last executing test programs:

39m4.479953365s ago: executing program 32 (id=47):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x8, 0x2, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r2, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
recvfrom$inet(r2, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)
syz_mount_image$nilfs2(&(0x7f0000000180), &(0x7f0000000040)='./file2\x00', 0x2000c6, &(0x7f0000001340)=ANY=[], 0x1, 0xac5, &(0x7f00000001c0)="$eJzs3V2MXFUBAOBzZ3e2f1s7xVa2tEARDfjDLltaBSu0hCZqTGoTH0zAl6aU2nSpxhIihIRCojExBBJCn3woxhdfIGoM8GIqD4aYQIzRkPiExNcaSXwgRhizs+fMzp7O9M5sd3dmdr4vOXvm3nPvPefO3rlz597zE4CRVWn83b9/YwjhpTdePHLjy289Pz/nUHOJWuPveMtUNYRQxOnxbHvvjS3EH33w1Il2cRH2Nf6m6XD0cnPdLSGE82FvuBRq4bmHLoy/+9rRd14JZx4/duTt11dn7xcVq50BAAAMgGOXDu7f+Y8/797+31dvOhw2NOen6/NanJ6M1/2H44Vyul6uhKXTRUtoNZEtNx5DJVturM1yrflUs+XGO+Q/kW232mG5DSX5j7XMa7ffMMzScVwLRWV6yXSlMj298Js8NH7XTxTTZ0/PPXKuTwUFVtx/bg4h7BVGM+y+pf9lEPoZ6tv6fQYCWJA/L7zC+ZV9Utfc2nh3+V++v9J+/RbVFS0ho+BnP971rdCH4z8n/8HO/5fPqKnAylmHR9Nft7bsV/ocTcbp/DlCXn+p189/2l7+PKLba4BOzxGG5flCp3KOrXE5lqtT+fPjYr26N8bpfbgvS4+fg8bjtPx/Oiz/Y6C9D4fl/n8YgDIIwlXCrqL/Zeg11Pt8/gEGV15vrh6l9LxeX56+oSR9Y0n6ppL0zSXpoct0GEW/fez58EKxeL8r/03f6/2wyWwTn+ixPPn9yF7zz+v9dq+6Ivnn9YlhoG3544W7H37wLwv1/4vm8f9xPN73xula/Gxdiguk+4X5ffVm3f/a0mwqHZa7LivO1jbLN17vWLpcsWNxO6HlPHNFOabSGgt3dLd1Wm7P0u3XsuU2xbAxK29+fbI5Wy/Vn04nxcklpVnc32rLfvx76+J5LJUjnVe2xzgvByxHOh6X1v+fP/oa9f+bj7GmQrV45PTcyTvjdPq8vTVW3TA/f3atCw5cs27b/0yFpe1/Jpvzq5XW88K2xflF63mhls3f12H+XXE6fc99b2xTY/70ie/PPbyk5PGH/NMr8z7AKDr3xJNnjs/Nnfzhar6Yz2iVs1iHL8L5EAagGMt9kY6wQSmPF928SP+143P9OiMBa2XmsUd/MHPuiSfvOP3o8VMnT508O3tg9u57DszOfumemcZ1/Uzr1f16rC4Mo2vx27/fJQEAAAAAAAAAAAC6der9mYt/e/PLf19o/7/Y/i+1/081f1P7/59m7f+zZv7NCsKpHWBqx3dFe/usg9WJbLlqDJ/Mtr8jy2dntt6nYtwcxy+2/0/Z5f26pvJcn83P++9Ny01l8/P+UiayPkiK8JPNreX7dIyf/d9CF0S/CNBHxab2s2Nc1r91OtZT/xT6pRhO6f+WjobUj8mWeCik9t6pv5LU/0M6/29fm2KywtaiXWG/9xFo71/D0v/3ckK6iOl3OQRhQEO9bhQPYDD0e/zPdN8zxWd//42N8yEtdvn+pefLvP9SuBaDPv7kesv/mT7nn+ti/M8VHV64Of5d1+e/bMS8/AFQlw4++81/tmQbbug2/3