5Pl63/S5vpf+3swt8EyDvz79tlOeevHP7Bdqp9EHG57/X+0akXSaX2OkydOTowdG623B0azVsFq/3zz/S8aqdXrZ2w2/i0xAY+vdv3fu3b8Dycr1+uZ776M44vlaqe8zbb/+5Ln60vO9KX73phaWLg2FtGXnOmp7W3aP959neFJlMVDFi+1+D/yr7X7/9q1/wciYqnl3MkvzXOKM3/9ffCHTvXR/of81OJ/uqvrf/eJ8dvDX2YnO9WyGN7Grv8n6tf6I+ke/X/Q8GEWT33N+9uEY7ld1k7XFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeBKWI2BdJaWQ5XSqNjEQMRsRfYm9p9ur8wn/OX33tynQtr/79/6Xsm36HGttJ9v3/wyu2x1u2j0fE/oj4oGegvj1y7ursdN4vHgAAAAAAAAAAAAAAAAAAAHaJwdXz/78fTPN+6sm5csD2K+ddASA3beL/mzzqAew8138oLvEPxSX+objEPxSX+IfiEv9QXOIfikv8AwAAAADAE2X/oTvfJhGx9P+B+qOmL83rzbVmwHYr5V0BIDeW+IHiMvQHiss9PpCsk9/f8aD1jlzL3LnHOBgAAAAAAAAAAAAACufwQfP/oajM/4fiMv8fiiub/38o53oAO889PhDrzORvO/9/3aMAAAAAAAAAAAAAgK00v3j90tTs7Mw1iRdyLb0UEVtxnko3T65WqzdqvwW75S3YeOLT3VGN5kQ2FH631Kclkc3129hR+f1NAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0RAAD//0gcJOU=")
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCADDRT(r5, 0x890b, &(0x7f0000000000)={0x4000000, {}, {0x2, 0x0, @dev}, {0x2, 0x0, @empty}, 0x2a0})
ioctl$sock_inet_SIOCDELRT(r5, 0x890c, &(0x7f0000000080)={0x0, {}, {0x2, 0x0, @multicast2}, {0x2, 0x0, @empty}, 0xab852ebbeefbd6b1})
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000003000000850000008600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='ext4_allocate_inode\x00', r7}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x200000000000000)

5.145830051s ago: executing program 1:
syz_mount_image$vfat(&(0x7f0000000580), &(0x7f0000000180)='./file0\x00', 0x1000802, &(0x7f00000001c0)=ANY=[@ANYBLOB="6e6f6e756d7461696c3d302c6e6f6e756d7461696c003130dbbb3121258e322c262b537fdd0000006e695f7804590000000000003d312c696f63686172538c6c90392bc69373686f72746e616d65653ff959f53d6d697865642c636f6465706167653d3821332c696f63686172736500000000313238312c007e3db5a829498e2a721ae5804ff8ccb41eff157cfdfcef90a6010100003ceeeac934b3165b4a0ea182cdd0666ab32f2d041a99ac9fc865ba946f1bb7759d02742dfcc68937ff86d7a54d6de8823119c767d45d6047209f4436383e7c37b59a34407d4a0e6a382108ddd52580281f1d8ad71c4ceafb49960f1429b090d1429f519f9c2b0cb88ffa6fc04fa61c275bf560b9eeeb2d0c8b3ddeb56783f9908c21cf9b2ba0b76b9b60c991bb17c7d0accad1cdaf3259b7dc405d72e2bc3abe0cf37bda3dbfc05e2e55f8aa272b5ea736019c3c0a9b34115a445e0c5da1bd7352ec9529f5caa71f1ae71b36b500c79fffb487ed081232b5d93d3162c7f71f4d5756c9e5442fa3692127266a0c15dac9171edda86b148d17a48d4d90470e79620eeab5acf6f78f807298315e2b80fe1874098d75ab47837a96699e2a7db456f2a4368bece813135ed970951c7471ac16703820a799421cb24f32a5f49ab45bec637c38bcbdae4da3a05f96b2161cce8f6f7f3dd8d06352eb387997b498a732d8442115755ff14d508891abd401b3cafcba75a6901fbe08002674d8663b8c40e9cf13fa4c4a092cb8004a1d2a6fe18cd5d702493d52a7110b17e64b9fa22fb3ace98b9ca35cb98c65f0902dd430373f6ae43c4a60c423b6f65b5ecc2093698072abc857ab2d36a261a7fc5776d39c3d5d5fad291c88ff9726d5ee32c6bcac1799ade9459eb39b56d985d29b988c72c9ad7e82b589f454a58d7cd5ace9436cf69acc217737c863d8938cc95767a0c9b14cb79f5b45ea2408d1da65a2ed8cf55ac8953e5b6a2008336707ca72e7211dafa5fa41880a237c267082fdabb5e8913da2"], 0x1, 0x22a, &(0x7f0000000800)="$eJzs3TFrU10YB/AnbUr7Fl7SQSiK4BX30FbcU6SCGFCUDDpZbIvS1IKFgg5tnfwS+hV0dBUcxNUvIIJUwaV16iBE6q1JG5LYWpMr5vdb8nDv+d/z3CTkkCEnt08vLc4tryxsb2/GyEhuKF+KUuzkYiwGYjBSGwEA/Et2arXYqqWy7gUA6A3rPwD0n07rf26jfuxa7zsDALrF938A6D83bt66Ml0uz1zfSkYilp6sVlYr6WN6fnoh7kU15mMiCvEtolaX1pcul2cmkl2fxqKytL6XX1+tDB7MT0YhxlrnJ5PUwfxQjO7l34/GfExFIU60zk+1yg9FxLl98xejEO/uxHJUYy52s4382mSSXLxabpp/+Mc4AAAAAAAAAAAAAAAAAAAAAADohmJS13L/nmKx3fk0v39/oP867g/UvL9PPk7ls713AAAAAAAAAAAAAAAAAAAA+FusPHy0OFutzj/oVNx/+/z1r8YcssjtzXvc6xy/+P/sx6ftxzw+yvPzZ4tXZ3o86XBEHDX1ZvPuyfMr4xfajYl813oe+J0X5Ushokv9vPhZlL5m+X5uKgabj4w/K82+XPvw+bDXyfBDCQAAAAAAAAAAAAAAAAAA+lTjR79ZdwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2Wn8/3/Xio2s7xEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL4HAAD//9lkp1I=")
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, <r2=>0x0}, &(0x7f0000000280)=0x5)
setuid(r2)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0xc0185879, 0x0)

5.013576812s ago: executing program 1:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@mcast2={0xff, 0x5}, 0x0, 0x0, 0x3, 0x3}, 0x20)

4.940718314s ago: executing program 4:
r0 = socket$inet(0x2b, 0x801, 0x0)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @dev}, 0x10)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000040)="5f4ac7c4216632f8bdb81e2058edd7db", 0x10)

4.821067013s ago: executing program 1:
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x2000, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
preadv(r0, &(0x7f0000000180)=[{&(0x7f0000001a80)=""/102400, 0x19000}, {0x0}], 0x2, 0x0, 0x0)
syz_open_dev$usbfs(0x0, 0x77, 0x0)
r1 = epoll_create(0x3f)
r2 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3)
ftruncate(r2, 0xffff)
fcntl$addseals(r2, 0x409, 0x7)
r3 = ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000100))
r4 = fcntl$dupfd(r3, 0x0, r1)
ppoll(&(0x7f00000000c0)=[{r4}], 0x1, 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
io_uring_setup(0x354a, &(0x7f0000000480))
r5 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r5, &(0x7f0000000240)={0x18, 0x0, {0x3, @dev, 'syz_tun\x00'}}, 0x1e)
socket$pppl2tp(0x18, 0x1, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x90)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$EVIOCGPROP(r6, 0x40047438, &(0x7f0000000180)=""/234)
ioctl$PPPIOCGFLAGS1(r6, 0x40047435, &(0x7f0000000280))

4.770924518s ago: executing program 4:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mlockall(0x7)
munlockall()
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8982, 0x0)
syz_mount_image$reiserfs(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000000), 0x81, 0x1123, &(0x7f0000001240)="$eJzs2DtrFFEUB/D/naxmV4WR2A+WFrIEtvdRKGxrq1gYrOyylRIwH8bGzg8iqexDarVIL4zMzj4ILBHJA8Tfr5kz5577Ks8NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdAbJj5Lcq5KdZa5KUpKmOZqeJGmW+btftzIsefF2Onu2P3k+W5RWKS+T0oUpnx/1tZOdSbswe//hXYbJ/nzgze2SJsenyetLu8T2Kto6p6o74LALRpe2MQAAAPwT2gurU1arndNYf7lzRfsDAAAAf3IVbwoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf6Ot13FZBlX/0zRH05MkzYZ5N67pfAAAAMDFlVR5VW/K988AvS56mG91WeXb3uMqu/lUZzQvG+TMjIV+LL/adsMgAAAA/Ifa7fnnfsrhuk0uN8vhsu9+kME6P68cZDzu/8eLBvzn03y/lQx3z649epL2Y3Kwd3x6sFfarWu7FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/2YFjAQAAAABh/tZpdGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXBUAAP//XNrmJQ==")
syz_io_uring_submit(0x0, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r3, 0x0, 0x0)
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x2, 0x0, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)=@abs, 0x6e, &(0x7f0000000200), 0x0, 0x0, 0x0, 0x24008883}, 0x0)

4.654193534s ago: executing program 3:
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c)
sendmsg(r0, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0xc9c0)
writev(r0, &(0x7f0000000040)=[{&(0x7f0000000340)="d092040059ebf6d2ccf950132fd4422e36e57bdf87cd9761ee5fb29922165d07ea251a054ae8b91511c8254a98b2b69a8f897ffc18200797afd0f71c482bb759e04a983ec55d99ee063d64bb572263812b194e9cac49d6a529e0a3b250c906cfbc376388098362bf6980c90c67fd719e5c01e8ca13731f8fcb8a80346d9333fb4e8864d3cd3f9021041012c9e2edf99e63a0cade27624e91b1bcceb06aca4debf538f87bc93d5303677937c0d2f2f6b429a1871d9373ed301be1905965d0b3302fe30016d60aa199f3c0da909caa097ca32bab7b2d1f63829693c13580366ef9d17d8074a83ae3a5003c8fddd1edf535051490c4490fcfd09dc5fee6fa0e628be99e554a34a4b474935ea2c77b24072b3b4e1ed3917eda4f8ed833cbf24c44eaa683c57cb98d4b3da13378147279c585887180dfd6d8699176f367edede0d022bef2f477ecdc0f03a2ba66327cf05e16d86a541bde32ef3052fdaf1ade877d1749728451c1738f9e31279918cdf33f52aeb62a8ccee5b9c4816e34e4134fd3a923d483dd9c9fbb532d107c7d5964d2bdcde74ce366e1957a112f1852353f88ba296bd029659937011831c3854fcc4a457b9bd63f2291361de94e2192f10b74177350cedd57a5942872749adb335b88bea80b8233a9c36ba85bf411b588bbaa1723c7fa66447a2ed495dc8a19674c8926059dc215b25c5833da9f1e759c9813a9acfeceab2a3a80786ba25adfc1fe02a88cdceadaa62c2f268a1c8d848350a9c2172dda4ac8cc49b2276fcbbc7e2ea814229e14b114fdc89e66a98fa5fd54cb16cebf6cb6d51e38015ca744c15b627bfeca9373c39147765dd487c92c6394912ea82d6aad06d405bb29a311dfee21b6b3fcc4520c1e58d47dfee4c1bb2e2afb2978c8bb747488fbcb8da7b8cd97caea6333a2d19bfda3376b24242cc5a910beb20766251241ffd09cb876ea6f7599c0b4d378077d723c3f60e2bce3144f559c077cde23e0c285519f9db25a898f63a9d1185c1ae25077355fb3f3a9086e6657d6460dde507339e46fb86ebef3a3815a0eb8eea622c9930cdf91648cf4e4b5377e5ffe198b530560bfad125ff068934c3d4a341c621f186a9b5afbfbc0af752e328c8cf3c1e448c523e765ad292f8dcc4cedc3a8086a2c4fe045e9a44cf3ec287992a312bcebf8a2c9daf5876093f389d12b5f83b5c6a4eed6c75a8e3fcfbded659c1fdea76745bb09bc764f44506bbfcd7dc600fc2ce12394945d6e032c330c5c36c2400b996a9676b177f93334f3b0849bf8a7914ddd1972bff495a5ad68eca955271abe770ca7da258a56a9b60727961d5c810445312f23996890c9f7f2b0092658c9c9f001da71887bd4b1088fa84abda66bf2c67c49d20dd1966dd8630ccca69c39b7820cca626f3071026c412424be92f0443209b4f69ed1c0f3322c3c837a89170bbb0094251055eadcc12efab31a353d3b1d8922490dcfa551fbddabc08d19127407b341dc10f5d62f1c3833d73d0fc09c844ff02117f81b36e4daa4f013e82aed829800e4bdd0030c987d122e1754b9c419432c7d68f86a24f8a69c36d0fa0aaeef461d5979223a4f3dd2667a4287f984d3976b462649fbd294fa2dd7fa5711c9c976934b035f1aed32d5482efb4a7355086208fc", 0x498}], 0x1)

3.571365839s ago: executing program 2:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
syz_mount_image$hfs(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x2004000, &(0x7f0000000140)=ANY=[@ANYBLOB="473687d3", @ANYRESHEX=0xee01, @ANYBLOB="2c747970653d23faf9892c696f636861727365743d6d616363726f617469616e2c636f6465706167653d61736369692c6469725f756d61736b3d30303030303030303030303030303030303030313737372c00"], 0x3, 0x286, &(0x7f0000000200)="$eJzs3c9qE1EUx/HfnaRtakud/pGCy2rBldi6ETeK9CFciKhNhGKooBXUlbgWcSe4d+dafAE3rsQX0JUrHyC7kXtnkkzi/Gs0uU38fiAhOvfcOaczydwTSCIA/60be9/fX/5pb0aqqSbpqhRIakh1SWe02XhyeHRw1G41iyaquQh7M4ojzR9j9g9bWaE2zkUkQvuvupbT/4fxiKIo+uE7CXjnnv0ZAmkheXa67Y2JZzYeL3wn4JnpqKOnWvGdBwDAr+T6HyTX+eVk/R4E0nZy2Z+p63/HdwKepa7/rsuKjD2+p92mfr/nWji7Peh2iQUz5m6ZV3xmDSwwTVlX6XIJFu8ftFsX9x+2m4Fe6loiNWzD3TfjU7erJNutgmQzlNeeZ8nVMGdr2M3Jf32UPb49fio95ov5am6bUO/U7K3/6pGxh8kdqdAdqbAXEOd/KX9GV2UYj8qpctXt5GyyB336UKHKRnZHou4ZtarBNwjCbp5v5gui1oai4up28qtzUeuZUbslURvDUf2zOT9ydDllDzGvzU2zpV/6qL3U+j+wf+1tVXlm2jFuZHJmFNZTdyPDCokFldJHVXOFW1/pnq5o5fGz5w/uttutR1PxoHYy0pj4g7omsa/uCXMiSp7tB/rreWpa0FhTLXrxWPyXr1PwqH/QtXnLdzLwwa67TNz/pfqV626b7ZNCt06fU9Y6PSqbPDXjTk5vsObuTx2rg1vK7+Cq9lznLkjnC/b4eXDaMMlzRpg9fdMd3v8HAAAAAAAAAAAAAAAAAACYNtU+D7CQjB7t4wSeSwQAAAAAAAAAAAAAAAAAAAAAYOqN//d/U9/qXf77v+5buvn9X2AyfgcAAP//C8h7PA==")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpu.stat\x00', 0x275a, 0x402)
write$binfmt_script(r1, &(0x7f00000001c0), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x800001, 0x28011, r1, 0x0)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f00000000c0), &(0x7f00000001c0)=0x8)

3.428043346s ago: executing program 4:
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000000c0)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x2c, 0x4, 0x0, 0x0, 0xb0, 0x64, 0x0, 0x0, 0x29, 0x0, @broadcast, @remote, {[@timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x0, [{@private=0xa010100}, {@multicast1, 0x5}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x659}, {@broadcast, 0x8000}, {@empty}, {@private, 0x7}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x8, [{@broadcast, 0x2}, {@remote}, {@multicast2}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0xdc, [@private=0xa010102, @rand_addr, @multicast1]}, @rr={0x7, 0x17, 0x0, [@dev, @remote, @multicast1, @private=0xa010102, @remote]}]}}}}})
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$packet(0x11, 0x2, 0x300)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r5}, 0x10)
pipe2(&(0x7f00000005c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
fcntl$setpipe(r6, 0x407, 0x0)
write$FUSE_INIT(r6, &(0x7f0000000340)={0x50}, 0x50)
vmsplice(r6, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x0)
fcntl$setpipe(r6, 0x407, 0x2000000)
r7 = socket(0x0, 0x3, 0x100)
sendmmsg$inet(r7, &(0x7f0000005240), 0x264e33, 0x14)
r8 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000940), r1)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x28, r8, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x2}]}, 0x28}}, 0x0)

3.385802909s ago: executing program 3:
r0 = syz_open_dev$sndpcmc(&(0x7f0000000300), 0x0, 0x0)
mmap$snddsp_control(&(0x7f0000000000/0x3000)=nil, 0x1000, 0x0, 0x11, r0, 0x82000000)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3, 0x1c)

3.327777151s ago: executing program 1:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000008000000000000000000000095"], &(0x7f0000000440)='GPL\x00'}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10)
socketpair(0xf, 0x3, 0x2, &(0x7f0000000040))

3.039646737s ago: executing program 3:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000002aec000000000000000095"], &(0x7f00000001c0)='GPL\x00'}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r1, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r1, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f00000001c0)=r2)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'pimreg\x00', 0x8ad5f7d5c4922ed6})
close(r0)

2.662437514s ago: executing program 0:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@mcast2={0xff, 0x5}, 0x0, 0x0, 0x3, 0x3}, 0x20)

1.957499638s ago: executing program 0:
syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000340)='./file0\x00', 0x0, &(0x7f0000000380)={[{@fat=@codepage={'codepage', 0x3d, '874'}}, {@dots}, {@dots}, {@fat=@discard}, {@dots}, {@nodots}, {@fat=@debug}, {@dots}, {@dots}, {@fat=@check_strict}, {@fat=@allow_utime={'allow_utime', 0x3d, 0x40001}}, {@fat=@sys_immutable}, {@nodots}, {@dots}, {@nodots}, {@dots}, {@fat=@debug}, {@nodots}, {@fat=@debug}, {@dots}, {@dots}, {@fat=@dmask={'dmask', 0x3d, 0xfffffffffffffffe}}, {@fat=@debug}], [{@defcontext={'defcontext', 0x3d, 'user_u'}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x35, 0x62, 0x31, 0x0, 0x36, 0x34, 0x63], 0x2d, [0x62, 0x39, 0x0, 0x5b], 0x2d, [0x38, 0x61, 0x62, 0x33], 0x2d, [0x62, 0x38, 0x37, 0x39], 0x2d, [0x62, 0x61, 0x33, 0x63, 0x64, 0x31, 0x65, 0x44]}}}, {@seclabel}, {@pcr={'pcr', 0x3d, 0x12}}, {@smackfsdef={'smackfsdef', 0x3d, 'batadv_slave_1\x00'}}]}, 0xfd, 0x1bf, &(0x7f0000000940)="$eJzs3TGL02AYB/Cn9bzmnG4TRCHg4nSon+BEThADgtJBJ4XT5SqCt0SX9mP4Af0A0qmLRGrSxkaHWmxS6++39En/edvnHZp26ZNXN99dnL+/fPvl+udIkl70T+M0Zr04jn4sTAIA2CezooivRanrXgCAdqzx/f+t5ZYAgC17/uLlkwdZdvYsTZOI6SQf5sPyscwfPc7O7qY/HNerpnk+vLLM76XN3w7z/Gpcq/L75fp0NT+MO7fLfJ49fJo18kGcb3frAAAAAAAAAAAAAAAAAAAAAADQmVuRLvx2vs/JSTM/qvLy6Kf5QI35PQdx46A6rMcDFeM2NgUAAAAAAAAAAAAAAAAAAAD/mMuPny5ej0ZvPtTFICJWn/mTole98IbL2y76sRNtKP5qke5GG6MNPwWHEbGtxmZFUax1cn2NGHR1cQIAAAAAAAAAAAAAAAAAgP9M/affX7Oki4YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAP1/f83KMYRscbJyzc76nSrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7LHvAQAA///DgjXa")
r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
ioctl$SIOCAX25CTLCON(r0, 0x89e8, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
getdents64(r1, &(0x7f0000000f80)=""/4096, 0x1000)
r2 = socket$inet6(0xa, 0x80002, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0x8000, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c)
sendto$inet6(r2, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e", 0xffd6, 0xc001, 0x0, 0xffffffffffffff0c)
setsockopt$inet6_udp_int(r2, 0x11, 0x1, &(0x7f0000000080), 0x4)
r3 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="1b0000001a007f029e", 0x9}, {&(0x7f0000000200)="68cabf2dfb58fc0a01008888ffff0200258f", 0x12}], 0x2}, 0x0)