z809QP9I7e8v9qzD/tzW2hu/zrL2f55w+EunRvlv/mLvO/Yv/3LC//+2L+6W27/dZu818ocVFZWo78vnF6/pfuG38ny/9Qtv+pb8+e93+ZAzUejvnDKBuWcWZ7NSzj/3aS18M4EKfTiTDVc8jHO+m1/Kl+Rfoe2Jltvyj5frvq+L9D8DC4TfnrT9frPx+VcVy+EuOyz8Nk/J+m47HWZrrSMl1t896u13MNDKv31uHzv8Y5bADKIaxA2DQAZbj2sPC12jovfRlebb0/rH7Z6vV6X/v01aFwf/X7/e/30+d+59/v979MPv5vfg2fj/+bp+fj/347S8/H/83Xz8fXy9Pz8X/z93NL+/TmL9Prs+3m4wNPlaTvKkm/oSR9d0n6npL0G0vSbylJv6kk/eaS9OtK0m8NXw+t8vTPlKz/2c7pH7Yu2mn920u2/7mS9PUutUcZ1f2HUZa3z/P5h9GRnv90+vzvKEkHhteFV2cfePA3360ttP+faN4PSc/xDsfpavzt/KM4nT/3Di3T82lvxun3s/RBv98BoyTvPyP/fr+tJB0YXqmel883jKCifSXN/Hlbs9+qGKd+qzpd5zNcPh/jL8T4izG+I8bTMZ6J8WyM961R+VgdD/z6dwdfKBZ/72/L0rutT563B8r7ibqry/Lk9wd6rc+e9+PXq2vNf5nNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPqm0vi7f/9UEcJLb7x45OKfvvar+TmHmkvUGn/HW6aqzfVCuDPGYzG+GF989MFTJ1rjj2NchH2hCEVzfjh6uZnTlhDC+bA3XAq18NxDF8bffe3oO6+EM48fO/L266v3DiwoVjsDAAAA6KP/BwAA//8LwBbF")

37m51.432923592s ago: executing program 1 (id=160):
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f00000000c0)={0x0, 0x2000}, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x6)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_NEW(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)={0x28, 0x0, 0x7, 0x3, 0x0, 0x0, {0x1, 0x0, 0x9}, [@NFACCT_NAME={0x9, 0x1, 'syz0\x00'}, @NFACCT_FLAGS={0x8}]}, 0x28}}, 0x4000)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0x10, 0x0, &(0x7f0000000140)="259a53d371a76d2673004c6588aa99e5", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000001200)='./bus\x00', 0x2000002, &(0x7f00000001c0)={[{}, {@gid}, {@gid}, {@rootdir={'rootdir', 0x3d, 0x4}}, {@uid}, {@uid}, {@nostrict}, {@anchor={'anchor', 0x3d, 0xf87a}}, {@iocharset={'iocharset', 0x3d, 'cp864'}}]}, 0x1, 0xc46, &(0x7f0000000580)="$eJzs3U9sHNd9B/DfG5LiSm4iJnYUJ42LTVuksmK5+hdTsQp3VdNsA8iyEIq5BeCKXKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcjIYzOxbcUmTEi2K+mN9Pgn13Z15b/a9easZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cv7EyfSgWwEA3E8Xx75+4pT7PwA8Vi77738AAAAAAAAAAAAAAHjYpSjiyUgxd3EtTVTvO2oX2gM