1.926182495s ago: executing program 2:
r0 = socket$inet(0x2b, 0x801, 0x0)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @dev}, 0x10)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000040)="5f4ac7c4216632f8bdb81e2058edd7db", 0x10)

1.906705491s ago: executing program 1:
syz_read_part_table(0x1076, &(0x7f0000000000)="$eJzs0LFNxEAQBdB/xr5bB0hXApUgGkNwdVAACe1QBhn5IK8x4JQAkveC0c5q/tja8K/uampJ6iGZr75uT0u5vvnRVbV98JBD0hNzpn5zf0nOmdOGjDVtc8+9tgxVVf18XFZe3jJk7d9bcvu6bX06bsn10D9xWtY99n7c/8fY6/k78PIZnnZjw+9eBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+xkcAAAD//zF0EqI=")
r0 = socket(0x25, 0x5, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000040)=0x3, 0x4)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0xe017be05})
epoll_pwait(r1, &(0x7f00000010c0)=[{}], 0x1, 0x0, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x7, &(0x7f0000000280)=ANY=[@ANYBLOB="1802000000000000000000000080000085000000bc00000018000000ffff00000000000002000000850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50)

1.836915527s ago: executing program 3:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0)
preadv(r0, &(0x7f00000003c0)=[{&(0x7f0000000540)=""/219, 0xdb}], 0x4, 0x59, 0x0)

1.616089331s ago: executing program 4:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
statfs(0x0, 0x0)

1.578217761s ago: executing program 2:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000280)='/sys/fs/cgroup', 0x0, 0x0)
syz_io_uring_setup(0x4b10, 0x0, &(0x7f00000002c0), &(0x7f0000000140))
socket$inet6(0xa, 0x5, 0x10040)
listen(0xffffffffffffffff, 0x20000005)
r1 = socket$inet6(0xa, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
wait4(0x0, 0x0, 0x0, 0x0)
gettid()
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sysvipc/shm\x00', 0x0, 0x0)
preadv(r5, &(0x7f0000000000)=[{&(0x7f0000000080)=""/201, 0xc9}], 0x1, 0x0, 0x0)
lseek(r5, 0x9, 0x0)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040))
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, &(0x7f00000005c0))
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000340)={<r7=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(0xffffffffffffffff, 0xc0182101, &(0x7f0000000100)={r7})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f0000000480)={<r8=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r5, 0x40182103, &(0x7f0000000240)={r8, 0x1, 0xffffffffffffffff, 0x20, 0x80000})

1.577031029s ago: executing program 3:
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
close(r0)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000020c0)='attr/prev\x00')
r1 = socket$inet(0x2b, 0x801, 0x0)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r0}})

1.496763903s ago: executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{r0}, &(0x7f0000000200), &(0x7f00000002c0)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000007c0)={r1, 0xe0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f00000003c0)=[0x0, 0x0], ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x5, 0x8, &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xf0, &(0x7f00000004c0)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f0000000540), 0x0, 0x0, 0x0, 0x8, 0x8, &(0x7f00000005c0)}}, 0x10)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000940)={0x1b, 0x0, 0x0, 0x1c000000, 0x0, 0xffffffffffffffff, 0x1000, '\x00', r2, 0xffffffffffffffff, 0x1, 0x0, 0x3}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x9, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="620ac4ff0000000071101d000000000095000000000000007f5765f3f357c58b77e63bba9dc81ce741aa97d5f2db517308be3cf00a9020addcdc79d7"], &(0x7f0000000480)='GPL\x00'}, 0x80)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_int(r3, &(0x7f0000000100)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000040)=ANY=[@ANYBLOB='1-01'], 0x31)

1.294777459s ago: executing program 4:
syz_read_part_table(0x5d2, &(0x7f0000000000)="$eJzs27+LI2UYB/DvTJKZBE7zH3iBayyEa21WD+Ruue4ae1sbCztB2QRFQdBGCxsLS6/Zf0DbZbG0WgRZC0E7sbLRfWVmMtksNkJc5ODzIZn3B8/7PO+QN+Ubnm1lOZn37VUppZ+pu29dzbYBy7+y6NrZ3qJXXhrGrz99+Ojx6knVbOerVMlv6yFHkmn3aJIXhl5ntW2/meaTp8cfffr5u03WWV+eJPkyWSelHbeWLOohwej7XaFcp+T/8+KN0az/YTIfx6/uBveTTJI2kyGkHzYfHlz/9Ohs01VJqVJ6u/ydB0MzbqjOyb1xp79fZVavtmcp+zted53N3mSbupTy9fP9kezStM0252xc3R3G859OsmmG/8nFt+PiPlt+XAwxu2L1wa8OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAtKL2PX55vx1/1z+kXqfaCpv0nrzXTpJwPqxallKwPrn96dLZ8/4O367xz9ObFW+/9fPzrvCs9yf3jO6Vtk/xZurg30jY3NlRfTaqDqyelXbV9Z5bkbhmnV9nku3s/3K0nacryOnxWDZG9Tf6LHQAAAAAAAAAAAAAAAAAAAEDy8NHj1ZN6keESfOpseyXzfwaXP0opD7qAano9u0iaXPZ34X9JGa/El262y/dcF9CbZ3dhvk/+2Z1bfDH+lb8DAAD//5wGYLU=")
r0 = socket(0x2, 0x2, 0x1)
bind$unix(r0, &(0x7f0000000000)=@abs, 0x6e)
r1 = socket(0x2, 0x2, 0x1)
bind$unix(r1, &(0x7f0000000000)=@abs, 0x6e)
r2 = socket$inet(0x2, 0x2, 0x1)
sendmsg$inet(r2, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/icmp\x00')
preadv(r3, &(0x7f0000000840)=[{&(0x7f0000000880)=""/192, 0xc0}], 0x1, 0x180, 0x0)

1.206789186s ago: executing program 0:
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@newqdisc={0x40, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_pie={{0x8}, {0x14, 0x2, [@TCA_PIE_ALPHA={0x8}, @TCA_PIE_BETA={0x8}]}}]}, 0x40}}, 0x0)

964.940225ms ago: executing program 3:
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f0000000140)={[{@nossd_spread}, {@nodatacow}, {@ref_verify}, {@nossd_spread}, {@nodatasum}, {@autodefrag}, {@user_subvol_rm}, {@max_inline={'max_inline', 0x3d, [0x6d, 0x38, 0x78, 0x39, 0x65, 0x36]}}]}, 0x1, 0x50f9, &(0x7f0000005140)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734d2FpAqhUbJJahw38Xptk4daqqwpVSPSNOuGBlURxcZek8ULdmxTYhQiYxPRCEFpg5R8KMIoimo+QK1ARFJAuEhxhMojoioKIFBoDVEQKSWJSBOkUM3ee2bvnLvz8GONl/5+knfOzP887zw859475wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP8Ph75y1d82iz/82/Oefu7Cicv2rrvw5WvOO/3xECZnH+/Iwh3919868fM7z71r731rbrvnyPkf7M3L5fEwUP3Tmd+5LtZ6ZGkI93aE0J0GVg5mgZ78/mCs712DIZwW5gK1ElP9WYm04fD9vhD2h7lArarv9YUwWAhc8MRDD95YTdzSF8KyEEIlbePZStZGXxo4qzcL9KeBbd1Z4FdvZGqB73ZmAThu8c1Qe9EfnKzPMDJ/uQavv54T1rE3Vzq8rpgYaZzvZ+sWuFMFvekDk8f1tJWqY0GU3h6HvNsWwbuttJ1v9rQVv0jl31DemAtVQufmqS0br5zZFR/pDGNjXY1qWqDn+alXv7TpaNKL5nUYOzByQl6HNz227M6uFZ969J6Vy1488KF9Lx1vN39U2KTF9EKrhPw1t2iex2jC58kiePuVviWN+tIVQtjy+d/7dLN4af4/0nz+H1/O8bazLnes9fWhbG4eHxmMiVeGsrk5AAAALBqLYa/ptrEHPlYoPlxJ6ivN/0fbO/4fD/nnk/lstIdCmJhN7BsO4YzZx7PAHbG5S4ZDeO9sarI+sC4JHArhnbOJFbWqkhJLYonRJPCToTwwkQQOx8BkEvhWDNycBK6LgYNJYFMMHEoC58ZAmK4fx+8P5eNoO9AXAxuyjXgwnoXwi6HYWrKtnqlVBQAAcILks8Oe+ruFcx2ON0OcXh7sa5UhnoHdMEMlqSGdwdamVQ1r6G5VQ2erGmrj3tN8+KWaO1rVXDoNo6M+w62//JvPhCZK8//x5vP/yjwd6Sgd/w9h/ezfmLszj8zU4hsm6zIAAAAAx2Hgf5//ZrN4af4/0d75/3GfSFchc3gk7obYOhzCeH0gq/YPy4HsqPdAHgAAAIDFoHY8vnYsfDq/zU7RTufT5fyTR5k/HvifmDd/76H7NzTrb2n+P9ne+f/99bdZJw7HXnxtOIQlhcAPYi+rgVmjMfDjj9cH8vEfjhvghlhVfmJCraobYokNMTCeBPY3KvHDWokz6gP5k1VrfF9tHNN5iUIAAAAATrq4OyAel4/n/7/vN2uualauNP/fcHTn/8/Og0un988MhLCqO4Su9IcBj/RnCwPGwGBHnnigP6urK63q2v4QzqkOLK3q+Xz9/+50jcEn+rKqYuCM9x149axq4pt9IawqBp783O0friZ2JYFa43/ZF8J7qqNNG//OkqzxnrTxry8J4d2FQK2qS5aEUG2sN63qoUp+HYO0qn+uhPC2QqBW1UcqIewOACxS8b/SzcUHd+6+euvGmZmpHQuYiPvw+8KW6ZmpsU3bZjZXGvRpc9LnumWMri2Pqd0r3zyTL1H02bvXD7aTrv1OcLzYVr4fv3TiYH4/fhfqmR3nmp66u2vTIX/g/eUmQuGbVKMhdy7wkPuLlcw9iaX6Y/7eMBCWXLlzasfYFzfu2rVjdfa33exrsr/xMFO2rVan26p/vr618fJouFpW4li31fJiJat2Xb591c7dV6+cvnzjpVOXTl2x+iNrxs8eXzv+0bNXVUc1nv1tMdTl81WdDPWN29sc1wkc6pndhUpOxqeGhITEYktsG1je9P/k0vx/e/P5f/zUiZ/8+foMjY7/j8TD/Nnjc4f5N8TA/naP/480OppfOzFgNAnsiYE9DvMDAADw1hAn+XFvZtwr/dMV33mxWbnS/H9Pe7//P0Hr/9eWrj+/0TL/K2KJ8Ubr/6fL/NfW/9/TaP3/dJn/2vr/+9+E9f+vrAWSTfIL6/8DAABvBSdv/f+Wy/unFwgoZWi5vH96gYBShpbL+Ld7gYCjXv//2f/8q/8OTZTm/ze3N/+3cD8AAACcOr78Z1f9TrN4af6/v735/8lf/y80Ov9/tFFgstHCgNb/AwAAYJFqtP7fyPX9FzcrV5r/H2xv/h9Pu+isyx1rfX0oW9MupGvavTJU+8kAAAAALA6dYWysp828dSujrjv2Np/KlwJtli56/k+OHN35/4fam//X/S7jpseW3dm14lOPvn7PymUvHvjQvpfmjv8DAAAAC6fd/RIAAAAAAAAAAAAAAMCb7/n/2Lu2Wbz0+/+wfvbxRr//j9f9i78veHtd7lhr6/X/8vsXfPKu3bNLFj4yFML7i4Gte7eeFvJr8y8vBh68aMU7qom9aYn7nzv3hWri4jTwiZWnv1ZNnJMENsRFEt+ZBuJVFV9bmgTi8or/ngbi9jiYBnrzwFeXZuPoSLfVTwezbdWRbqunB0MYLgRq2+rewayNjnSAtySB2gC/kAbiAP88D3SmvbprIOtVDAzGorcNZL0CAOCUFb8F9oQt0zNT4/ErfLw9s7v+NqpbsuzacrUdbTb/TL402WfvXj/YTror/S46d63xnlCpDmF16etqMUvH7ChPTC0tNt3bGwy51WpvnQ3KpY520/U2HlFfNqKxTdtmNve0HPja1lnWdLfMsro02Slm6ZzdpG3U0kZf2hhRm9umjS7H+51hbKwryfUHMTgS6rR6RbT7e/3iOn+NXgXFPFcc2ferZvWV5v8j7c3/K8VxvZZfDGBPvLLe3w1b5h8AAAAW1lfX/fob8d9nrn/4yWZ5S/P/0fbm/3EPVn4oONvbcShe/3/fcAizl9YfyQJ3xOYuGQ7hvbOpyVgiu6D++bHEeBa4I+4wWRFLbJisr2pJDBxMAj8ZygOHksDhGMj3UhwI+a6cvx8K4cOzqfX1JbbHEiNJ4NMxMJoExmJgPAksjYGJJPDy0jwwmQT+LQbCdP22untpvq0AAACORj7P6qm/G9J53sHuVhk6WmXob5Whs1WGSqsMjUYR7387ZuhJTl7pKGTqSWvtS2opZYgXwz/qfpUyhB/W50wLlpqO5x/UzjfoqM9w38e6K6GJ0vx/vL35f3/9bdb64Tj/n7v+Xxb4Qeze1+Kp46Mx8OOP1wfyHQOH42T3hlpVk3mJfNJ+QywxEQOjSWB7DEwkgQ3r88D+d9QH8pl2rfF9tcan8xKFAAAAAJx0cQdB3E0T5/+37fzKQLNypfn/RHvz/9jeQLGx62KtR5aGcG/HXG9qgZWDWSDuxxiMP49/12AIpxV2cNRKTPVnJXqThsP3+7JfqPemVX2vL/vxQbx/wRMPPXhjNXFLXwjLCntfam08W8na6EsDZ/Vmgf40sK07C8Q9P7XAdzuzABy32l7B+ILKT3WpGZm/XIPX31vlmqDp8Er7QOfJN99vrhZKaYdrvk+15uietqb7bzlhSm+PQ95ti/HdNuLdVvwilX9DeWMuVAmdm6e2bLxyZld8pPhL1pIFep6Lv1JtJ30CXod7jr23rVXSDownHx/j85eb/3XYEau76bFld3at+NSj96xc9uKBD+17qe1uNBB/KPzQNf86+KPC5l1olZC/5hbd58mkz5NF8d9A8u4e9bSFENa//PUbmsVL8//J9ub/3cntrF/HjblzOIQPFDbuI3Hz//Fw9jlYCGSfkm8rB7JD7v811PCTEwAAAE602u6O2v6C6fw2OyE8nSeX808eZf64v2Ji3vzt9rv/ry9a1ixemv9vaD7/X5J00/F/x/9ZII7/z+tU3xW9JH1gz3Htii5Vx4Jw/H9ep/q7zfH/eTn+7/j/fBz/b8Hx/3md6k9b6VvSdl+6Qggv/tEDTzeLl+b/29ub/1v/b/5F+2rr/21otP7f9kbr/+2x/h8AALCgGiw0l87zSqv3lTKkq/eVMrRcILDlEoPW/zvq9f9eOPPZ34QmSvP/Pe3N/+PLYaDY+mJZ/290fYOqbo6B7RYGBAAA4FTUaAcBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb677/uF/NjeLP/zb855+7sKJy/auu/Dla847/fEQpmcf78jCHf3X3zrx8zvPvWvvfWtuu+fI+R+s5OV68tvfrcsda319KIT9hUcGY+KVoeqducAFn7xrd3c18chQCO8vBrbu3XpaNfGtoRCWFwMPXrTiHdXE3rTE/c+d+0I1cXEa+MTK01+rJs7JAx1pd/9xadbdjrS7Ny4NYbgQqHX3sqX1VdXa+NM80Jm28U+DWRsxMBiLfmMwayMGZmKJ6SUhrOoOoSut6uFKVlVXWtW/VLKqutKqvlwJ4ZwQQnda1XO9WVXd6cgf782qioEz3nfg1bOqif29IawqBp783O0fria+kARqjf9Fbwjvqb5k0sa/3ZM13pM2fktPCO8OIfSmJX7ZnZXoTUs83x3C2wqBWuOf7w5hd+AtIX741H2i7dx99daNMzNTOxYw0Zu31Re2TM9MjW3aNrO5kvSpkY5C+o1rj33sz7z6pU3V28/evX6wnXR3Xq5ntstreururj3Vex/71V+sZO75KNUf8/eGgbDkyp1TO8a+uHHXrh2rs7/tZl+T/e3Ko9m2Wr1YttXyYiWrdl2+fdXO3VevnL5846VTl05dsfoja8bPHl87/tGzV1VHNZ79PRFDvf3kD/XM7kIlJ+MDQEJCYrElOus+3cZP9Q/y0hf9uY72hMrsB3RpWlHM0jE7yhMx6HXHOOJj+Z7SckSrSxOHUpY182S5tj7L2tJkYq6WvizL7Pe60uSw2Fjn7CaN9zvD2FhXo+0wUn+3uHl/dhyb96l807WbBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4P/YgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRg9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHApAAD//7IeJCA=")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000002440)='./file0\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_FS_INFO(r0, 0x8400941f, &(0x7f0000001c00))

447.172044ms ago: executing program 1:
socketpair$tipc(0x1e, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6(0xa, 0x3, 0x3c)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=@base={0x7, 0x4, 0x300, 0x5}, 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000100)={r3, &(0x7f0000000000), 0x0}, 0x20)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
splice(r0, 0x0, r4, 0x0, 0x39000, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000100)=ANY=[], 0xfffffe3e)

390.436612ms ago: executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000008000000000000000000000095"], &(0x7f0000000440)='GPL\x00'}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10)
socketpair(0xf, 0x3, 0x2, &(0x7f0000000040))

305.457197ms ago: executing program 2:
syz_read_part_table(0x106b, &(0x7f0000001080)="$eJzs0LFNxEAQBdC/cGvfCZBoh5AiqAdogZQq6II6aINg0C1n4wKQnLyXfGs0+h5t2NWp+jFJPSeny+jqknd5elv3qs4rSb7rY2RLWyrSk/n3+360PLSqakmrevxKDmvHiCnJ/Lr9U25vrs/xmZb3aRlOf1fOfcRLksNxe37/n1cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgH39BAAA//9JpRT9")