3bo6PjG5f7WCqavZV5cuf2slTp8985YXhs9280J65Tf177fPx2tjl8/WXZ6/PzbcWFlpT9fGZ9uTsVGvXR9hr/a2OVSegfv31G1NXry7UTz1/etPum0PvDz5xZOjc8LPHn+mWHR8ZHR3bKFLrLd9/1w3p2GmGx4Eo4nikeO4HP0/NiChi7+eidn/HfquDVSeOVZ0YHxmtOjLdbs4sljsvdU9EEVHvqdTonqPtxyL6B+5rH3bWiFgqm182+FjZvbG55nzzynSrfqk5v9hebM/OXEqd1pb9qUcRZ1PEckSsDn74cANRRH+k+N7htXQlIvq65+HL1cTgndtR7GMfd6FsZ30gYrl4BMbsITYYRbwaKX7xztGYzNeZ6lrzpYhXy/xRxFtlvhSRyi/GmYj3tvke8WjqjyL+shz/c2tpqroedK8rF75R/9rM1dmest3ryke8P3zoSvGA7g8Ht+T98ZBfm2pRRLO64q+lu//DDgAAAAAAAAAAAAAAAAD32sEo4nOR4pX/+JNqXnFU89IPnxv+w6FP9M4Zf/oOxynLPh8RS8Xu5uQeyBMDL6VLKT3gucSPs1oU8ad5/t93HnRjAAAAAAAAAAAAAAAAAAAAHmtF/CxSvPju0bQcvWuKt2eu1S83r0x3VoXtrv3bXTN9fX19vZ462cg5kaqlo9eX8vvlnCs5V3NGkevnbOScyLmUcznnSs7VnNGX6+ds5JzIuZRzOedKztWcZSur+jkbOSdyLuVczrmSczVnPCRr9wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfJwUUcQHkeK731pLkSKiETERnVwZfNCtAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKg6mIH0aK+h81bm3rj4hU/b/jaPnLmWgcKPPT0Rgu86VonM/ZrLK/8Z0H0H72ZiAV8dNIMVh7+9aA5/Ef6Ly79TWIt7698e7z/Z3s6+4cen/wiSOHzw2P/sbTO71O2zXg2IX2zI2b9fGR0dGxns39+dM/3bNtKH9ucW+6TkQsvPHm683p6db83b8ovwJ7qP4IvUj9j0tPvaheRP8ej1NexR54L+6y7zwGyvv/e5Hid9/9z+4Nv3P/r8Wvdd7dusPHL/9s4/7/4tYD7fL+37+1Xr7/l/f07e7/T/ZsezH/aWSgP6K2eH1u4EhEbeGNN4+3rzevta61Zs6cOPHV4eGvnj4xcCCidrU93ep5dU9OFwAAAAAAAAAAAAAAAMD9k4r4/UjR/OlaqkfEzWq+1tC54WePP9MXfdV8q03ztl8bu3y+/vLs9bn51sJCa6o+PtOenJ1q7fbjatV0r/GR0X3pzB0d3Of2H6y9PDv3xnz72h8vbrv/UO38lYXF+ebk9rvjYBQRjd4tx6oGj4+MVo2ebjdnqqqXtp1M/9ENpCL+K1JMnqmnL+Ztef7/1hn+m+b/L2090D7N//9Uz7byM1Mq4peR4nf+6un4YtXOQ/Ghc5bL/V2kOHb2C7lcHCjLddvQea5AZ2ZgWfb/IsU/fbC5bHc+5JMbZU/u+sQ+IsrxPxwpfvgX34/fzNs2P/9h+/E/tPVA+zT+T/VsO7TpeQV77jp5/I9HipeefDt+K2+73fM/us/eOJoL33o+xz6N/2d6tg3lz/3te9N1AAAAAAAAAACAR9pAKuLvI8WPR/vTC3nbbv7939TWA+3Tv//6bM+2qXuzXtEdX+z5pAIAAADAQ2IgFfGzSHFt8e1bc6g3z//umf/5exvzP0fSlr3V3/N9snpuwL38+79eQ/lzJ/bebQAAAAAAAAAAAAAAAAAAAHiopFTEC3k99YlqPv/Ujuupr0SKV/7nuVwuHSnLddeBH6p+rV2cnTl+fnp6drK52Lwy3aqPzTUnW2XdpyLF2t9+IdctqvXVu+vNd9Z431iLfT5SjP5Dt2xnLfbu2uRPdcsutU6WZT8VKf77HzeX7a5j/ZmN454qy/5NpPjmv2xf9shG2dNl2e9Hip98s94te6gs230+6mc3yj4/OVvs5jR/8qOPDAAAAAAAAAAAAAAAAAAAAI+TgVTEn0eK/72+fGsuf17/f6DnbeWtb/es97/FzWqd/6Fq/f+dXt/N+v/VcwWWdvpUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4eEpRxJuRYu7iWloZLN931C60Z27cHB8Z3b7awVTV7KvKlz+1k6dOn/nKC8Nnu3n7+vfa5+K1scvn6y/PXp+bby0stKbq4zPtydmp1q6PsNf6Wx2rTkD9+us3pq5eXaifev70pt03h94ffOLI0LnhZ48/0yn7ifr4yOjoWE+Z/oGP8HmDt9+ddth+IIr460jx3A9+nn48GFHE3s/FHb47++1g1YljVSfGR0arjky3mzOL5c5L3RNRRNR7KjW65yiP257GYj81IpbK5pcNPlZ2b2yuOd+8Mt2qX2rOL7YX27Mzl1KntWV/6lHE2RSxHBGr23xHBqKI1yPF9w6vpX/N41+dhy9fHPv6iVM7t6PYxz7uQl/Zt4GI5eJ2Y3aH3xTEYBTxz5HiF+8cjX8bjOiPzk98KeLVMn8U8VZ0xjuVX4wzEe85rR8b/VHE/5fjf24tvTNYXg+615UL36h/bebqbE/Z7nXlkb8/xH28mD/k95NaFPGT6oq/lv7d72sAAAAAAAAAAAAAAACAh0gRvx4pXnz3aKrmB9+aU9yeuVa/3Lwy3ZnW1537150zvb6+vl5PnWzknMi5lHM550rO1ZxR5Po5G2XW1tcn8vulnMs5V3Ku5oy+XD9nI+dEzqWcyzlXcq7mjP5cP2cj50TOpZzLOVdyrua8n9MHAQAAAAAAAAAAAAAAAACAx0dR/S/Fd7+1ltYHq/Wl+7r7VqwH+rH3qwAAAP//3v/zCw==")
r4 = syz_open_dev$dri(&(0x7f0000000280), 0x1, 0x301)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r4, 0xc01064c8, &(0x7f0000000200)={0x4000, 0x0, 0x0})
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x4c020, 0x0, 0xfc, 0x0, &(0x7f00000000c0))
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000001c0)=0xf)
r6 = openat$fb0(0xffffffffffffff9c, &(0x7f00000000c0), 0x12b900, 0x0)
ioctl$TIOCNXCL(r5, 0x540d)
ioctl$FBIOBLANK(r6, 0x4611, 0x0)
add_key$keyring(&(0x7f0000000180), &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)

37m49.934719632s ago: executing program 1 (id=164):
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f00000000c0)={0x0, 0x2000}, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x6)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_NEW(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)={0x28, 0x0, 0x7, 0x3, 0x0, 0x0, {0x1, 0x0, 0x9}, [@NFACCT_NAME={0x9, 0x1, 'syz0\x00'}, @NFACCT_FLAGS={0x8}]}, 0x28}}, 0x4000)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0x10, 0x0, &(0x7f0000000140)="259a53d371a76d2673004c6588aa99e5", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000001200)='./bus\x00', 