252.047026ms ago: executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14, 0x10, 0x701, 0x0, 0x0, {0xa}}, 0x14}}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c0000001200055a"], 0x2c}}, 0x0)
recvmmsg(r1, &(0x7f0000007700)=[{{0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000c80)=""/237, 0xed}, {0x0}, {&(0x7f0000002a80)=""/4090, 0xffa}, {&(0x7f0000000b80)=""/219, 0xdb}, {&(0x7f0000000d80)=""/20, 0x14}], 0x5}}], 0x1, 0x10000, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000280)={0xa, 0x2, 0x0, @loopback, 0x9}, 0x1c)
r4 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00'})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0), 0x78}}, 0x0)
sendto$inet6(r3, &(0x7f00000000c0)="044aac2f202c5feda71e039a57a93088fdcce4afe28aac61837792741a190670ccbe1a2b00aa77a87d56a3f12c7920ad02928a5dac14e5b896f000fcf6521928480be9af82613a5c661f4110adba358afd8b5b4ef1702051e393ede2698112a1f1bdf1d0f568546ed322ab4c53545bd2cd6e48522f0c154cb3c6864dc30ae921db100f1ee97a234503338f8fdf356472da0c7ab62f274f34", 0xadf29f33fb903ae1, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)
r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$IPVS_CMD_SET_SERVICE(r1, &(0x7f0000000740)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000700)={&(0x7f0000000e40)=ANY=[@ANYBLOB="6c00fdd35393cfe5d03465d87f8e1100de700000", @ANYRES16=r6, @ANYBLOB="000202000000fedbdf250200000058000180060004004e2400000c0007806981c8a17eec180008000900340000000800080000000000060004004e220000060002000c0000000c000700060000000000000014000300fe8000000000000000000000000000bb"], 0x6c}, 0x1, 0x0, 0x0, 0x1}, 0x20008090)
shutdown(r3, 0x1)
recvmsg(r3, &(0x7f00000008c0)={0x0, 0x4, &(0x7f0000000840)=[{&(0x7f0000000040)=""/50, 0xfffffe72}, {&(0x7f0000000240)=""/52, 0x34}, {&(0x7f0000000780)=""/129, 0x80}, {&(0x7f0000000300)=""/68, 0x44}, {&(0x7f0000000380)=""/121, 0x79}, {&(0x7f0000000400)=""/183, 0xb7}], 0x6}, 0x40000110)
sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000900)={&(0x7f00000004c0)=ANY=[@ANYRESOCT=r3, @ANYRESOCT=r4, @ANYRES64=r4], 0x13c}, 0x1, 0x0, 0x0, 0x4}, 0x40448d2)
sendmsg$IPVS_CMD_GET_INFO(r4, &(0x7f0000000a40)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x40000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x41517f18f97c4463}, 0x0)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000280), r2)
sendmsg$BATADV_CMD_GET_HARDIF(r4, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x30cff28cd98764d6}, 0xc, &(0x7f0000000300)={&(0x7f0000000a00)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="a400000000000000df250500000005003800010000000800064004489da43443a2d63468b4948413c390bbb2d030b4567f9d9aef72", @ANYRES32=0x0, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x8080)
sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000340)={&(0x7f0000000580)={0x60, r7, 0x10, 0x70bd29, 0x25dfdbfc, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x40}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x40}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x4}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x8000}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x9}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}, @BATADV_ATTR_GW_MODE={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x800}, 0x80)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000a80)={&(0x7f0000000140)={0x1c, r7, 0x200, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x4040)
sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="5c8f01595bef578eed5f5c7240c0c3f72fd0f76443660234ed6770d470536b6401a7bd9e2d3ad8f21b3d13d7b90efeecee5e233164de42eb8e31818f2de21f0b8d", @ANYRES16=r7, @ANYBLOB="00012bbd7000fbdbdf251000000005002f000100000005002f0009000000080031000000000008003a000400000005002900010000000a000900aaaaaaaaaabb00000a000900bbbbbbbbbbbb000008000b0005000000"], 0x5c}, 0x1, 0x0, 0x0, 0x4002}, 0x4c004)
sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x2c, r7, 0x200, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0xfffffffb}]}, 0x2c}}, 0x40)
sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x1c, r7, 0x4, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000040}, 0x20004080)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, r7, 0x4, 0x70bd2a, 0x25dfdbfd, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @local}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x1de}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}]}, 0x30}, 0x1, 0x0, 0x0, 0x4880}, 0x10)
sendmsg$BATADV_CMD_GET_ORIGINATORS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r7, 0x800, 0x70bd26, 0x25dfdbfc, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x2}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0xfffffffc}]}, 0x2c}, 0x1, 0x0, 0x0, 0xd000}, 0x20000800)
sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, r7, 0x100, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x49c5}, 0x80)
msync(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0)

0s ago: executing program 4:
r0 = socket(0x2b, 0x1, 0x1)
sendmmsg$sock(r0, &(0x7f0000001280)=[{{&(0x7f0000000240)=@in6={0xa, 0x0, 0x0, @dev, 0x5}, 0x80, 0x0}}], 0x1, 0x20000001)
recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
connect$netlink(r0, &(0x7f0000000000)=@unspec, 0xc)

kernel console output (not intermixed with test programs):


[  585.773091][T13274] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  585.815832][T13274] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  585.853949][T13274] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  585.895324][T13274] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  585.940855][T13274] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  585.977028][T13274] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  585.998776][T13579] loop3: detected capacity change from 0 to 512
[  586.008052][T13543] loop2: detected capacity change from 0 to 32768
[  586.030724][T13274] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  586.056979][T13274] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  586.074662][T13274] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  586.087643][T13579] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  586.100840][T13579] ext4 filesystem being mounted at /root/syzkaller-testdir3173411594/syzkaller.mQ5qrx/271/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  586.132497][T13274] batman_adv: batadv0: Interface activated: batadv_slave_0
[  586.181674][T13579] EXT4-fs error (device loop3): ext4_generic_delete_entry:2676: inode #12: block 32: comm syz-executor.3: bad entry in directory: rec_len is too small for name_len - offset=0, inode=12, rec_len=12, size=2048 fake=0
[  586.203394][T13274] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  586.203423][T13274] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  586.203439][T13274] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  586.203455][T13274] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  586.203469][T13274] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  586.203485][T13274] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  586.203501][T13274] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  586.203517][T13274] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  586.203531][T13274] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  586.203547][T13274] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  586.203563][T13274] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  586.203578][T13274] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  586.205386][T13274] batman_adv: batadv0: Interface activated: batadv_slave_1
[  586.368512][T13543] bcachefs (loop2): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,journal_flush_delay=1311720,journal_reclaim_delay=1000,nocow
[  586.429296][T13543] bcachefs (loop2): recovering from clean shutdown, journal seq 10
[  586.448245][T13274] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  586.478546][T13579] EXT4-fs error (device loop3) in ext4_delete_entry:2747: Corrupt filesystem
[  586.495369][T13274] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  586.519823][T13274] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  586.533062][T13274] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  586.612656][T13543] bcachefs (loop2): alloc_read... done
[  586.618278][T13543] bcachefs (loop2): stripes_read... done
[  586.665997][T13543] bcachefs (loop2): snapshots_read... done
[  586.699725][T13543] bcachefs (loop2): journal_replay... done
[  586.708033][T13543] bcachefs (loop2): resume_logged_ops... done
[  586.729194][ T9292] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  586.749560][T13543] bcachefs (loop2): going read-write
[  586.785911][T13543] bcachefs (loop2): done starting filesystem
[  586.845215][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  586.867131][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  586.914882][ T1091] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  586.923458][T11651] bcachefs (loop2): shutting down
[  586.928529][T11651] bcachefs (loop2): going read-only
[  586.942843][ T1091] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  586.958580][T11651] bcachefs (loop2): finished waiting for writes to stop
[  586.980074][T13607] x_tables: duplicate entry at hook 2
[  587.042688][T11651] bcachefs (loop2): flushing journal and stopping allocators, journal seq 11
[  587.082625][T11651] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 13
[  587.137083][T11651] bcachefs (loop2): shutdown complete, journal seq 14
[  587.168016][T11651] bcachefs (loop2): marking filesystem clean
[  587.283333][T11651] bcachefs (loop2): shutdown complete
[  587.615791][T13628] loop1: detected capacity change from 0 to 1024
[  587.810514][T13629] loop4: detected capacity change from 0 to 256
[  587.823980][T13629] FAT-fs (loop4): Unrecognized mount option "shortame=niÓ$ÌRͬ_xlItd=1" or missing value
[  588.399706][T13628] EXT4-fs: Ignoring removed i_version option
[  588.491577][T13628] EXT4-fs (loop1): stripe (255) is not aligned with cluster size (16), stripe is disabled
[  588.609736][T13628] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  589.330358][T13658] x_tables: duplicate entry at hook 2
[  589.390169][T13660] loop0: detected capacity change from 0 to 256
[  589.454516][T13660] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011a37, chksum : 0xd675b107, utbl_chksum : 0xe619d30d)
[  590.064020][T13274] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  590.297091][T13675] loop3: detected capacity change from 0 to 8192
[  590.360489][T13675] REISERFS warning (device loop3): super-6506 reiserfs_getopt: empty argument for "commit"
[  590.360489][T13675] 
[  590.570975][  T956] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  590.968642][  T956] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  591.013721][T13701] loop4: detected capacity change from 0 to 256
[  591.079188][T13705] x_tables: duplicate entry at hook 2
[  591.109027][T13701] FAT-fs (loop4): Directory bread(block 64) failed
[  591.123875][ T5109] Bluetooth: hci2: command 0x0406 tx timeout
[  591.187917][T13701] FAT-fs (loop4): Directory bread(block 65) failed
[  591.200203][T13701] FAT-fs (loop4): Directory bread(block 66) failed
[  591.208641][ T5113] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  591.236505][T13701] FAT-fs (loop4): Directory bread(block 67) failed
[  591.279739][ T5113] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  591.280050][T13701] FAT-fs (loop4): Directory bread(block 68) failed
[  591.309830][ T5113] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  591.325276][ T5113] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  591.327972][T13701] FAT-fs (loop4): Directory bread(block 69) failed
[  591.344308][ T5113] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  591.380466][ T5113] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  591.385651][  T956] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  591.447457][T13701] FAT-fs (loop4): Directory bread(block 70) failed
[  591.454387][T13701] FAT-fs (loop4): Directory bread(block 71) failed
[  591.461477][T13701] FAT-fs (loop4): Directory bread(block 72) failed
[  591.468578][T13701] FAT-fs (loop4): Directory bread(block 73) failed
[  591.603963][  T956] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  591.661917][   T25] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  591.859552][   T25] usb 1-1: Using ep0 maxpacket: 16
[  591.874721][   T25] usb 1-1: config 114 has an invalid descriptor of length 217, skipping remainder of the config
[  591.886410][   T25] usb 1-1: config 114 has 0 interfaces, different from the descriptor's value: 1
[  591.896228][   T25] usb 1-1: New USB device found, idVendor=06a3, idProduct=0621, bcdDevice= 0.00
[  591.906955][   T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  592.023318][ T5109] Bluetooth: hci0: Received unexpected HCI Event 0x00
[  592.115195][  T956] bridge_slave_1: left allmulticast mode
[  592.138454][   T29] audit: type=1326 audit(1851837811.468:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13709 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6b3047cf69 code=0x0
[  592.142112][T13732] loop3: detected capacity change from 0 to 512
[  592.162716][  T956] bridge_slave_1: left promiscuous mode
[  592.188773][  T956] bridge0: port 2(bridge_slave_1) entered disabled state
[  592.204672][   T25] usb 1-1: language id specifier not provided by device, defaulting to English
[  592.226008][  T956] bridge_slave_0: left allmulticast mode
[  592.240289][T13732] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2234: inode #15: comm syz-executor.3: corrupted in-inode xattr: bad e_name length
[  592.255902][  T956] bridge_slave_0: left promiscuous mode
[  592.272085][  T956] bridge0: port 1(bridge_slave_0) entered disabled state
[  592.297314][T13732] EXT4-fs error (device loop3): ext4_orphan_get:1399: comm syz-executor.3: couldn't read orphan inode 15 (err -117)
[  592.334627][T13732] EXT4-fs (loop3): mounted filesystem 00000004-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  592.421334][T13732] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz-executor.3: bg 0: block 312: padding at end of block bitmap is not set
[  592.492808][ T9292] EXT4-fs (loop3): unmounting filesystem 00000004-0000-0000-0000-000000000000.
[  592.498278][T13741] loop2: detected capacity change from 0 to 1024
[  592.555826][T13741] EXT4-fs: Ignoring removed i_version option
[  592.607009][T13741] EXT4-fs (loop2): stripe (255) is not aligned with cluster size (16), stripe is disabled
[  592.691639][T13741] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  593.302814][  T956] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  593.315396][  T956] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  593.328272][  T956] bond0 (unregistering): Released all slaves
[  593.344737][T13743] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  593.510307][ T5109] Bluetooth: hci1: command tx timeout
[  593.574685][T13752] loop4: detected capacity change from 0 to 256
[  593.606178][T13752] FAT-fs (loop4): Directory bread(block 64) failed
[  593.613683][T13752] FAT-fs (loop4): Directory bread(block 65) failed
[  593.619041][T13707] chnl_net:caif_netlink_parms(): no params data found
[  593.627854][T13752] FAT-fs (loop4): Directory bread(block 66) failed
[  593.635499][T13752] FAT-fs (loop4): Directory bread(block 67) failed
[  593.642672][T13752] FAT-fs (loop4): Directory bread(block 68) failed
[  593.649746][T13752] FAT-fs (loop4): Directory bread(block 69) failed
[  593.656798][T13752] FAT-fs (loop4): Directory bread(block 70) failed
[  593.667416][T13752] FAT-fs (loop4): Directory bread(block 71) failed
[  593.674472][T13752] FAT-fs (loop4): Directory bread(block 72) failed
[  593.681453][T13752] FAT-fs (loop4): Directory bread(block 73) failed
[  593.733786][T11651] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  594.220531][T13707] bridge0: port 1(bridge_slave_0) entered blocking state
[  594.228977][T13707] bridge0: port 1(bridge_slave_0) entered disabled state
[  594.241372][T13707] bridge_slave_0: entered allmulticast mode
[  594.260062][T13707] bridge_slave_0: entered promiscuous mode
[  594.282328][T13707] bridge0: port 2(bridge_slave_1) entered blocking state
[  594.297718][T13707] bridge0: port 2(bridge_slave_1) entered disabled state
[  594.307868][T13707] bridge_slave_1: entered allmulticast mode
[  594.341658][T13707] bridge_slave_1: entered promiscuous mode
[  594.360865][ T5159] usb 1-1: USB disconnect, device number 5
[  594.468771][  T956] hsr_slave_0: left promiscuous mode
[  594.501633][  T956] hsr_slave_1: left promiscuous mode
[  594.537804][  T956] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  594.555829][  T956] batman_adv: batadv0: Removing interface: batadv_slave_0
[  594.575925][  T956] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  594.590796][  T956] batman_adv: batadv0: Removing interface: batadv_slave_1
[  594.680685][  T956] veth1_macvtap: left promiscuous mode
[  594.696804][  T956] veth0_macvtap: left promiscuous mode
[  594.716825][  T956] veth1_vlan: left promiscuous mode
[  594.725203][T13773] loop4: detected capacity change from 0 to 512
[  594.727752][  T956] veth0_vlan: left promiscuous mode
[  594.732496][T13768] loop0: detected capacity change from 0 to 4096
[  594.766179][T13768] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512).
[  594.801823][T13773] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2234: inode #15: comm syz-executor.4: corrupted in-inode xattr: bad e_name length
[  594.881575][T13773] EXT4-fs error (device loop4): ext4_orphan_get:1399: comm syz-executor.4: couldn't read orphan inode 15 (err -117)
[  594.902642][T13773] EXT4-fs (loop4): mounted filesystem 00000004-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  594.931498][   T29] audit: type=1800 audit(1851837814.268:267): pid=13768 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="loop0" ino=33 res=0 errno=0
[  594.945721][T13773] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz-executor.4: bg 0: block 312: padding at end of block bitmap is not set
[  594.984075][ T5113] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  595.002455][ T5113] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  595.015840][ T5113] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  595.041494][ T5113] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  595.056562][ T5113] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  595.069043][ T5113] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  595.162340][ T6917] EXT4-fs (loop4): unmounting filesystem 00000004-0000-0000-0000-000000000000.
[  595.580903][ T5113] Bluetooth: hci1: command tx timeout
[  596.298935][T13787] loop0: detected capacity change from 0 to 32768
[  596.376062][T13787] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  596.386988][  T956] team0 (unregistering): Port device team_slave_1 removed
[  596.438172][T13787] XFS (loop0): Ending clean mount
[  596.464663][T13787] XFS (loop0): Quotacheck needed: Please wait.
[  596.493660][  T956] team0 (unregistering): Port device team_slave_0 removed
[  596.546439][T13787] XFS (loop0): Quotacheck: Done.
[  596.660822][ T9559] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  597.194420][ T5113] Bluetooth: hci2: command tx timeout
[  597.669762][ T5113] Bluetooth: hci1: command tx timeout
[  597.687806][T13797] loop0: detected capacity change from 0 to 40427
[  597.711506][T13797] F2FS-fs (loop0): journaled quota format not specified
[  597.944513][T13707] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  597.977837][T13783] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  598.012376][T13707] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  598.023691][T13799] xt_l2tp: v2 tid > 0xffff: 2013396992
[  598.211782][T13707] team0: Port device team_slave_0 added
[  598.294649][T13707] team0: Port device team_slave_1 added
[  598.463841][T13707] batman_adv: batadv0: Adding interface: batadv_slave_0
[  598.481452][T13707] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  598.519619][T13707] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  598.562726][T13814] bridge0: port 3(team0) entered blocking state
[  598.629657][T13814] bridge0: port 3(team0) entered disabled state
[  598.636639][T13814] team0: entered allmulticast mode
[  598.651425][T13814] team_slave_0: entered allmulticast mode
[  598.674133][T13814] team_slave_1: entered allmulticast mode
[  598.705314][T13814] team0: entered promiscuous mode
[  598.725590][T13814] team_slave_0: entered promiscuous mode
[  598.748441][T13814] team_slave_1: entered promiscuous mode
[  598.782362][T13814] bridge0: port 3(team0) entered blocking state
[  598.789688][T13814] bridge0: port 3(team0) entered forwarding state
[  598.814300][T13707] batman_adv: batadv0: Adding interface: batadv_slave_1
[  598.826510][T13707] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  598.889475][T13707] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  599.052773][T13827] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  599.263552][ T5113] Bluetooth: hci2: command tx timeout
[  599.354686][T13817] netlink: 'syz-executor.4': attribute type 10 has an invalid length.
[  599.621958][T13817] team0: left allmulticast mode
[  599.734124][T13817] team_slave_0: left allmulticast mode
[  599.742553][ T5113] Bluetooth: hci1: command tx timeout
[  599.778578][T13817] team_slave_1: left allmulticast mode
[  599.797674][T13817] team0: left promiscuous mode
[  599.802815][T13817] team_slave_0: left promiscuous mode
[  599.808666][T13817] team_slave_1: left promiscuous mode
[  599.815259][T13817] bridge0: port 3(team0) entered disabled state
[  599.841016][T13817] batman_adv: batadv0: Adding interface: team0
[  599.847649][T13817] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  599.876009][T13817] batman_adv: batadv0: Interface activated: team0
[  599.886167][T13826] netlink: 'syz-executor.0': attribute type 12 has an invalid length.
[  599.978783][T13820] loop3: detected capacity change from 0 to 32768
[  600.035119][T13820] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  600.077791][T13831] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  600.089568][T13820] XFS (loop3): Ending clean mount
[  600.108483][T13707] hsr_slave_0: entered promiscuous mode
[  600.115770][T13820] XFS (loop3): Quotacheck needed: Please wait.
[  600.139577][T13707] hsr_slave_1: entered promiscuous mode
[  600.167157][T13707] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  600.186152][T13707] Cannot create hsr debugfs directory
[  600.206878][T13842] loop4: detected capacity change from 0 to 256
[  600.254286][T13820] XFS (loop3): Quotacheck: Done.
[  600.354562][T13842] FAT-fs (loop4): Directory bread(block 64) failed
[  600.397337][T13842] FAT-fs (loop4): Directory bread(block 65) failed
[  600.422124][T13842] FAT-fs (loop4): Directory bread(block 66) failed
[  600.428765][T13842] FAT-fs (loop4): Directory bread(block 67) failed
[  600.447458][T13842] FAT-fs (loop4): Directory bread(block 68) failed
[  600.471712][ T9292] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  600.485566][T13842] FAT-fs (loop4): Directory bread(block 69) failed
[  600.507869][ T1090] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  600.522189][T13842] FAT-fs (loop4): Directory bread(block 70) failed
[  600.530474][T13842] FAT-fs (loop4): Directory bread(block 71) failed
[  600.537218][T13842] FAT-fs (loop4): Directory bread(block 72) failed
[  600.566467][T13842] FAT-fs (loop4): Directory bread(block 73) failed
[  600.929253][ T1090] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  601.262447][ T1090] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  601.349857][ T5113] Bluetooth: hci2: command tx timeout
[  601.460576][T13870] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  601.978536][ T1090] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  602.128895][T13868] netlink: 'syz-executor.0': attribute type 12 has an invalid length.
[  602.155366][T13775] chnl_net:caif_netlink_parms(): no params data found
[  602.466804][T13879] loop0: detected capacity change from 0 to 256
[  602.489771][T13879] FAT-fs (loop0): Directory bread(block 64) failed
[  602.496379][T13879] FAT-fs (loop0): Directory bread(block 65) failed
[  602.505810][T13879] FAT-fs (loop0): Directory bread(block 66) failed
[  602.512558][T13879] FAT-fs (loop0): Directory bread(block 67) failed
[  602.519205][T13879] FAT-fs (loop0): Directory bread(block 68) failed
[  602.525908][T13879] FAT-fs (loop0): Directory bread(block 69) failed
[  602.533099][T13879] FAT-fs (loop0): Directory bread(block 70) failed
[  602.539757][T13879] FAT-fs (loop0): Directory bread(block 71) failed
[  602.546412][T13879] FAT-fs (loop0): Directory bread(block 72) failed
[  602.553084][T13879] FAT-fs (loop0): Directory bread(block 73) failed
[  602.605981][T13879] syz-executor.0: attempt to access beyond end of device
[  602.605981][T13879] loop0: rw=2049, sector=1224, nr_sectors = 32 limit=256
[  602.622405][T13879] syz-executor.0: attempt to access beyond end of device
[  602.622405][T13879] loop0: rw=2049, sector=1288, nr_sectors = 88 limit=256
[  603.092615][T13888] syz-executor.0: attempt to access beyond end of device
[  603.092615][T13888] loop0: rw=2049, sector=1384, nr_sectors = 448 limit=256
[  603.112679][T13888] syz-executor.0: attempt to access beyond end of device
[  603.112679][T13888] loop0: rw=2049, sector=1864, nr_sectors = 3136 limit=256
[  603.287042][T13775] bridge0: port 1(bridge_slave_0) entered blocking state
[  603.326247][T13775] bridge0: port 1(bridge_slave_0) entered disabled state
[  603.362584][T13775] bridge_slave_0: entered allmulticast mode
[  603.397458][T13775] bridge_slave_0: entered promiscuous mode
[  603.421597][ T5113] Bluetooth: hci2: command tx timeout
[  603.493993][   T51] kworker/u8:3: attempt to access beyond end of device
[  603.493993][   T51] loop0: rw=1, sector=5000, nr_sectors = 13584 limit=256
[  603.547260][T13775] bridge0: port 2(bridge_slave_1) entered blocking state
[  603.559837][T13775] bridge0: port 2(bridge_slave_1) entered disabled state
[  603.567176][T13775] bridge_slave_1: entered allmulticast mode
[  603.591193][T13775] bridge_slave_1: entered promiscuous mode
[  603.624358][T13882] loop3: detected capacity change from 0 to 32768
[  603.638728][ T1090] bridge_slave_1: left allmulticast mode
[  603.660550][ T1090] bridge_slave_1: left promiscuous mode
[  603.673102][ T1090] bridge0: port 2(bridge_slave_1) entered disabled state
[  603.715461][ T1090] bridge_slave_0: left allmulticast mode
[  603.721643][ T1090] bridge_slave_0: left promiscuous mode
[  603.734729][ T1090] bridge0: port 1(bridge_slave_0) entered disabled state
[  603.820642][T13882] bcachefs (loop3): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,journal_flush_delay=1311720,journal_reclaim_delay=1000,nocow
[  603.899918][T13882] bcachefs (loop3): recovering from clean shutdown, journal seq 10
[  603.973857][T13882] bcachefs (loop3): alloc_read... done
[  603.986710][T13882] bcachefs (loop3): stripes_read... done
[  604.000959][T13882] bcachefs (loop3): snapshots_read... done
[  604.019487][T13882] bcachefs (loop3): journal_replay... done
[  604.033312][T13882] bcachefs (loop3): resume_logged_ops... done
[  604.054645][T13882] bcachefs (loop3): going read-write
[  604.110188][T13882] bcachefs (loop3): done starting filesystem
[  604.313693][ T9292] bcachefs (loop3): shutting down
[  604.318792][ T9292] bcachefs (loop3): going read-only
[  604.334158][ T9292] bcachefs (loop3): finished waiting for writes to stop
[  604.362804][ T9292] bcachefs (loop3): flushing journal and stopping allocators, journal seq 11
[  604.479346][ T9292] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 13
[  604.493906][ T9292] bcachefs (loop3): shutdown complete, journal seq 14
[  604.504270][ T9292] bcachefs (loop3): marking filesystem clean
[  604.578634][ T9292] bcachefs (loop3): shutdown complete
[  604.785921][T13915] xt_l2tp: v2 tid > 0xffff: 2013396992
[  605.546882][ T1090] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  605.619935][ T1090] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  605.641987][ T1090] bond0 (unregistering): Released all slaves
[  605.739883][T13775] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  605.770439][T13906] netlink: 'syz-executor.0': attribute type 10 has an invalid length.
[  605.855646][T13906] 8021q: adding VLAN 0 to HW filter on device team0
[  605.907164][T13906] bond0: (slave team0): Enslaving as an active interface with an up link
[  605.925845][T13907] netlink: 'syz-executor.0': attribute type 10 has an invalid length.
[  605.951399][T13907] bond0: (slave team0): Releasing backup interface
[  605.977692][T13907] bridge0: port 3(team0) entered blocking state
[  605.998070][T13907] bridge0: port 3(team0) entered disabled state
[  606.025433][T13907] team0: entered allmulticast mode
[  606.041297][T13907] team_slave_0: entered allmulticast mode
[  606.055107][T13907] team_slave_1: entered allmulticast mode
[  606.080191][T13907] team0: entered promiscuous mode
[  606.094142][T13907] team_slave_0: entered promiscuous mode
[  606.112997][T13907] team_slave_1: entered promiscuous mode
[  606.143735][T13775] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  606.170080][ T1090] tipc: Left network mode
[  606.417761][T13775] team0: Port device team_slave_0 added
[  606.479253][T13775] team0: Port device team_slave_1 added
[  606.773511][T13928] loop3: detected capacity change from 0 to 32768
[  606.815523][T13928] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  606.900764][T13775] batman_adv: batadv0: Adding interface: batadv_slave_0
[  606.908917][T13775] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  606.993664][T13775] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  607.032358][T13707] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  607.070521][T13775] batman_adv: batadv0: Adding interface: batadv_slave_1
[  607.077550][T13775] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  607.118696][T13775] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  607.156741][T13928] XFS (loop3): Ending clean mount
[  607.166071][T13707] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  607.187195][T13707] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  607.200537][T13928] XFS (loop3): Quotacheck needed: Please wait.
[  607.229804][ T1090] hsr_slave_0: left promiscuous mode
[  607.236404][ T1090] hsr_slave_1: left promiscuous mode
[  607.317008][ T1090] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  607.317321][T13928] XFS (loop3): Quotacheck: Done.
[  607.329931][ T1090] batman_adv: batadv0: Removing interface: batadv_slave_0
[  607.343497][ T1090] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  607.373248][ T1090] batman_adv: batadv0: Removing interface: batadv_slave_1
[  607.478965][ T1090] veth1_macvtap: left promiscuous mode
[  607.484818][ T1090] veth0_macvtap: left promiscuous mode
[  607.490866][ T1090] veth1_vlan: left promiscuous mode
[  607.499699][ T1090] veth0_vlan: left promiscuous mode
[  607.775021][ T9292] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  607.873360][ T1090] pimreg (unregistering): left allmulticast mode
[  608.612750][T13971] loop3: detected capacity change from 0 to 8192
[  608.649336][T13971] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  608.662650][T13971] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  608.686634][T13971] REISERFS (device loop3): using ordered data mode
[  608.693821][T13971] reiserfs: using flush barriers
[  608.771093][T13979] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  608.776498][T13971] REISERFS warning (device loop3): sh-459 journal_init: unable to read journal header
[  609.315053][ T1090] team0 (unregistering): Port device team_slave_1 removed
[  609.450612][ T1090] team0 (unregistering): Port device team_slave_0 removed
[  610.955625][T13707] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  611.026499][T13775] hsr_slave_0: entered promiscuous mode
[  611.066181][T13775] hsr_slave_1: entered promiscuous mode
[  611.112774][T13775] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  611.121770][T13775] Cannot create hsr debugfs directory
[  611.185218][T14007] loop4: detected capacity change from 0 to 256
[  611.312791][T14007] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x1cbb3694, utbl_chksum : 0xe619d30d)
[  611.356753][T14009] loop3: detected capacity change from 0 to 512
[  611.393195][T14009] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2234: inode #15: comm syz-executor.3: corrupted in-inode xattr: bad e_name length
[  611.450059][T14009] EXT4-fs error (device loop3): ext4_orphan_get:1399: comm syz-executor.3: couldn't read orphan inode 15 (err -117)
[  611.519016][T14009] EXT4-fs (loop3): mounted filesystem 00000004-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  611.710176][T14011] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 312: padding at end of block bitmap is not set
[  611.794206][T14017] loop0: detected capacity change from 0 to 4096
[  612.032694][T14020] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  612.091913][ T9292] EXT4-fs (loop3): unmounting filesystem 00000004-0000-0000-0000-000000000000.
[  612.123375][T13707] 8021q: adding VLAN 0 to HW filter on device bond0
[  612.337463][T13707] 8021q: adding VLAN 0 to HW filter on device team0
[  612.423255][ T5164] bridge0: port 1(bridge_slave_0) entered blocking state
[  612.430558][ T5164] bridge0: port 1(bridge_slave_0) entered forwarding state
[  612.540548][ T5164] bridge0: port 2(bridge_slave_1) entered blocking state
[  612.547742][ T5164] bridge0: port 2(bridge_slave_1) entered forwarding state
[  612.877112][T13707] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  613.160565][T13775] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  613.186162][T13775] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  613.250226][T13775] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  613.282107][T13775] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  613.427627][T13707] 8021q: adding VLAN 0 to HW filter on device batadv0
[  613.574972][T13775] 8021q: adding VLAN 0 to HW filter on device bond0
[  613.661374][T13775] 8021q: adding VLAN 0 to HW filter on device team0
[  613.703792][T13707] veth0_vlan: entered promiscuous mode
[  613.728503][ T5162] bridge0: port 1(bridge_slave_0) entered blocking state
[  613.736138][ T5162] bridge0: port 1(bridge_slave_0) entered forwarding state
[  613.795774][ T5162] bridge0: port 2(bridge_slave_1) entered blocking state
[  613.803108][ T5162] bridge0: port 2(bridge_slave_1) entered forwarding state
[  613.847353][T13707] veth1_vlan: entered promiscuous mode
[  614.090181][T13707] veth0_macvtap: entered promiscuous mode
[  614.115914][T13707] veth1_macvtap: entered promiscuous mode
[  614.159631][T14049] dvmrp0: entered allmulticast mode
[  614.233608][T13707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  614.269761][T13707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  614.290196][T13707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  614.308734][T13707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  614.320104][T13707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  614.349462][T13707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  614.359368][T13707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  614.406388][T13707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  614.418329][T13707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  614.429019][T13707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  614.442400][T13707] batman_adv: batadv0: Interface activated: batadv_slave_0
[  614.454050][T13707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  614.472908][T13707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  614.505061][T13707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  614.516783][T13707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  614.534960][T13707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  614.549187][T13707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  614.567909][T13707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  614.578447][T13707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  614.591694][T13707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  614.604320][T13707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  614.627786][T13707] batman_adv: batadv0: Interface activated: batadv_slave_1
[  614.691977][T13707] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  614.719577][T13707] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  614.728359][T13707] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  614.776085][T13707] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  615.079774][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  615.087694][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  615.126808][T13775] 8021q: adding VLAN 0 to HW filter on device batadv0
[  615.218539][ T1090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  615.363646][ T1090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  615.379010][T13775] veth0_vlan: entered promiscuous mode
[  615.481892][T13775] veth1_vlan: entered promiscuous mode
[  615.564864][T13775] veth0_macvtap: entered promiscuous mode
[  615.595443][T13775] veth1_macvtap: entered promiscuous mode
[  615.640341][T13775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  615.677433][T13775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  615.696528][T13775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  615.729058][T13775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  615.756788][T13775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  615.769730][T13775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  615.809680][T13775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  615.853110][T13775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  615.873813][T13775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  615.891876][T13775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  615.925933][T13775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  615.954003][T13775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  616.003149][T13775] batman_adv: batadv0: Interface activated: batadv_slave_0
[  616.071655][T13775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  616.117103][T13775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  616.147179][T14095] loop3: detected capacity change from 0 to 8192
[  616.156268][T13775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  616.186020][T14095] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  616.187646][T13775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  616.209931][T13775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  616.221271][T13775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  616.232681][T13775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  616.245630][T13775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  616.256762][T13775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  616.267379][T13775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  616.277182][T14095] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  616.277276][T14095] REISERFS (device loop3): using ordered data mode
[  616.277291][T14095] reiserfs: using flush barriers
[  616.279013][T14095] REISERFS warning (device loop3): sh-459 journal_init: unable to read journal header
[  616.286681][T13775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  616.286708][T13775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  616.288704][T13775] batman_adv: batadv0: Interface activated: batadv_slave_1
[  616.367289][T13775] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  616.376569][T13775] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  616.398207][T13775] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  616.407922][T13775] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  616.631312][T14106] loop1: detected capacity change from 0 to 256
[  616.771258][T13418] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  616.807305][T13418] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  616.889634][ T1091] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  616.897530][ T1091] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  617.266678][T14121] loop1: detected capacity change from 0 to 8
[  617.312639][T14121] SQUASHFS error: Failed to read block 0x72e: -5
[  617.319103][T14121] unable to read xattr id index table
[  617.802263][T14101] loop0: detected capacity change from 0 to 32768
[  617.818039][T14101] XFS: ikeep mount option is deprecated.
[  617.839086][T14101] XFS: ikeep mount option is deprecated.
[  617.886433][T14101] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  618.215111][T14101] XFS (loop0): Ending clean mount
[  618.244085][T14101] XFS (loop0): Quotacheck needed: Please wait.
[  618.381398][T14144] lo: entered allmulticast mode
[  618.450297][T14144] dvmrp0: entered allmulticast mode
[  618.463011][T14101] XFS (loop0): Quotacheck: Done.
[  618.481077][T14111] loop3: detected capacity change from 0 to 32768
[  618.514512][T14111] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (14111)
[  618.586481][T14111] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  618.604910][T14111] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  618.643645][T14111] BTRFS info (device loop3): using free-space-tree
[  618.728324][T14119] loop2: detected capacity change from 0 to 32768
[  618.764369][ T9559] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  618.828527][T14119] XFS (loop2): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  618.887909][T14108] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  619.029725][T14119] XFS (loop2): Ending clean mount
[  619.095625][T14119] XFS (loop2): Metadata corruption detected at xfs_dinode_verify+0x333/0x1190, inode 0x423 dinode
[  619.149637][T14119] XFS (loop2): Unmount and run xfs_repair
[  619.155441][T14119] XFS (loop2): First 128 bytes of corrupted metadata buffer:
[  619.195873][T14119] 00000000: 49 4e 41 ed 03 01 00 00 00 00 00 00 00 00 00 00  INA.............
[  619.257828][T14119] 00000010: 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  619.300444][T14119] 00000020: 34 f7 58 68 a5 a5 b6 11 34 f7 58 68 a5 a5 b6 11  4.Xh....4.Xh....
[  619.319523][T14119] 00000030: 34 f7 58 68 a5 a5 b6 11 00 00 00 00 00 00 00 20  4.Xh........... 
[  619.380084][T14119] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  619.389036][T14119] 00000050: 00 00 00 02 00 00 00 00 00 00 00 00 6b 5f 93 07  ............k_..
[  619.437050][T14119] 00000060: ff ff ff ff a7 f7 55 74 00 00 00 00 00 00 00 04  ......Ut........
[  619.474739][T14119] 00000070: 00 00 00 01 00 00 00 10 00 00 00 00 00 00 00 08  ................
[  619.537387][T14183] tipc: Failed to remove unknown binding: 66,1,1/0:577186280/577186282
[  619.584705][T14183] tipc: Failed to remove unknown binding: 66,1,1/0:577186280/577186282
[  619.587477][T13775] XFS (loop2): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  619.799170][T14181] loop1: detected capacity change from 0 to 8192
[  619.969856][T14181] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  620.009665][T14181] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal
[  620.054893][T14192] dvmrp0: entered allmulticast mode
[  620.080547][T14181] REISERFS (device loop1): using ordered data mode
[  620.087248][T14181] reiserfs: using flush barriers
[  620.141506][T14181] REISERFS warning (device loop1): sh-459 journal_init: unable to read journal header
[  620.154920][T14195] netlink: 'syz-executor.3': attribute type 28 has an invalid length.
[  620.402816][T14179] loop4: detected capacity change from 0 to 32768
[  620.471391][T14179] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (14179)
[  620.723447][T14179] BTRFS info (device loop4): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  620.749565][T14179] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm
[  620.759165][T14179] BTRFS info (device loop4): using free-space-tree
[  621.659177][T14229] 9pnet_fd: Insufficient options for proto=fd
[  621.723011][T14231] tipc: Failed to remove unknown binding: 66,1,1/0:2209732013/2209732015
[  621.754062][T14231] tipc: Failed to remove unknown binding: 66,1,1/0:2209732013/2209732015
[  621.902153][ T6917] BTRFS info (device loop4): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  622.999120][T14238] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR
[  623.888253][T14228] loop3: detected capacity change from 0 to 32768
[  624.021528][T14262] netlink: 'syz-executor.4': attribute type 28 has an invalid length.
[  624.084460][T14228] XFS (loop3): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  624.163723][T14270] tipc: Failed to remove unknown binding: 66,1,1/0:3683959251/3683959253
[  624.180702][T14228] XFS (loop3): Ending clean mount
[  624.196598][T14270] tipc: Failed to remove unknown binding: 66,1,1/0:3683959251/3683959253
[  624.268810][T14228] XFS (loop3): Metadata corruption detected at xfs_dinode_verify+0x333/0x1190, inode 0x423 dinode
[  624.298979][   T29] audit: type=1326 audit(1851837843.628:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14277 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f404147cf69 code=0x7ffc0000
[  624.325639][T14228] XFS (loop3): Unmount and run xfs_repair
[  624.350242][T14228] XFS (loop3): First 128 bytes of corrupted metadata buffer:
[  624.357842][T14228] 00000000: 49 4e 41 ed 03 01 00 00 00 00 00 00 00 00 00 00  INA.............
[  624.376265][   T29] audit: type=1326 audit(1851837843.628:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14277 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f404147cf69 code=0x7ffc0000
[  624.409507][T14228] 00000010: 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  624.441873][T14228] 00000020: 34 f7 58 68 a5 a5 b6 11 34 f7 58 68 a5 a5 b6 11  4.Xh....4.Xh....
[  624.455736][   T29] audit: type=1326 audit(1851837843.628:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14277 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f404147cf69 code=0x7ffc0000
[  624.499486][T14228] 00000030: 34 f7 58 68 a5 a5 b6 11 00 00 00 00 00 00 00 20  4.Xh........... 
[  624.508914][T14228] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  624.542096][   T29] audit: type=1326 audit(1851837843.628:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14277 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f404147cf69 code=0x7ffc0000
[  624.569748][T14228] 00000050: 00 00 00 02 00 00 00 00 00 00 00 00 6b 5f 93 07  ............k_..
[  624.589569][T14228] 00000060: ff ff ff ff a7 f7 55 74 00 00 00 00 00 00 00 04  ......Ut........
[  624.600994][   T29] audit: type=1326 audit(1851837843.668:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14277 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f404147cf69 code=0x7ffc0000
[  624.628267][T14228] 00000070: 00 00 00 01 00 00 00 10 00 00 00 00 00 00 00 08  ................
[  624.677666][   T29] audit: type=1326 audit(1851837843.668:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14277 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f404147cf69 code=0x7ffc0000
[  624.718480][ T9292] XFS (loop3): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  624.753134][   T29] audit: type=1326 audit(1851837843.668:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14277 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f404147cf69 code=0x7ffc0000
[  624.869470][   T29] audit: type=1326 audit(1851837843.668:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14277 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f404147a6e7 code=0x7ffc0000
[  624.902171][ T1251] ieee802154 phy0 wpan0: encryption failed: -22
[  624.953767][   T29] audit: type=1326 audit(1851837843.668:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14277 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f40414403b9 code=0x7ffc0000
[  625.025315][   T29] audit: type=1326 audit(1851837843.668:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14277 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f404147a6e7 code=0x7ffc0000
[  625.454357][T14297] netlink: 'syz-executor.4': attribute type 28 has an invalid length.
[  625.488711][T14274] loop0: detected capacity change from 0 to 32768
[  625.502904][T14274] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (14274)
[  625.522767][T14274] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  625.546986][T14274] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  625.566175][T14274] BTRFS info (device loop0): using free-space-tree
[  625.636779][T14310] tipc: Failed to remove unknown binding: 66,1,1/0:786020623/786020625
[  625.656574][T14310] tipc: Failed to remove unknown binding: 66,1,1/0:786020623/786020625
[  626.006918][ T9559] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  626.432344][T14329] 9pnet_fd: Insufficient options for proto=fd
[  626.986012][T14301] loop3: detected capacity change from 0 to 32768
[  627.040831][T14301] XFS: ikeep mount option is deprecated.
[  627.046570][T14301] XFS: ikeep mount option is deprecated.
[  627.075807][T14337] loop0: detected capacity change from 0 to 16
[  627.105824][T14337] erofs: (device loop0): mounted with root inode @ nid 36.
[  627.126274][T14337] erofs: (device loop0): erofs_find_target_block: corrupted dir block 0 @ nid 36
[  627.157316][T14337] erofs: (device loop0): erofs_find_target_block: corrupted dir block 0 @ nid 36
[  627.195111][T14301] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  627.219531][T14345] erofs: (device loop0): erofs_find_target_block: corrupted dir block 0 @ nid 36
[  627.300981][T14337] erofs: (device loop0): erofs_find_target_block: corrupted dir block 0 @ nid 36
[  627.372753][T14337] erofs: (device loop0): erofs_readdir: invalid de[0].nameoff 0 @ nid 36
[  627.393441][T14337] erofs: (device loop0): erofs_readdir: invalid de[0].nameoff 0 @ nid 36
[  627.413700][T14326] loop4: detected capacity change from 0 to 32768
[  627.453027][T14326] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (14326)
[  627.508902][T14301] XFS (loop3): Ending clean mount
[  627.530168][T14326] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  627.540336][T14301] XFS (loop3): Quotacheck needed: Please wait.
[  627.556508][T14326] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  627.576853][T14326] BTRFS info (device loop4): using free-space-tree
[  627.685448][T14356] tipc: Failed to remove unknown binding: 66,1,1/0:814143331/814143333
[  627.705554][T14356] tipc: Failed to remove unknown binding: 66,1,1/0:814143331/814143333
[  627.737713][T14301] XFS (loop3): Quotacheck: Done.
[  628.041138][ T6917] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  628.141918][ T9292] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  628.415268][T14379] loop1: detected capacity change from 0 to 8
[  628.509264][T14379] SQUASHFS error: Failed to read block 0x72e: -5
[  628.541958][T14379] unable to read xattr id index table
[  629.301813][T14374] loop0: detected capacity change from 0 to 32768
[  629.336171][T14374] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (14374)
[  629.391320][T14374] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  629.405466][T14374] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  629.468432][T14374] BTRFS info (device loop0): using free-space-tree
[  629.575552][T14409] overlayfs: missing 'lowerdir'
[  629.837602][ T9559] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  630.042068][T14382] loop4: detected capacity change from 0 to 32768
[  630.273570][T14382] bcachefs (loop4): mounting version 1.7: mi_btree_bitmap opts=compression=lz4,nojournal_transaction_names
[  630.285247][T14382] bcachefs (loop4): recovering from clean shutdown, journal seq 7
[  630.374355][T14382] bcachefs (loop4): alloc_read... done
[  630.390005][T14382] bcachefs (loop4): stripes_read... done
[  630.396110][T14382] bcachefs (loop4): snapshots_read... done
[  630.452319][T14382] bcachefs (loop4): journal_replay... done
[  630.489588][T14382] bcachefs (loop4): resume_logged_ops... done
[  630.496107][T14382] bcachefs (loop4): going read-write
[  630.549865][T14382] bcachefs (loop4): done starting filesystem
[  630.707138][T14440] syz-executor.0(14440): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored.
[  630.899351][ T6917] bcachefs (loop4): shutting down
[  630.905521][ T6917] bcachefs (loop4): going read-only
[  630.946095][ T6917] bcachefs (loop4): finished waiting for writes to stop
[  630.968058][ T6917] bcachefs (loop4): flushing journal and stopping allocators, journal seq 9
[  631.090160][ T6917] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 11
[  631.170075][ T6917] bcachefs (loop4): shutdown complete, journal seq 12
[  631.180741][T14421] loop1: detected capacity change from 0 to 32768
[  631.188911][T14421] XFS: ikeep mount option is deprecated.
[  631.190564][ T6917] bcachefs (loop4): marking filesystem clean
[  631.213457][T14421] XFS: ikeep mount option is deprecated.
[  631.220410][T14453] overlayfs: missing 'lowerdir'
[  631.273060][T14421] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  631.285373][ T6917] bcachefs (loop4): shutdown complete
[  631.527519][T14421] XFS (loop1): Ending clean mount
[  631.555494][T14421] XFS (loop1): Quotacheck needed: Please wait.
[  631.790528][T14421] XFS (loop1): Quotacheck: Done.
[  632.163459][T13707] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  632.715836][T14499] loop2: detected capacity change from 0 to 1024
[  632.888334][   T29] kauditd_printk_skb: 142 callbacks suppressed
[  632.888358][   T29] audit: type=1326 audit(1851837852.218:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14498 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd90347cf69 code=0x7ffc0000
[  632.975799][T14505] loop1: detected capacity change from 0 to 512
[  633.005452][   T29] audit: type=1326 audit(1851837852.258:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14498 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=265 compat=0 ip=0x7fd90347cf69 code=0x7ffc0000
[  633.050825][T14505] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  633.071864][T14505] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  633.083887][   T29] audit: type=1326 audit(1851837852.298:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14498 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd90347cf69 code=0x7ffc0000
[  633.153127][   T29] audit: type=1326 audit(1851837852.298:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14498 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd90347cf69 code=0x7ffc0000
[  633.159529][T14505] EXT4-fs error (device loop1): __ext4_get_inode_loc:4357: comm syz-executor.1: Invalid inode table block 0 in block_group 0
[  633.215404][   T29] audit: type=1326 audit(1851837852.328:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14498 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=87 compat=0 ip=0x7fd90347cf69 code=0x7ffc0000
[  633.304880][T14505] EXT4-fs (loop1): get root inode failed
[  633.327341][   T29] audit: type=1326 audit(1851837852.328:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14498 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd90347cf69 code=0x7ffc0000
[  633.349904][T14505] EXT4-fs (loop1): mount failed
[  633.410870][   T29] audit: type=1326 audit(1851837852.328:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14498 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd90347cf69 code=0x7ffc0000
[  633.761341][T14491] loop3: detected capacity change from 0 to 32768
[  633.783901][T14491] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (14491)
[  633.820871][T14491] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  633.844937][T14491] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  633.861410][T14491] BTRFS info (device loop3): using free-space-tree
[  633.937935][T14535] tipc: Failed to remove unknown binding: 66,1,1/0:1776545947/1776545949
[  633.974587][T14535] tipc: Failed to remove unknown binding: 66,1,1/0:1776545947/1776545949
[  633.983229][T14535] tipc: Failed to remove unknown binding: 66,1,1/0:1776545947/1776545949
[  634.029846][T14546] loop4: detected capacity change from 0 to 1024
[  634.096026][   T29] audit: type=1326 audit(1851837853.428:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14544 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f404147cf69 code=0x7ffc0000
[  634.134045][T14536] loop1: detected capacity change from 0 to 4096
[  634.160149][   T29] audit: type=1326 audit(1851837853.428:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14544 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f404147cf69 code=0x7ffc0000
[  634.182789][   T29] audit: type=1326 audit(1851837853.428:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14544 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=265 compat=0 ip=0x7f404147cf69 code=0x7ffc0000
[  634.219614][T14536] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512).
[  634.338205][T14536] ntfs3: loop1: Mark volume as dirty due to NTFS errors
[  634.361477][T14536] ntfs3: loop1: mft corrupted
[  634.366720][ T9292] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  634.379958][T14536] ntfs3: loop1: Failed to load $Extend (-22).
[  634.386126][T14536] ntfs3: loop1: Failed to initialize $Extend.
[  636.067753][T14599] loop1: detected capacity change from 0 to 512
[  636.079616][ T5204] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  636.105903][T14599] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  636.234005][T14599] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  636.283904][T14599] EXT4-fs error (device loop1): __ext4_get_inode_loc:4357: comm syz-executor.1: Invalid inode table block 0 in block_group 0
[  636.332276][T14599] EXT4-fs (loop1): get root inode failed
[  636.338175][T14599] EXT4-fs (loop1): mount failed
[  636.805240][ T5204] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  637.143596][ T5204] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  637.163984][ T5204] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  637.187415][ T5204] usb 3-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  637.206389][ T5204] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  637.241164][ T5204] usb 3-1: config 0 descriptor??
[  637.683952][ T5204] acrux 0003:1A34:0802.0012: unknown main item tag 0x0
[  637.736896][ T5204] acrux 0003:1A34:0802.0012: hidraw0: USB HID v0.00 Device [HID 1a34:0802] on usb-dummy_hcd.2-1/input0
[  637.759977][ T5204] acrux 0003:1A34:0802.0012: no inputs found
[  637.775188][ T5204] acrux 0003:1A34:0802.0012: Failed to enable force feedback support, error: -19
[  637.785118][T14627] dccp_invalid_packet: P.Data Offset(172) too large
[  637.892923][ T5204] usb 3-1: USB disconnect, device number 13
[  637.897611][T14631] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  638.123402][T14637] loop3: detected capacity change from 0 to 8
[  638.131854][T14635] loop4: detected capacity change from 0 to 1024
[  638.148466][T14637] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  638.172136][T14635] EXT4-fs: Ignoring removed orlov option
[  638.190199][T14635] EXT4-fs: Ignoring removed nomblk_io_submit option
[  638.258494][T14635] EXT4-fs error (device loop4): ext4_orphan_get:1420: comm syz-executor.4: bad orphan inode 1056964608
[  638.330053][T14635] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  638.489066][T14635] EXT4-fs (loop4): Online defrag not supported with bigalloc
[  638.661363][ T6917] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  639.960969][T14662] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[  641.046619][T14690] loop0: detected capacity change from 0 to 256
[  642.314767][T14705] loop4: detected capacity change from 0 to 256
[  642.400192][T14705] FAT-fs (loop4): Directory bread(block 64) failed
[  642.406802][T14705] FAT-fs (loop4): Directory bread(block 65) failed
[  642.449825][T14705] FAT-fs (loop4): Directory bread(block 66) failed
[  642.457206][T14708] loop1: detected capacity change from 0 to 8
[  642.479668][T14705] FAT-fs (loop4): Directory bread(block 67) failed
[  642.492292][T14708] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  642.509616][T14705] FAT-fs (loop4): Directory bread(block 68) failed
[  642.533429][T14705] FAT-fs (loop4): Directory bread(block 69) failed
[  642.572049][T14705] FAT-fs (loop4): Directory bread(block 70) failed
[  642.578654][T14705] FAT-fs (loop4): Directory bread(block 71) failed
[  642.650938][T14705] FAT-fs (loop4): Directory bread(block 72) failed
[  642.657552][T14705] FAT-fs (loop4): Directory bread(block 73) failed
[  642.715966][T14673] loop2: detected capacity change from 0 to 32768
[  642.731182][T14673] XFS: noikeep mount option is deprecated.
[  642.794297][T14673] XFS (loop2): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  642.916529][T14673] XFS (loop2): Ending clean mount
[  642.961709][T14673] XFS (loop2): Quotacheck needed: Please wait.
[  643.108930][T14673] XFS (loop2): Quotacheck: Done.
[  643.151496][T14730] loop1: detected capacity change from 0 to 256
[  643.223617][T13775] XFS (loop2): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  643.248616][    C1] IPv4: Oversized IP packet from 172.20.20.10
[  643.750713][  T784] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  643.969989][  T784] usb 2-1: Using ep0 maxpacket: 16
[  643.983018][  T784] usb 2-1: config 0 has an invalid interface number: 8 but max is 0
[  643.999523][  T784] usb 2-1: config 0 has no interface number 0
[  644.008213][T14743] loop2: detected capacity change from 0 to 4096
[  644.010345][  T784] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  644.042988][  T784] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  644.063180][  T784] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  644.119217][  T784] usb 2-1: Product: syz
[  644.123830][  T784] usb 2-1: SerialNumber: syz
[  644.151146][  T784] usb 2-1: config 0 descriptor??
[  644.164617][  T784] usbhid 2-1:0.8: couldn't find an input interrupt endpoint
[  644.431769][  T784] usb 2-1: USB disconnect, device number 8
[  644.467520][   T29] kauditd_printk_skb: 4 callbacks suppressed
[  644.467540][   T29] audit: type=1800 audit(1851837863.798:434): pid=14750 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=1974 res=0 errno=0
[  645.031347][T14754] netlink: 100 bytes leftover after parsing attributes in process `syz-executor.3'.
[  645.161902][T14748] loop4: detected capacity change from 0 to 32768
[  645.188327][T14748] XFS: ikeep mount option is deprecated.
[  645.208968][T14748] XFS: ikeep mount option is deprecated.
[  645.258340][T14748] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  645.465835][T14748] XFS (loop4): Ending clean mount
[  645.498312][T14748] XFS (loop4): Quotacheck needed: Please wait.
[  645.625025][T14750] loop2: detected capacity change from 0 to 32768
[  645.724383][T14748] XFS (loop4): Quotacheck: Done.
[  645.995673][ T6917] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  646.606278][T14758] loop3: detected capacity change from 0 to 32768
[  646.654764][T14758] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (14758)
[  646.707144][T14758] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  646.741496][T14758] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  646.745501][T14775] loop2: detected capacity change from 0 to 2048
[  646.774192][T14758] BTRFS info (device loop3): disk space caching is enabled
[  646.817210][T14781] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  646.959078][T14758] BTRFS info (device loop3): rebuilding free space tree
[  647.036741][T14758] BTRFS info (device loop3): disabling free space tree
[  647.043986][T14758] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  647.079783][T14758] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  647.288200][ T9292] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  647.397349][T14800] loop2: detected capacity change from 0 to 4096
[  647.807186][T14800] ntfs3: loop2: failed to convert "0000" to iso8859-1
[  647.853012][T14800] ntfs3: loop2: failed to convert name for inode 1e.
[  647.884656][T14779] loop4: detected capacity change from 0 to 32768
[  648.003129][T13775] ntfs3: loop2: failed to convert "0000" to iso8859-1
[  648.019050][T13775] ntfs3: loop2: failed to convert name for inode 1e.
[  648.040672][T14806] netlink: 100 bytes leftover after parsing attributes in process `syz-executor.1'.
[  648.357613][T14779] bcachefs (loop4): mounting version 1.7: mi_btree_bitmap opts=compression=lz4,nojournal_transaction_names
[  648.389709][T14779] bcachefs (loop4): recovering from clean shutdown, journal seq 7
[  648.437267][T14779] bcachefs (loop4): alloc_read... done
[  648.452886][T14779] bcachefs (loop4): stripes_read... done
[  648.458707][T14779] bcachefs (loop4): snapshots_read... done
[  648.468609][T14779] bcachefs (loop4): journal_replay... done
[  648.502671][T14779] bcachefs (loop4): resume_logged_ops... done
[  648.508947][T14779] bcachefs (loop4): going read-write
[  648.570653][T14779] bcachefs (loop4): done starting filesystem
[  648.598705][T14818] loop3: detected capacity change from 0 to 4096
[  648.626732][T14818] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512).
[  648.761872][ T1090] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  648.809645][ T5164] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  648.824047][T14818] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  648.837818][T14818] ntfs3: loop3: mft corrupted
[  648.844033][T14818] ntfs3: loop3: Failed to load $Extend (-22).
[  648.850298][T14818] ntfs3: loop3: Failed to initialize $Extend.
[  648.882821][ T6917] bcachefs (loop4): shutting down
[  648.890658][ T6917] bcachefs (loop4): going read-only
[  648.906889][ T6917] bcachefs (loop4): finished waiting for writes to stop
[  648.927590][ T6917] bcachefs (loop4): flushing journal and stopping allocators, journal seq 8
[  649.009675][ T6917] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 10
[  649.021610][ T5164] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  649.033390][ T5164] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  649.050391][ T5164] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  649.069690][ T6917] bcachefs (loop4): shutdown complete, journal seq 11
[  649.075887][ T1090] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  649.088263][ T6917] bcachefs (loop4): marking filesystem clean
[  649.092687][ T5164] usb 2-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  649.106699][ T5164] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  649.117858][ T5164] usb 2-1: config 0 descriptor??
[  649.332792][ T6917] bcachefs (loop4): shutdown complete
[  649.372139][ T1090] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  649.537892][ T5164] acrux 0003:1A34:0802.0013: unknown main item tag 0x0
[  649.586572][ T5164] acrux 0003:1A34:0802.0013: hidraw0: USB HID v0.00 Device [HID 1a34:0802] on usb-dummy_hcd.1-1/input0
[  649.621981][ T1090] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  649.629690][ T5164] acrux 0003:1A34:0802.0013: no inputs found
[  649.649970][ T5164] acrux 0003:1A34:0802.0013: Failed to enable force feedback support, error: -19
[  649.765911][ T5164] usb 2-1: USB disconnect, device number 9
[  650.041501][T14448] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  650.060558][T14448] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  650.062551][ T1090] bridge_slave_1: left allmulticast mode
[  650.088015][T14448] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  650.108413][ T1090] bridge_slave_1: left promiscuous mode
[  650.119830][T14448] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  650.140259][ T1090] bridge0: port 2(bridge_slave_1) entered disabled state
[  650.151454][T14448] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  650.167251][T14448] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  650.180407][ T1090] bridge_slave_0: left allmulticast mode
[  650.186146][ T1090] bridge_slave_0: left promiscuous mode
[  650.238404][ T1090] bridge0: port 1(bridge_slave_0) entered disabled state
[  651.421139][T14840] netlink: 100 bytes leftover after parsing attributes in process `syz-executor.1'.
[  651.452297][T14842] loop3: detected capacity change from 0 to 2048
[  651.490625][T14845] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  651.739117][T14849] loop3: detected capacity change from 0 to 512
[  651.759744][T14849] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  651.790675][T14849] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[  651.810828][T14849] EXT4-fs (loop3): warning: checktime reached, running e2fsck is recommended
[  651.820628][T14849] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002]
[  651.829232][T14849] System zones: 0-2, 18-18, 34-34
[  651.870803][ T5281] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  651.898807][T14849] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  651.971553][T14849] EXT4-fs (loop3): 1 truncate cleaned up
[  651.989894][T14849] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  652.059683][ T5281] usb 2-1: Using ep0 maxpacket: 16
[  652.071093][ T5281] usb 2-1: config 0 has an invalid interface number: 8 but max is 0
[  652.080426][ T5281] usb 2-1: config 0 has no interface number 0
[  652.086634][ T5281] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  652.120926][ T5281] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  652.138452][ T5281] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  652.158594][ T5281] usb 2-1: Product: syz
[  652.171793][ T5281] usb 2-1: SerialNumber: syz
[  652.196594][ T5281] usb 2-1: config 0 descriptor??
[  652.215309][ T5281] usbhid 2-1:0.8: couldn't find an input interrupt endpoint
[  652.300118][ T5109] Bluetooth: hci2: command tx timeout
[  652.405108][ T9292] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  652.497058][ T5164] usb 2-1: USB disconnect, device number 10
[  652.808360][T14857] loop3: detected capacity change from 0 to 4096
[  652.818347][T14855] loop0: detected capacity change from 0 to 32768
[  652.830546][ T1090] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  652.850700][ T1090] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  652.868025][ T1090] bond0 (unregistering): Released all slaves
[  653.044518][T14855] bcachefs (loop0): mounting version 1.7: mi_btree_bitmap opts=compression=lz4,nojournal_transaction_names
[  653.112507][T14855] bcachefs (loop0): recovering from clean shutdown, journal seq 7
[  653.232145][T14855] bcachefs (loop0): alloc_read... done
[  653.237856][T14855] bcachefs (loop0): stripes_read... done
[  653.307387][T14855] bcachefs (loop0): snapshots_read... done
[  653.397588][T14855] bcachefs (loop0): journal_replay... done
[  653.439772][T14855] bcachefs (loop0): resume_logged_ops... done
[  653.469587][T14855] bcachefs (loop0): going read-write
[  653.495480][T14855] bcachefs (loop0): done starting filesystem
[  653.560366][T14878] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  653.639532][T14880] netlink: 100 bytes leftover after parsing attributes in process `syz-executor.3'.
[  653.682057][ T1090] hsr_slave_0: left promiscuous mode
[  653.704138][ T9559] bcachefs (loop0): shutting down
[  653.733276][ T1090] hsr_slave_1: left promiscuous mode
[  653.751279][ T9559] bcachefs (loop0): going read-only
[  653.765782][ T9559] bcachefs (loop0): finished waiting for writes to stop
[  653.773277][ T1090] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  653.802333][ T1090] batman_adv: batadv0: Removing interface: batadv_slave_0
[  653.812570][ T9559] bcachefs (loop0): flushing journal and stopping allocators, journal seq 9
[  653.835707][ T1090] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  653.860984][ T9559] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 11
[  653.872722][ T9559] bcachefs (loop0): shutdown complete, journal seq 12
[  653.881003][ T9559] bcachefs (loop0): marking filesystem clean
[  653.889638][ T1090] batman_adv: batadv0: Removing interface: batadv_slave_1
[  654.047687][ T9559] bcachefs (loop0): shutdown complete
[  654.065902][ T1090] veth1_macvtap: left promiscuous mode
[  654.099710][ T1090] veth0_macvtap: left promiscuous mode
[  654.105458][ T1090] veth1_vlan: left promiscuous mode
[  654.129935][ T1090] veth0_vlan: left promiscuous mode
[  654.379760][T14448] Bluetooth: hci2: command tx timeout
[  654.407554][T14889] loop4: detected capacity change from 0 to 2048
[  654.514732][T14890] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  655.150619][   T29] audit: type=1800 audit(1851837874.488:435): pid=14896 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="file1" dev="sda1" ino=1971 res=0 errno=0
[  655.192796][   T29] audit: type=1804 audit(1851837874.498:436): pid=14896 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3774473380/syzkaller.mn5xSJ/349/file1" dev="sda1" ino=1971 res=1 errno=0
[  655.319535][ T5164] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  655.551603][ T5164] usb 5-1: Using ep0 maxpacket: 16
[  655.559071][ T5164] usb 5-1: config 0 has an invalid interface number: 8 but max is 0
[  655.575191][ T5164] usb 5-1: config 0 has no interface number 0
[  655.581550][ T5164] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  655.593410][ T5164] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  655.622928][ T5164] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  655.637691][ T5164] usb 5-1: Product: syz
[  655.679943][ T5164] usb 5-1: SerialNumber: syz
[  655.695539][ T5164] usb 5-1: config 0 descriptor??
[  655.733198][ T5164] usbhid 5-1:0.8: couldn't find an input interrupt endpoint
[  655.980400][ T5204] usb 5-1: USB disconnect, device number 12
[  656.283137][ T1090] team0 (unregistering): Port device team_slave_1 removed
[  656.396361][ T1090] team0 (unregistering): Port device team_slave_0 removed
[  656.473279][T14448] Bluetooth: hci2: command tx timeout
[  656.585909][T14898] netlink: 148 bytes leftover after parsing attributes in process `syz-executor.4'.
[  657.576794][T14900] loop4: detected capacity change from 0 to 32768
[  657.619368][T14900] XFS: ikeep mount option is deprecated.
[  657.625211][T14900] XFS: ikeep mount option is deprecated.
[  657.722255][T14900] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  657.829932][T14900] XFS (loop4): Ending clean mount
[  657.896407][T14900] XFS (loop4): Quotacheck needed: Please wait.
[  658.155643][T14900] XFS (loop4): Quotacheck: Done.
[  658.317808][ T6917] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  658.542581][T14448] Bluetooth: hci2: command tx timeout
[  658.570415][T14830] chnl_net:caif_netlink_parms(): no params data found
[  658.960029][T14830] bridge0: port 1(bridge_slave_0) entered blocking state
[  658.980238][T14939] loop4: detected capacity change from 0 to 128
[  658.989657][T14830] bridge0: port 1(bridge_slave_0) entered disabled state
[  659.001178][T14939] VFS: Found a Xenix FS (block size = 512) on device loop4
[  659.016756][T14830] bridge_slave_0: entered allmulticast mode
[  659.034891][T14830] bridge_slave_0: entered promiscuous mode
[  659.049179][T14939] sysv_free_block: trying to free block not in datazone
[  659.052598][T14830] bridge0: port 2(bridge_slave_1) entered blocking state
[  659.086047][ T5164] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  659.107345][T14830] bridge0: port 2(bridge_slave_1) entered disabled state
[  659.142511][T14830] bridge_slave_1: entered allmulticast mode
[  659.157400][T14830] bridge_slave_1: entered promiscuous mode
[  659.190470][ T6917] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  659.197493][   T29] audit: type=1804 audit(1851837878.488:437): pid=14940 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir2422738673/syzkaller.jdOHoY/628/file0" dev="loop4" ino=2 res=1 errno=0
[  659.331660][ T5164] usb 1-1: Using ep0 maxpacket: 8
[  659.348883][ T5164] usb 1-1: config 0 has an invalid interface number: 52 but max is 0
[  659.363410][ T5164] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  659.369008][T14830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  659.402650][ T5164] usb 1-1: config 0 has no interface number 0
[  659.415831][ T5164] usb 1-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  659.423922][T14830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  659.503293][ T5164] usb 1-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0
[  659.547683][ T5164] usb 1-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  659.577291][ T5164] usb 1-1: config 0 interface 52 has no altsetting 0
[  659.586978][T14944] netlink: 80 bytes leftover after parsing attributes in process `syz-executor.3'.
[  659.603156][T14944] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'.
[  659.617269][T14944] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'.
[  659.627517][ T5164] usb 1-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 0.00
[  659.637112][ T5164] usb 1-1: New USB device strings: Mfr=0, Product=149, SerialNumber=35
[  659.654120][ T5164] usb 1-1: Product: syz
[  659.662839][T14920] loop1: detected capacity change from 0 to 32768
[  659.663416][ T5164] usb 1-1: SerialNumber: syz
[  659.687818][ T5164] usb 1-1: config 0 descriptor??
[  659.722353][T14830] team0: Port device team_slave_0 added
[  659.741364][T14920] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (14920)
[  659.760176][T14830] team0: Port device team_slave_1 added
[  659.790216][T14920] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  659.802393][T14920] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  659.813802][T14920] BTRFS info (device loop1): using free-space-tree
[  659.862870][T14830] batman_adv: batadv0: Adding interface: batadv_slave_0
[  659.880706][T14830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  659.918257][ T5164] input: syz (Stick) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.52/input/input21
[  659.976212][T14830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  660.009236][T14830] batman_adv: batadv0: Adding interface: batadv_slave_1
[  660.032165][T14830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  660.104254][T14830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  660.162462][T14934] synaptics_usb 1-1:0.52: synusb_open - usb_submit_urb failed, error: -90
[  660.226062][  T784] usb 1-1: USB disconnect, device number 6
[  660.251587][T14920] loop1: detected capacity change from 32768 to 11
[  660.292523][T14920] syz-executor.1: attempt to access beyond end of device
[  660.292523][T14920] loop1: rw=2051, sector=2048, nr_sectors = 8 limit=11
[  660.312439][T14920] syz-executor.1: attempt to access beyond end of device
[  660.312439][T14920] loop1: rw=2051, sector=10240, nr_sectors = 24 limit=11
[  660.336905][T14830] hsr_slave_0: entered promiscuous mode
[  660.342802][T14920] syz-executor.1: attempt to access beyond end of device
[  660.342802][T14920] loop1: rw=2051, sector=13448, nr_sectors = 3192 limit=11
[  660.363831][T14830] hsr_slave_1: entered promiscuous mode
[  660.372037][T14830] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  660.380392][T14830] Cannot create hsr debugfs directory
[  660.386116][T14920] BTRFS warning (device loop1): failed to trim 3 block group(s), last error -5
[  660.410359][T14920] syz-executor.1: attempt to access beyond end of device
[  660.410359][T14920] loop1: rw=2051, sector=16640, nr_sectors = 16128 limit=11
[  660.433470][T14978] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  660.462239][T14920] BTRFS warning (device loop1): failed to trim 1 device(s), last error -5
[  660.639820][ T1090] kworker/u8:6: attempt to access beyond end of device
[  660.639820][ T1090] loop1: rw=4097, sector=10440, nr_sectors = 8 limit=11
[  660.670521][ T1090] BTRFS error (device loop1): bdev /dev/loop1 errs: wr 1, rd 0, flush 0, corrupt 0, gen 0
[  660.710824][ T1090] kworker/u8:6: attempt to access beyond end of device
[  660.710824][ T1090] loop1: rw=4097, sector=10456, nr_sectors = 8 limit=11
[  660.739953][ T1090] BTRFS error (device loop1): bdev /dev/loop1 errs: wr 2, rd 0, flush 0, corrupt 0, gen 0
[  660.779880][ T1090] kworker/u8:6: attempt to access beyond end of device
[  660.779880][ T1090] loop1: rw=4097, sector=10464, nr_sectors = 8 limit=11
[  660.802665][ T1090] BTRFS error (device loop1): bdev /dev/loop1 errs: wr 3, rd 0, flush 0, corrupt 0, gen 0
[  660.817750][T14984] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.3'.
[  660.838164][T13707] BTRFS error (device loop1 state A): Transaction aborted (error -5)
[  660.865362][T13707] BTRFS: error (device loop1 state A) in __btrfs_free_extent:3222: errno=-5 IO failure
[  660.885315][T13707] BTRFS info (device loop1 state EA): forced readonly
[  660.916561][T13707] BTRFS error (device loop1 state EA): failed to run delayed ref for logical 5296128 num_bytes 12288 type 178 action 2 ref_mod 1: -5
[  660.917363][T14984] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'.
[  660.939243][T13707] BTRFS: error (device loop1 state EA) in btrfs_run_delayed_refs:2211: errno=-5 IO failure
[  660.964169][T13707] BTRFS info (device loop1 state EA): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  662.351234][T15006] loop1: detected capacity change from 0 to 128
[  662.363553][T15006] VFS: Found a Xenix FS (block size = 512) on device loop1
[  662.374932][   T29] audit: type=1800 audit(1851837881.718:438): pid=15008 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=1971 res=0 errno=0
[  662.449833][T15006] sysv_free_block: trying to free block not in datazone
[  662.484284][   T29] audit: type=1804 audit(1851837881.818:439): pid=15006 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir2377582188/syzkaller.Bt95JK/72/file0" dev="loop1" ino=2 res=1 errno=0
[  662.586351][T13707] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  662.703437][T14830] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  662.738164][T14830] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  662.779289][T14830] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  662.828235][T14830] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  662.911503][T15010] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  663.192986][T14830] 8021q: adding VLAN 0 to HW filter on device bond0
[  663.266545][T14830] 8021q: adding VLAN 0 to HW filter on device team0
[  663.299003][ T5281] bridge0: port 1(bridge_slave_0) entered blocking state
[  663.306443][ T5281] bridge0: port 1(bridge_slave_0) entered forwarding state
[  663.351971][ T5116] bridge0: port 2(bridge_slave_1) entered blocking state
[  663.359198][ T5116] bridge0: port 2(bridge_slave_1) entered forwarding state
[  663.456592][T15002] loop4: detected capacity change from 0 to 32768
[  663.516424][T15002] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (15002)
[  663.562505][T15002] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  663.589625][T15002] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  663.615233][T15002] BTRFS info (device loop4): using free-space-tree
[  663.649552][ T5281] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  663.685165][T15008] loop0: detected capacity change from 0 to 32768
[  663.829966][ T5281] usb 4-1: Using ep0 maxpacket: 8
[  663.841283][ T5281] usb 4-1: config 0 has an invalid interface number: 52 but max is 0
[  663.861049][ T5281] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  663.872258][ T5281] usb 4-1: config 0 has no interface number 0
[  663.881477][ T5281] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  663.893654][ T5281] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0
[  663.912980][ T5281] usb 4-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  663.949726][ T5281] usb 4-1: config 0 interface 52 has no altsetting 0
[  663.959832][T15002] loop4: detected capacity change from 32768 to 11
[  663.982624][T15042] syz-executor.4: attempt to access beyond end of device
[  663.982624][T15042] loop4: rw=2051, sector=2048, nr_sectors = 8 limit=11
[  664.001220][ T5281] usb 4-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 0.00
[  664.014891][ T5281] usb 4-1: New USB device strings: Mfr=0, Product=149, SerialNumber=35
[  664.029072][T14830] 8021q: adding VLAN 0 to HW filter on device batadv0
[  664.036553][T15042] syz-executor.4: attempt to access beyond end of device
[  664.036553][T15042] loop4: rw=2051, sector=10240, nr_sectors = 24 limit=11
[  664.054607][ T5281] usb 4-1: Product: syz
[  664.058839][ T5281] usb 4-1: SerialNumber: syz
[  664.079667][T15042] syz-executor.4: attempt to access beyond end of device
[  664.079667][T15042] loop4: rw=2051, sector=13464, nr_sectors = 3176 limit=11
[  664.093342][ T5281] usb 4-1: config 0 descriptor??
[  664.126915][T15042] BTRFS warning (device loop4): failed to trim 3 block group(s), last error -5
[  664.166830][T15042] BTRFS warning (device loop4): failed to trim 1 device(s), last error -5
[  664.195728][T14830] veth0_vlan: entered promiscuous mode
[  664.233591][T14830] veth1_vlan: entered promiscuous mode
[  664.324363][ T5281] input: syz (Stick) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.52/input/input22
[  664.325505][   T51] BTRFS error (device loop4): bdev /dev/loop4 errs: wr 1, rd 0, flush 0, corrupt 0, gen 0
[  664.379075][   T51] BTRFS error (device loop4): bdev /dev/loop4 errs: wr 2, rd 0, flush 0, corrupt 0, gen 0
[  664.389232][T14830] veth0_macvtap: entered promiscuous mode
[  664.406587][   T51] BTRFS error (device loop4): bdev /dev/loop4 errs: wr 3, rd 0, flush 0, corrupt 0, gen 0
[  664.422950][T14830] veth1_macvtap: entered promiscuous mode
[  664.443266][ T6917] BTRFS error (device loop4 state A): Transaction aborted (error -5)
[  664.464432][T15050] loop1: detected capacity change from 0 to 256
[  664.480355][ T6917] BTRFS: error (device loop4 state A) in __btrfs_free_extent:3222: errno=-5 IO failure
[  664.480768][T14830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  664.510045][ T6917] BTRFS info (device loop4 state EA): forced readonly
[  664.510968][T14830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  664.524091][ T6917] BTRFS error (device loop4 state EA): failed to run delayed ref for logical 5296128 num_bytes 12288 type 178 action 2 ref_mod 1: -5
[  664.548647][T15017] synaptics_usb 4-1:0.52: synusb_open - usb_submit_urb failed, error: -90
[  664.569171][T15050] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xb75ad3fb, utbl_chksum : 0xe619d30d)
[  664.572162][T14830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  664.591960][ T6917] BTRFS: error (device loop4 state EA) in btrfs_run_delayed_refs:2211: errno=-5 IO failure
[  664.594294][T14830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  664.615728][T14830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  664.637367][ T6917] BTRFS info (device loop4 state EA): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  664.639271][T14830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  664.701626][T14830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  664.723078][T14830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  664.739461][T14830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  664.759431][T14830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  664.770917][T14830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  664.789446][T14830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  664.808997][ T5164] usb 4-1: USB disconnect, device number 13
[  664.841297][T14830] batman_adv: batadv0: Interface activated: batadv_slave_0
[  664.875740][T14830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  664.915358][T14830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  664.943430][T14830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  664.954617][T14830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  664.965096][T14830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  664.977370][T14830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  664.988261][T14830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  665.009636][T14830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  665.031439][T14830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  665.048172][T14830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  665.073103][T14830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  665.089469][T14830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  665.115821][T14830] batman_adv: batadv0: Interface activated: batadv_slave_1
[  665.146430][T14830] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  665.156913][T14830] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  665.169338][T14830] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  665.199659][T14830] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  665.234858][T15059] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  665.540560][ T5116] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  665.559543][ T5116] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  665.631342][ T1091] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  665.639233][ T1091] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  665.775020][T15069] loop4: detected capacity change from 0 to 16
[  665.802086][T15069] erofs: (device loop4): mounted with root inode @ nid 36.
[  665.852541][T15069] bio_check_eod: 4 callbacks suppressed
[  665.852564][T15069] syz-executor.4: attempt to access beyond end of device
[  665.852564][T15069] loop4: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  665.933092][T15054] loop0: detected capacity change from 0 to 32768
[  665.941677][T15054] XFS: ikeep mount option is deprecated.
[  665.947631][T15054] XFS: ikeep mount option is deprecated.
[  665.971134][T15054] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  666.245405][T15054] XFS (loop0): Ending clean mount
[  666.279277][T15054] XFS (loop0): Quotacheck needed: Please wait.
[  666.417176][T15054] XFS (loop0): Quotacheck: Done.
[  666.804323][ T9559] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  667.085740][T15073] loop1: detected capacity change from 0 to 32768
[  667.156997][T15073] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (15073)
[  667.243212][T15073] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  667.268384][T15073] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  667.289331][T15109] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  667.325138][T15073] BTRFS info (device loop1): using free-space-tree
[  667.332590][T15109] kvm: pic: non byte read
[  667.491876][T15074] loop2: detected capacity change from 0 to 32768
[  667.537662][T15074] XFS: noikeep mount option is deprecated.
[  667.620096][T15074] XFS (loop2): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  667.751467][T15073] loop1: detected capacity change from 32768 to 11
[  667.771492][T15074] XFS (loop2): Ending clean mount
[  667.791977][T15151] syz-executor.1: attempt to access beyond end of device
[  667.791977][T15151] loop1: rw=2051, sector=2048, nr_sectors = 8 limit=11
[  667.793228][T15074] XFS (loop2): Quotacheck needed: Please wait.
[  667.851037][T15151] syz-executor.1: attempt to access beyond end of device
[  667.851037][T15151] loop1: rw=2051, sector=10240, nr_sectors = 24 limit=11
[  667.891825][T15155] loop3: detected capacity change from 0 to 128
[  667.907275][T15151] syz-executor.1: attempt to access beyond end of device
[  667.907275][T15151] loop1: rw=2051, sector=13464, nr_sectors = 3176 limit=11
[  667.923171][T15155] VFS: Found a Xenix FS (block size = 512) on device loop3
[  667.934954][T15151] BTRFS warning (device loop1): failed to trim 3 block group(s), last error -5
[  667.974339][T15151] syz-executor.1: attempt to access beyond end of device
[  667.974339][T15151] loop1: rw=2051, sector=16640, nr_sectors = 16128 limit=11
[  667.998708][T15155] sysv_free_block: trying to free block not in datazone
[  668.018311][   T29] audit: type=1804 audit(1851837887.348:440): pid=15155 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir3173411594/syzkaller.mQ5qrx/407/file0" dev="loop3" ino=2 res=1 errno=0
[  668.022279][T15151] BTRFS warning (device loop1): failed to trim 1 device(s), last error -5
[  668.043967][T15074] XFS (loop2): Quotacheck: Done.
[  668.073283][ T9292] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  668.129892][T14830] XFS (loop2): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  668.207638][   T12] kworker/u8:1: attempt to access beyond end of device
[  668.207638][   T12] loop1: rw=4097, sector=10440, nr_sectors = 8 limit=11
[  668.251980][   T12] BTRFS error (device loop1): bdev /dev/loop1 errs: wr 1, rd 0, flush 0, corrupt 0, gen 0
[  668.262840][   T12] kworker/u8:1: attempt to access beyond end of device
[  668.262840][   T12] loop1: rw=4097, sector=10448, nr_sectors = 8 limit=11
[  668.278029][   T12] BTRFS error (device loop1): bdev /dev/loop1 errs: wr 2, rd 0, flush 0, corrupt 0, gen 0
[  668.294828][   T12] kworker/u8:1: attempt to access beyond end of device
[  668.294828][   T12] loop1: rw=4097, sector=13448, nr_sectors = 8 limit=11
[  668.335461][   T12] BTRFS error (device loop1): bdev /dev/loop1 errs: wr 3, rd 0, flush 0, corrupt 0, gen 0
[  668.363444][T13707] BTRFS error (device loop1 state A): Transaction aborted (error -5)
[  668.377559][T13707] BTRFS: error (device loop1 state A) in __btrfs_free_extent:3222: errno=-5 IO failure
[  668.417968][T13707] BTRFS info (device loop1 state EA): forced readonly
[  668.436675][T13707] BTRFS error (device loop1 state EA): failed to run delayed ref for logical 5296128 num_bytes 12288 type 178 action 2 ref_mod 1: -5
[  668.489876][T13707] BTRFS: error (device loop1 state EA) in btrfs_run_delayed_refs:2211: errno=-5 IO failure
[  668.565987][T13707] BTRFS info (device loop1 state EA): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  669.015587][T15172] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  669.079846][T15172] kvm: pic: non byte read
[  669.686582][T15211] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'.
[  669.718527][T15211] delete_channel: no stack
[  669.868763][T15221] loop4: detected capacity change from 0 to 16
[  669.880261][T15221] erofs: (device loop4): mounted with root inode @ nid 36.
[  669.905828][T15221] syz-executor.4: attempt to access beyond end of device
[  669.905828][T15221] loop4: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  670.193178][T15227] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  670.243191][T15227] kvm: pic: non byte read
[  670.467062][ T5109] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  670.707589][T15189] loop2: detected capacity change from 0 to 32768
[  670.749810][T15189] XFS: noikeep mount option is deprecated.
[  670.777242][T15258] loop4: detected capacity change from 0 to 16
[  670.826954][T15258] erofs: (device loop4): mounted with root inode @ nid 36.
[  670.845451][T15258] syz-executor.4: attempt to access beyond end of device
[  670.845451][T15258] loop4: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  670.857584][T15189] XFS (loop2): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  671.116230][T15189] XFS (loop2): Ending clean mount
[  671.130512][T15189] XFS (loop2): Quotacheck needed: Please wait.
[  671.246983][T15189] XFS (loop2): Quotacheck: Done.
[  671.382181][T14830] XFS (loop2): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  672.709140][T15249] loop1: detected capacity change from 0 to 40427
[  672.751652][T15249] F2FS-fs (loop1): invalid crc value
[  672.791653][T15249] F2FS-fs (loop1): Found nat_bits in checkpoint
[  672.922564][T15249] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  673.018556][T15249] F2FS-fs (loop1): Can't flush 0 in 0 for SEGS_PER_SEC 1 != 1
[  673.047645][T15307] loop0: detected capacity change from 0 to 256
[  673.152757][T13707] syz-executor.1: attempt to access beyond end of device
[  673.152757][T13707] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  673.626873][T13707] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  673.662166][ T5109] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  673.873166][ T5109] Bluetooth: hci0: Injecting HCI hardware error event
[  673.891414][ T5109] Bluetooth: hci0: hardware error 0x00
[  675.153506][T15316] loop2: detected capacity change from 0 to 32768
[  675.258994][T15360] loop4: detected capacity change from 0 to 256
[  675.343185][   T29] audit: type=1800 audit(1851837894.678:441): pid=15363 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.1" name="file1" dev="sda1" ino=1966 res=0 errno=0
[  675.410053][T15316] bcachefs (loop2): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,nojournal_transaction_names
[  675.460201][T15316] bcachefs (loop2): recovering from clean shutdown, journal seq 10
[  675.544037][T15316] bcachefs (loop2): alloc_read... done
[  675.557292][T15316] bcachefs (loop2): stripes_read... done
[  675.569931][T15316] bcachefs (loop2): snapshots_read... done
[  675.591886][T15316] bcachefs (loop2): journal_replay... done
[  675.599013][T15374] loop3: detected capacity change from 0 to 128
[  675.611165][T15316] bcachefs (loop2): resume_logged_ops... done
[  675.619001][T15316] bcachefs (loop2): going read-write
[  675.631473][T15316] bcachefs (loop2): done starting filesystem
[  675.635733][T15374] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  675.691125][T15374] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  675.866050][T15374] sch_tbf: peakrate 8 is lower than or equals to rate 4294967294 !
[  675.977907][T14830] bcachefs (loop2): shutting down
[  675.990574][ T5109] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  676.012160][T14830] bcachefs (loop2): going read-only
[  676.066866][T14830] bcachefs (loop2): finished waiting for writes to stop
[  676.120692][T14830] bcachefs (loop2): flushing journal and stopping allocators, journal seq 12
[  676.219121][T14830] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 15
[  676.245464][T14830] bcachefs (loop2): shutdown complete, journal seq 16
[  676.285169][T14830] bcachefs (loop2): marking filesystem clean
[  676.315703][T15402] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'.
[  676.403457][T15402] delete_channel: no stack
[  676.418342][T14830] bcachefs (loop2): shutdown complete
[  677.020359][ T5113] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  677.034741][ T5113] Bluetooth: hci2: Injecting HCI hardware error event
[  677.048238][ T5113] Bluetooth: hci2: hardware error 0x00
[  677.448956][T15427] xt_TPROXY: Can be used only with -p tcp or -p udp
[  678.608225][T15437] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  679.189710][ T5113] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  679.261343][T15463] loop1: detected capacity change from 0 to 24
[  679.387842][T15468] fuse: Unknown parameter '0xffffffffffffffff'
[  680.074332][T15470] loop3: detected capacity change from 0 to 256
[  680.211949][T15470] FAT-fs (loop3): Directory bread(block 64) failed
[  680.242016][T15470] FAT-fs (loop3): Directory bread(block 65) failed
[  680.278113][T15470] FAT-fs (loop3): Directory bread(block 66) failed
[  680.288773][T15477] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  680.330419][T15470] FAT-fs (loop3): Directory bread(block 67) failed
[  680.337837][T15470] FAT-fs (loop3): Directory bread(block 68) failed
[  680.349464][T15470] FAT-fs (loop3): Directory bread(block 69) failed
[  680.356176][T15470] FAT-fs (loop3): Directory bread(block 70) failed
[  680.398910][T15470] FAT-fs (loop3): Directory bread(block 71) failed
[  680.422051][T15470] FAT-fs (loop3): Directory bread(block 72) failed
[  680.455865][T15470] FAT-fs (loop3): Directory bread(block 73) failed
[  680.476378][T15485] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.4'.
[  681.941576][T15502] loop3: detected capacity change from 0 to 32768
[  681.985943][T15502] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (15502)
[  682.055156][T15502] BTRFS info (device loop3): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  682.087869][T15502] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  682.124668][T15502] BTRFS info (device loop3): using free-space-tree
[  682.312366][T15543] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  682.339102][T15543] kvm: pic: non byte read
[  682.621783][ T9292] BTRFS info (device loop3): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  682.640192][T15571] loop2: detected capacity change from 0 to 24
[  683.196119][T15585] netlink: 'syz-executor.1': attribute type 11 has an invalid length.
[  683.493177][T15544] loop0: detected capacity change from 0 to 32768
[  683.606408][T15544] read_mapping_page failed!
[  683.623214][T15544] ERROR: (device loop0): txCommit: 
[  683.623214][T15544] 
[  683.791109][ T9559] ERROR: (device loop0): diFree: numfree > numinos
[  683.791109][ T9559] 
[  683.804555][T15604] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.1'.
[  684.055618][T15612] loop1: detected capacity change from 0 to 24
[  684.895066][T15641] loop4: detected capacity change from 0 to 2048
[  684.948804][T15641] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  685.529338][T15664] netlink: 'syz-executor.1': attribute type 11 has an invalid length.
[  685.845347][T15635] loop0: detected capacity change from 0 to 32768
[  686.018103][T15673] loop4: detected capacity change from 0 to 4096
[  686.026095][T15673] ntfs3: Unknown parameter '
'
[  686.127590][T15635] bcachefs (loop0): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,nojournal_transaction_names
[  686.153085][T15635] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[  686.173229][T15650] loop3: detected capacity change from 0 to 32768
[  686.248882][T15635] bcachefs (loop0): alloc_read... done
[  686.273024][T15635] bcachefs (loop0): stripes_read... done
[  686.294393][T15635] bcachefs (loop0): snapshots_read... done
[  686.302703][ T1251] ieee802154 phy0 wpan0: encryption failed: -22
[  686.441756][T15635] bcachefs (loop0): journal_replay... done
[  686.442127][T15650] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  686.463622][T15635] bcachefs (loop0): resume_logged_ops... done
[  686.472702][T15635] bcachefs (loop0): going read-write
[  686.735034][T15635] bcachefs (loop0): done starting filesystem
[  687.418038][T15650] XFS (loop3): Ending clean mount
[  687.469758][T15650] XFS (loop3): Quotacheck needed: Please wait.
[  687.705752][T15650] XFS (loop3): Quotacheck: Done.
[  687.743744][T15719] loop4: detected capacity change from 0 to 128
[  687.756882][T15720] loop1: detected capacity change from 0 to 256
[  687.774420][T15719] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  687.841983][ T9559] bcachefs (loop0): shutting down
[  687.855480][ T9292] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  687.869440][ T9559] bcachefs (loop0): going read-only
[  687.874710][ T9559] bcachefs (loop0): finished waiting for writes to stop
[  687.936369][ T9559] bcachefs (loop0): flushing journal and stopping allocators, journal seq 13
[  688.069679][ T9559] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 15
[  688.094798][ T9559] bcachefs (loop0): shutdown complete, journal seq 16
[  688.103174][ T9559] bcachefs (loop0): marking filesystem clean
[  688.223028][ T9559] bcachefs (loop0): shutdown complete
[  688.933571][T15748] netlink: 152 bytes leftover after parsing attributes in process `syz-executor.4'.
[  689.213559][T15728] loop2: detected capacity change from 0 to 32768
[  689.234239][T15728] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (15728)
[  689.328822][T15728] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  689.357071][T15728] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  689.387616][T15728] BTRFS info (device loop2): using free-space-tree
[  689.503488][T15758] loop0: detected capacity change from 0 to 4096
[  689.513057][T15758] ntfs3: Unknown parameter '
'
[  689.871829][T14830] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  690.385799][T15779] loop1: detected capacity change from 0 to 64
[  690.387739][T15751] loop3: detected capacity change from 0 to 32768
[  690.446777][T15788] loop0: detected capacity change from 0 to 1024
[  690.502247][T15751] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  690.528579][T15788] EXT4-fs: Ignoring removed oldalloc option
[  690.589552][T15788] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  690.711627][T15788] EXT4-fs (loop0): Cannot use DAX on a filesystem that may contain inline data
[  690.920760][T15751] XFS (loop3): Ending clean mount
[  690.961395][T15751] XFS (loop3): Quotacheck needed: Please wait.
[  691.035164][T15801] loop2: detected capacity change from 0 to 1764
[  691.063882][T15801] grow_buffers: requested out-of-range block 18446744072509557520 for device loop2
[  691.082032][T15751] XFS (loop3): Quotacheck: Done.
[  691.109680][T15801] isofs_fill_super: bread failed, dev=loop2, iso_blknum=1547486600, block=-1199994096
[  691.171629][ T9292] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  691.461507][T15808] loop4: detected capacity change from 0 to 2048
[  691.592436][T15808] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  693.668410][T15848] loop4: detected capacity change from 0 to 128
[  693.714207][T15848] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  694.257762][T15844] loop0: detected capacity change from 0 to 32768
[  695.208569][T15844] bcachefs (loop0): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,nojournal_transaction_names
[  695.278494][T15844] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[  695.370987][T15844] bcachefs (loop0): alloc_read... done
[  695.383984][T15844] bcachefs (loop0): stripes_read... done
[  695.396009][T15844] bcachefs (loop0): snapshots_read... done
[  695.405489][T15844] bcachefs (loop0): journal_replay... done
[  695.417886][T15844] bcachefs (loop0): resume_logged_ops... done
[  695.431816][T15844] bcachefs (loop0): going read-write
[  695.480547][T15844] bcachefs (loop0): done starting filesystem
[  695.642474][T15895] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  695.753574][ T9559] bcachefs (loop0): shutting down
[  695.759892][ T9559] bcachefs (loop0): going read-only
[  695.770636][ T9559] bcachefs (loop0): finished waiting for writes to stop
[  695.775526][T15903] tipc: Failed to remove unknown binding: 66,1,1/0:2691786501/2691786503
[  695.822784][ T9559] bcachefs (loop0): flushing journal and stopping allocators, journal seq 12
[  695.844562][T15903] tipc: Failed to remove unknown binding: 66,1,1/0:2691786501/2691786503
[  695.874947][ T9559] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 13
[  695.879597][T15903] tipc: Failed to remove unknown binding: 66,1,1/0:2691786501/2691786503
[  695.914116][ T9559] bcachefs (loop0): shutdown complete, journal seq 14
[  695.931794][ T9559] bcachefs (loop0): marking filesystem clean
[  695.978467][ T9559] bcachefs (loop0): shutdown complete
[  696.143029][T15912] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'.
[  696.506462][T15916] vlan2: entered promiscuous mode
[  696.529725][T15916] batadv0: entered promiscuous mode
[  696.535209][T15916] vlan2: entered allmulticast mode
[  696.560848][T15916] batadv0: entered allmulticast mode
[  696.618593][T15916] batadv0: left allmulticast mode
[  696.626179][T15916] batadv0: left promiscuous mode
[  696.782697][T15899] loop2: detected capacity change from 0 to 32768
[  696.799929][T15899] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (15899)
[  696.844886][T15899] BTRFS info (device loop2): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  696.896396][T15899] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[  696.922913][T15899] BTRFS info (device loop2): using free-space-tree
[  697.104795][   T29] audit: type=1326 audit(1851837916.438:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15942 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f404147cf69 code=0x7ffc0000
[  697.167464][   T29] audit: type=1326 audit(1851837916.468:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15942 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f404147cf69 code=0x7ffc0000
[  697.196972][   T29] audit: type=1326 audit(1851837916.468:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15942 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=424 compat=0 ip=0x7f404147cf69 code=0x7ffc0000
[  697.219529][   T29] audit: type=1326 audit(1851837916.468:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15942 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f404147cf69 code=0x7ffc0000
[  697.242606][T15944] wireguard0: entered promiscuous mode
[  697.262991][   T29] audit: type=1326 audit(1851837916.468:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15942 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f404147cf69 code=0x7ffc0000
[  697.288561][T15944] wireguard0: entered allmulticast mode
[  697.290025][   T29] audit: type=1326 audit(1851837916.468:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15942 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7f404147cf69 code=0x7ffc0000
[  697.338487][T15954] tipc: Failed to remove unknown binding: 66,1,1/0:2203073429/2203073431
[  697.341107][   T29] audit: type=1326 audit(1851837916.468:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15942 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f404147cf69 code=0x7ffc0000
[  697.399866][T15954] tipc: Failed to remove unknown binding: 66,1,1/0:2203073429/2203073431
[  697.451051][T15954] tipc: Failed to remove unknown binding: 66,1,1/0:2203073429/2203073431
[  697.452692][T14830] BTRFS info (device loop2): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  697.471247][   T29] audit: type=1326 audit(1851837916.468:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15942 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f404147cf69 code=0x7ffc0000
[  697.600943][   T29] audit: type=1326 audit(1851837916.468:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15942 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f404147cf69 code=0x7ffc0000
[  697.680617][   T29] audit: type=1326 audit(1851837916.468:451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15942 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=61 compat=0 ip=0x7f404147cf69 code=0x7ffc0000
[  698.184401][ T5164] libceph: connect (1)[c::]:6789 error -101
[  698.218173][ T5164] libceph: mon0 (1)[c::]:6789 connect error
[  698.224090][T15979] loop0: detected capacity change from 0 to 1024
[  698.315860][ T5164] libceph: connect (1)[c::]:6789 error -101
[  698.326707][ T1090] hfsplus: b-tree write err: -5, ino 4
[  698.337296][ T5164] libceph: mon0 (1)[c::]:6789 connect error
[  698.346036][T15987] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.1'.
[  698.600098][T15994] tipc: Failed to remove unknown binding: 66,1,1/0:4183160240/4183160242
[  698.658426][ T5164] libceph: connect (1)[c::]:6789 error -101
[  698.670993][T15994] tipc: Failed to remove unknown binding: 66,1,1/0:4183160240/4183160242
[  698.673746][ T5164] libceph: mon0 (1)[c::]:6789 connect error
[  698.684785][T15994] tipc: Failed to remove unknown binding: 66,1,1/0:4183160240/4183160242
[  698.721858][T15996] loop2: detected capacity change from 0 to 1024
[  698.835012][T15968] ceph: No mds server is up or the cluster is laggy
[  699.871526][T16005] wireguard0: entered promiscuous mode
[  699.892039][   T25] libceph: connect (1)[c::]:6789 error -101
[  699.898175][   T25] libceph: mon0 (1)[c::]:6789 connect error
[  699.902894][T16005] wireguard0: entered allmulticast mode
[  700.004813][T15970] loop4: detected capacity change from 0 to 128
[  700.166690][T16010] netlink: 'syz-executor.0': attribute type 21 has an invalid length.
[  700.181958][T16010] netlink: 'syz-executor.0': attribute type 5 has an invalid length.
[  700.324419][T16016] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
[  700.594462][  T784] kernel write not supported for file /input/mouse0 (pid: 784 comm: kworker/1:2)
[  700.663174][T16022] netlink: 'syz-executor.3': attribute type 1 has an invalid length.
[  700.693002][T16022] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  700.700324][T16022] IPv6: NLM_F_CREATE should be set when creating new route
[  700.778272][T16030] ax25_connect(): syz-executor.1 uses autobind, please contact jreuter@yaina.de
[  700.813451][T16029] tipc: Failed to remove unknown binding: 66,1,1/0:4036229245/4036229247
[  700.821074][T16030] usb usb9: usbfs: process 16030 (syz-executor.1) did not claim interface 0 before use
[  700.855258][T16029] tipc: Failed to remove unknown binding: 66,1,1/0:4036229245/4036229247
[  700.875465][T16029] tipc: Failed to remove unknown binding: 66,1,1/0:4036229245/4036229247
[  701.078144][T16037] loop1: detected capacity change from 0 to 256
[  701.098374][T16037] FAT-fs (loop1): Directory bread(block 1285) failed
[  701.138841][T16043] netlink: 'syz-executor.4': attribute type 21 has an invalid length.
[  701.147601][T16043] netlink: 'syz-executor.4': attribute type 5 has an invalid length.
[  701.609628][T16064] 
: renamed from veth0_vlan (while UP)
[  701.665443][T16067] loop3: detected capacity change from 0 to 256
[  701.680032][T16067] FAT-fs (loop3): Directory bread(block 1285) failed
[  701.753629][T16069] trusted_key: syz-executor.0 sent an empty control message without MSG_MORE.
[  702.295349][T16094] loop4: detected capacity change from 0 to 512
[  702.319547][  T784] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  702.381179][T16094] EXT4-fs error (device loop4): ext4_read_inode_bitmap:140: comm syz-executor.4: Invalid inode bitmap blk 4 in block_group 0
[  702.426722][T16094] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  702.532886][  T784] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  702.544056][  T784] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  702.576619][  T784] usb 3-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[  702.600513][  T784] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  702.606142][ T5160] kernel write not supported for file task/16107/attr/prev (pid: 5160 comm: kworker/0:6)
[  702.623258][  T784] usb 3-1: config 0 descriptor??
[  702.821396][ T5160] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  703.048179][ T5160] usb 5-1: New USB device found, idVendor=0421, idProduct=026c, bcdDevice=1f.2f
[  703.064052][ T5160] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  703.101096][  T784] lenovo 0003:17EF:6047.0014: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.2-1/input0
[  703.104804][ T5160] usb 5-1: config 0 descriptor??
[  703.134108][ T5160] rndis_host 5-1:0.0: More than one union descriptor, skipping ...
[  703.150878][ T5160] usb 5-1: bad CDC descriptors
[  703.171694][ T5160] cdc_acm 5-1:0.0: More than one union descriptor, skipping ...
[  703.281304][T16121] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[  703.295483][T16121] netlink: 'syz-executor.3': attribute type 11 has an invalid length.
[  703.310339][ T5160] usb 3-1: USB disconnect, device number 14
[  703.361593][T16121] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  703.373107][T16121] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  703.382925][T16121] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  703.392160][T16121] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  703.432987][   T29] kauditd_printk_skb: 12 callbacks suppressed
[  703.433018][   T29] audit: type=1804 audit(1851837922.758:464): pid=16094 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir2422738673/syzkaller.jdOHoY/734/file0/file0/file0" dev="loop4" ino=13 res=1 errno=0
[  703.496065][T16121] vxlan0: entered promiscuous mode
[  703.597579][T16094] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 7969 vs 220 free clusters
[  703.646240][T16106] loop0: detected capacity change from 0 to 32768
[  703.662321][T16106] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (16106)
[  703.681598][T16106] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  703.695446][T16106] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  703.704967][T16106] BTRFS info (device loop0): using free-space-tree
[  703.808572][ T9559] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  704.154425][  T784] usb 5-1: USB disconnect, device number 13
[  704.245705][ T6917] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  704.374612][ T5164] kernel write not supported for file task/16162/attr/prev (pid: 5164 comm: kworker/1:5)
[  704.400774][T16159] loop2: detected capacity change from 0 to 1024
[  704.407877][T16159] EXT4-fs: Ignoring removed oldalloc option
[  704.564118][T16159] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  704.604751][T16159] EXT4-fs (loop2): Cannot use DAX on a filesystem that may contain inline data
[  704.854513][T16188] loop1: detected capacity change from 0 to 256
[  704.878009][T16188] FAT-fs (loop1): Directory bread(block 1285) failed
[  704.965434][T16190] loop0: detected capacity change from 0 to 1024
[  705.160957][T16201] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  706.016519][T16210] loop4: detected capacity change from 0 to 8192
[  706.079222][T16210] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  706.092670][T16210] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  706.105173][T16210] REISERFS (device loop4): using ordered data mode
[  706.111965][T16210] reiserfs: using flush barriers
[  706.126509][T16210] REISERFS warning (device loop4): sh-458 journal_init_dev: cannot init journal device unknown-block(7,4): -16
[  706.139230][T16210] REISERFS warning (device loop4): sh-462 journal_init: unable to initialize journal device
[  706.157666][T16210] REISERFS warning (device loop4): sh-2022 reiserfs_fill_super: unable to initialize journal space
[  706.840085][T16222] loop2: detected capacity change from 0 to 64
[  706.866104][T16222] hfs: unable to parse mount options
[  708.162937][T16237] loop0: detected capacity change from 0 to 256
[  708.225821][T16237] FAT-fs (loop0): Unrecognized mount option "defcontext=us" or missing value
[  708.618594][  T784] kernel write not supported for file task/16248/attr/prev (pid: 784 comm: kworker/1:2)
[  708.738599][T16239] loop1: detected capacity change from 0 to 8192
[  709.592119][T16259] loop4: detected capacity change from 0 to 2048
[  709.689026][T16259]  loop4: p1 < > p2 p3 < p5 > p4
[  709.698553][T16259] loop4: partition table partially beyond EOD, truncated
[  709.724144][T16259] loop4: p1 start 4278190080 is beyond EOD, truncated
[  709.753264][T16259] loop4: p2 start 16908800 is beyond EOD, truncated
[  709.760974][T16267] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[  709.789322][T16267] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[  709.794254][T16259] loop4: p4 start 11326 is beyond EOD, 
[  709.811752][T16267] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[  709.819199][T16259] truncated
[  709.868431][T16259] loop4: p5 start 16908800 is beyond EOD, truncated
[  709.983004][    C1] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN PTI
[  709.989199][T16265] loop2: detected capacity change from 0 to 8192
[  709.995639][    C1] KASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]
[  709.995660][    C1] CPU: 1 PID: 16267 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00064-g71d7b52cc33b #0
[  709.995683][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  709.995698][    C1] RIP: 0010:skb_segment+0x2e9b/0x46f0
[  709.995736][    C1] Code: 44 24 18 48 89 44 24 38 44 8b ac 24 b0 00 00 00 e9 3c de ff ff e8 55 30 4c f8 48 8b 44 24 20 48 8d 58 70 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 3b 0a 00 00 8b 03 48 89 84 24 88 00 00
[  709.995755][    C1] RSP: 0018:ffffc90000a16d40 EFLAGS: 00010202
[  709.995776][    C1] RAX: 000000000000000e RBX: 0000000000000070 RCX: ffff8880259d3c00
[  709.995792][    C1] RDX: 0000000080000302 RSI: ffff8880591dab6e RDI: 000000000000ffff
[  709.995809][    C1] RBP: ffffc90000a16fb0 R08: ffffffff8949d2ec R09: ffffffff894f1640
[  709.995826][    C1] R10: 0000000000000002 R11: ffff8880259d3c00 R12: dffffc0000000000
[  709.995843][    C1] R13: 0000000000000005 R14: ffff8880591dab60 R15: 0000000000000000
[  709.995859][    C1] FS:  00007f6b312026c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
[  709.995879][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  709.995902][    C1] CR2: 000000002002f000 CR3: 000000004d44e000 CR4: 00000000003506f0
[  709.995921][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  709.995935][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  709.995950][    C1] Call Trace:
[  709.995959][    C1]  <IRQ>
[  709.995968][    C1]  ? __die_body+0x88/0xe0
[  709.996002][    C1]  ? die_addr+0x108/0x140
[  709.996036][    C1]  ? exc_general_protection+0x3dd/0x5d0
[  710.162205][    C1]  ? skb_network_protocol+0x5aa/0x7b0
[  710.167590][    C1]  ? asm_exc_general_protection+0x26/0x30
[  710.173328][    C1]  ? skb_network_protocol+0x1b0/0x7b0
[  710.178721][    C1]  ? skb_segment+0xc3c/0x46f0
[  710.183417][    C1]  ? skb_segment+0x2e9b/0x46f0
[  710.188215][    C1]  ? validate_chain+0x11e/0x5900
[  710.193174][    C1]  ? validate_chain+0x11e/0x5900
[  710.198128][    C1]  ? validate_chain+0x11e/0x5900
[  710.203083][    C1]  ? __pfx_skb_segment+0x10/0x10
[  710.208119][    C1]  ? __lock_acquire+0x1346/0x1fd0
[  710.213153][    C1]  tcp_gso_segment+0x37c/0x1c00
[  710.218015][    C1]  ? __pfx_tcp_wfree+0x10/0x10
[  710.222790][    C1]  ipv6_gso_segment+0xb55/0x2120
[  710.227748][    C1]  ? __pfx_ipv6_gso_segment+0x10/0x10
[  710.233133][    C1]  ? __pfx_ipv6_gso_segment+0x10/0x10
[  710.238508][    C1]  skb_mac_gso_segment+0x383/0x740
[  710.243633][    C1]  ? skb_mac_gso_segment+0x1b8/0x740
[  710.248936][    C1]  ? __pfx_skb_mac_gso_segment+0x10/0x10
[  710.254579][    C1]  ? mark_lock+0x9a/0x350
[  710.259005][    C1]  __skb_gso_segment+0x324/0x4c0
[  710.263954][    C1]  validate_xmit_skb+0x580/0x1120
[  710.269099][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[  710.274326][    C1]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  710.280577][    C1]  ? __pfx_validate_xmit_skb+0x10/0x10
[  710.286154][    C1]  ? ktime_get+0x3c/0xb0
[  710.290409][    C1]  validate_xmit_skb_list+0x95/0x130
[  710.295709][    C1]  sch_direct_xmit+0x11a/0x5f0
[  710.300487][    C1]  ? __pfx_sch_direct_xmit+0x10/0x10
[  710.305777][    C1]  ? pie_qdisc_enqueue+0x46e/0x1390
[  710.311023][    C1]  __qdisc_run+0xbfd/0x2170
[  710.315730][    C1]  ? do_raw_spin_lock+0x14f/0x370
[  710.320776][    C1]  __dev_queue_xmit+0x14f0/0x3d30
[  710.325835][    C1]  ? __dev_queue_xmit+0x2d2/0x3d30
[  710.330991][    C1]  ? __pfx___dev_queue_xmit+0x10/0x10
[  710.336381][    C1]  ? mark_lock+0x9a/0x350
[  710.340722][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  710.346720][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  710.353138][    C1]  ? __ipv6_neigh_lookup_noref+0x59f/0x730
[  710.358958][    C1]  ? ip6_finish_output2+0xdb4/0x1670
[  710.364257][    C1]  ip6_finish_output2+0xfc0/0x1670
[  710.369384][    C1]  ? ip6_finish_output2+0x712/0x1670
[  710.374680][    C1]  ? __pfx_ip6_finish_output2+0x10/0x10
[  710.380246][    C1]  ? ip6_mtu+0x81/0x3f0
[  710.384410][    C1]  ip6_finish_output+0x41e/0x810
[  710.389364][    C1]  ip6_xmit+0xefe/0x17f0
[  710.393632][    C1]  ? __pfx_ip6_xmit+0x10/0x10
[  710.398318][    C1]  ? inet6_csk_route_socket+0x625/0xe30
[  710.403883][    C1]  ? inet6_csk_route_socket+0x402/0xe30
[  710.409445][    C1]  inet6_csk_xmit+0x466/0x700
[  710.414170][    C1]  ? inet6_csk_xmit+0x1bc/0x700
[  710.419034][    C1]  ? __pfx_inet6_csk_xmit+0x10/0x10
[  710.424250][    C1]  ? __pfx_inet6_csk_xmit+0x10/0x10
[  710.429461][    C1]  __tcp_transmit_skb+0x1eda/0x3b80
[  710.434682][    C1]  ? __pfx___tcp_transmit_skb+0x10/0x10
[  710.440238][    C1]  ? __build_skb_around+0x245/0x3d0
[  710.445451][    C1]  ? skb_split+0x83e/0x1420
[  710.449981][    C1]  ? tcp_small_queue_check+0x206/0x410
[  710.455447][    C1]  tcp_write_xmit+0x18b3/0x69d0
[  710.460352][    C1]  __tcp_push_pending_frames+0x9b/0x360
[  710.465907][    C1]  tcp_data_snd_check+0x7b/0xa0
[  710.470775][    C1]  tcp_rcv_state_process+0x1807/0x4570
[  710.476341][    C1]  ? __pfx_tcp_rcv_state_process+0x10/0x10
[  710.482159][    C1]  ? __pfx_lock_acquire+0x10/0x10
[  710.487186][    C1]  ? sk_filter_trim_cap+0x5bf/0xa80
[  710.492400][    C1]  ? do_raw_spin_lock+0x14f/0x370
[  710.497443][    C1]  tcp_v6_do_rcv+0x8b1/0x13b0
[  710.502146][    C1]  tcp_v6_rcv+0x2555/0x2fc0
[  710.506667][    C1]  ? __pfx_tcp_v6_rcv+0x10/0x10
[  710.511525][    C1]  ? __pfx_tcp_v6_rcv+0x10/0x10
[  710.516377][    C1]  ? __pfx_tcp_v6_rcv+0x10/0x10
[  710.521333][    C1]  ip6_protocol_deliver_rcu+0xc76/0x1570
[  710.526991][    C1]  ? ip6_input_finish+0xdb/0x2d0
[  710.531938][    C1]  ip6_input_finish+0x186/0x2d0
[  710.536804][    C1]  ? __pfx_ip6_input_finish+0x10/0x10
[  710.542226][    C1]  NF_HOOK+0x3a4/0x450
[  710.546314][    C1]  ? NF_HOOK+0x9a/0x450
[  710.550481][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[  710.555108][    C1]  ? __pfx_ip6_input_finish+0x10/0x10
[  710.560514][    C1]  ? ip6_rcv_finish_core+0x1fb/0x410
[  710.565815][    C1]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  710.571029][    C1]  NF_HOOK+0x3a4/0x450
[  710.575224][    C1]  ? skb_orphan+0xae/0xd0
[  710.579592][    C1]  ? NF_HOOK+0x9a/0x450
[  710.583763][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[  710.588365][    C1]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  710.593580][    C1]  ? __pfx_ipv6_rcv+0x10/0x10
[  710.598359][    C1]  __netif_receive_skb+0x1ea/0x650
[  710.603483][    C1]  ? __pfx_lock_acquire+0x10/0x10
[  710.608511][    C1]  ? __pfx___netif_receive_skb+0x10/0x10
[  710.614151][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  710.620142][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  710.626477][    C1]  ? _raw_spin_lock_irq+0xdf/0x120
[  710.631601][    C1]  ? process_backlog+0x2d9/0x7d0
[  710.636554][    C1]  process_backlog+0x391/0x7d0
[  710.641372][    C1]  ? __pfx_process_backlog+0x10/0x10
[  710.646666][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  710.652653][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  710.659010][    C1]  __napi_poll+0xcb/0x490
[  710.663350][    C1]  net_rx_action+0x7bb/0x10a0
[  710.668043][    C1]  ? __pfx_net_rx_action+0x10/0x10
[  710.673163][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  710.679152][    C1]  handle_softirqs+0x2c4/0x970
[  710.683922][    C1]  ? do_softirq+0x11b/0x1e0
[  710.688429][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  710.693723][    C1]  do_softirq+0x11b/0x1e0
[  710.698059][    C1]  </IRQ>
[  710.700992][    C1]  <TASK>
[  710.703924][    C1]  ? __pfx_do_softirq+0x10/0x10
[  710.708776][    C1]  ? __pfx_lockdep_softirqs_on+0x10/0x10
[  710.714412][    C1]  ? sk_wait_data+0x250/0x510
[  710.719120][    C1]  ? rcu_is_watching+0x15/0xb0
[  710.723888][    C1]  __local_bh_enable_ip+0x1bb/0x200
[  710.729088][    C1]  ? __pfx_tcp_v6_do_rcv+0x10/0x10
[  710.734205][    C1]  ? sk_wait_data+0x250/0x510
[  710.738896][    C1]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  710.744637][    C1]  sk_wait_data+0x250/0x510
[  710.749154][    C1]  ? __pfx_sk_wait_data+0x10/0x10
[  710.754203][    C1]  ? __local_bh_enable_ip+0x168/0x200
[  710.759623][    C1]  ? __pfx_woken_wake_function+0x10/0x10
[  710.765278][    C1]  ? __tcp_send_ack+0x17e/0x600
[  710.770145][    C1]  tcp_recvmsg_locked+0xcef/0x2640
[  710.775280][    C1]  ? __pfx_tcp_recvmsg_locked+0x10/0x10
[  710.780835][    C1]  ? tcp_recvmsg+0x23c/0x920
[  710.785434][    C1]  tcp_recvmsg+0x25d/0x920
[  710.789857][    C1]  ? __lock_acquire+0x1346/0x1fd0
[  710.794893][    C1]  ? __pfx_tcp_recvmsg+0x10/0x10
[  710.799841][    C1]  ? __pfx_tcp_recvmsg+0x10/0x10
[  710.804781][    C1]  inet6_recvmsg+0x16a/0x730
[  710.809379][    C1]  ? __pfx_inet6_recvmsg+0x10/0x10
[  710.814502][    C1]  ? iovec_from_user+0x1b0/0x240
[  710.819533][    C1]  ? bpf_lsm_socket_recvmsg+0x9/0x10
[  710.824822][    C1]  ? security_socket_recvmsg+0x90/0xb0
[  710.830347][    C1]  sock_recvmsg+0x109/0x280
[  710.834867][    C1]  ____sys_recvmsg+0x1db/0x470
[  710.839642][    C1]  ? __pfx_____sys_recvmsg+0x10/0x10
[  710.844946][    C1]  __sys_recvmsg+0x2f0/0x3e0
[  710.849549][    C1]  ? __pfx_lock_release+0x10/0x10
[  710.854602][    C1]  ? __pfx___sys_recvmsg+0x10/0x10
[  710.859748][    C1]  ? do_futex+0x33b/0x560
[  710.864096][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  710.870429][    C1]  ? do_syscall_64+0x100/0x230
[  710.875293][    C1]  ? do_syscall_64+0xb6/0x230
[  710.880062][    C1]  do_syscall_64+0xf3/0x230
[  710.884581][    C1]  ? clear_bhb_loop+0x35/0x90
[  710.889265][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  710.895170][    C1] RIP: 0033:0x7f6b3047cf69
[  710.899598][    C1] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  710.919214][    C1] RSP: 002b:00007f6b312020c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  710.927640][    C1] RAX: ffffffffffffffda RBX: 00007f6b305b3f80 RCX: 00007f6b3047cf69
[  710.935623][    C1] RDX: 0000000040000110 RSI: 00000000200008c0 RDI: 0000000000000006
[  710.943665][    C1] RBP: 00007f6b304da6fe R08: 0000000000000000 R09: 0000000000000000
[  710.951667][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  710.959655][    C1] R13: 000000000000000b R14: 00007f6b305b3f80 R15: 00007ffc7cc315f8
[  710.967645][    C1]  </TASK>
[  710.970668][    C1] Modules linked in:
[  710.974789][    C1] ---[ end trace 0000000000000000 ]---
[  710.980318][    C1] RIP: 0010:skb_segment+0x2e9b/0x46f0
[  710.985745][    C1] Code: 44 24 18 48 89 44 24 38 44 8b ac 24 b0 00 00 00 e9 3c de ff ff e8 55 30 4c f8 48 8b 44 24 20 48 8d 58 70 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 3b 0a 00 00 8b 03 48 89 84 24 88 00 00
[  711.005482][    C1] RSP: 0018:ffffc90000a16d40 EFLAGS: 00010202
[  711.011627][    C1] RAX: 000000000000000e RBX: 0000000000000070 RCX: ffff8880259d3c00
[  711.019662][    C1] RDX: 0000000080000302 RSI: ffff8880591dab6e RDI: 000000000000ffff
[  711.027656][    C1] RBP: ffffc90000a16fb0 R08: ffffffff8949d2ec R09: ffffffff894f1640
2028/09/06 07:25:29 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF
[  711.035691][    C1] R10: 0000000000000002 R11: ffff8880259d3c00 R12: dffffc0000000000
[  711.043743][    C1] R13: 0000000000000005 R14: ffff8880591dab60 R15: 0000000000000000
[  711.051782][    C1] FS:  00007f6b312026c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
[  711.060746][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  711.067333][    C1] CR2: 000000002002f000 CR3: 000000004d44e000 CR4: 00000000003506f0
[  711.075343][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  711.083376][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  711.091430][    C1] Kernel panic - not syncing: Fatal exception in interrupt
[  711.098947][    C1] Kernel Offset: disabled
[  711.103279][    C1] Rebooting in 86400 seconds..