0x2000002, &(0x7f00000001c0)={[{}, {@gid}, {@gid}, {@rootdir={'rootdir', 0x3d, 0x4}}, {@uid}, {@uid}, {@nostrict}, {@anchor={'anchor', 0x3d, 0xf87a}}, {@iocharset={'iocharset', 0x3d, 'cp864'}}]}, 0x1, 0xc46, &(0x7f0000000580)="$eJzs3U9sHNd9B/DfG5LiSm4iJnYUJ42LTVuksmK5+hdTsQp3VdNsA8iyEIq5BeCKXKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcjIYzOxbcUmTEi2K+mN9Pgn13Z15b/a9easZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cv7EyfSgWwEA3E8Xx75+4pT7PwA8Vi77738AAAAAAAAAAAAAAHjYpSjiyUgxd3EtTVTvO2oX2gM3bo6PjG5f7WCqavZV5cuf2slTp8985YXhs9280J65Tf177fPx2tjl8/WXZ6/PzbcWFlpT9fGZ9uTsVGvXR9hr/a2OVSegfv31G1NXry7UTz1/etPum0PvDz5xZOjc8LPHn+mWHR8ZHR3bKFLrLd9/1w3p2GmGx4Eo4nikeO4HP0/NiChi7+eidn/HfquDVSeOVZ0YHxmtOjLdbs4sljsvdU9EEVHvqdTonqPtxyL6B+5rH3bWiFgqm182+FjZvbG55nzzynSrfqk5v9hebM/OXEqd1pb9qUcRZ1PEckSsDn74cANRRH+k+N7htXQlIvq65+HL1cTgndtR7GMfd6FsZ30gYrl4BMbsITYYRbwaKX7xztGYzNeZ6lrzpYhXy/xRxFtlvhSRyi/GmYj3tvke8WjqjyL+shz/c2tpqroedK8rF75R/9rM1dmest3ryke8P3zoSvGA7g8Ht+T98ZBfm2pRRLO64q+lu//DDgAAAAAAAAAAAAAAAAD32sEo4nOR4pX/+JNqXnFU89IPnxv+w6FP9M4Zf/oOxynLPh8RS8Xu5uQeyBMDL6VLKT3gucSPs1oU8ad5/t93HnRjAAAAAAAAAAAAAAAAAAAAHmtF/CxSvPju0bQcvWuKt2eu1S83r0x3VoXtrv3bXTN9fX19vZ462cg5kaqlo9eX8vvlnCs5V3NGkevnbOScyLmUcznnSs7VnNGX6+ds5JzIuZRzOedKztWcZSur+jkbOSdyLuVczrmSczVnPCRr9wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfJwUUcQHkeK731pLkSKiETERnVwZfNCtAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKg6mIH0aK+h81bm3rj4hU/b/jaPnLmWgcKPPT0Rgu86VonM/ZrLK/8Z0H0H72ZiAV8dNIMVh7+9aA5/Ef6Ly79TWIt7698e7z/Z3s6+4cen/wiSOHzw2P/sbTO71O2zXg2IX2zI2b9fGR0dGxns39+dM/3bNtKH9ucW+6TkQsvPHm683p6db83b8ovwJ7qP4IvUj9j0tPvaheRP8ej1NexR54L+6y7zwGyvv/e5Hid9/9z+4Nv3P/r8Wvdd7dusPHL/9s4/7/4tYD7fL+37+1Xr7/l/f07e7/T/ZsezH/aWSgP6K2eH1u4EhEbeGNN4+3rzevta61Zs6cOPHV4eGvnj4xcCCidrU93ep5dU9OFwAAAAAAAAAAAAAAAMD9k4r4/UjR/OlaqkfEzWq+1tC54WePP9MXfdV8q03ztl8bu3y+/vLs9bn51sJCa6o+PtOenJ1q7fbjatV0r/GR0X3pzB0d3Of2H6y9PDv3xnz72h8vbrv/UO38lYXF+ebk9rvjYBQRjd4tx6oGj4+MVo2ebjdnqqqXtp1M/9ENpCL+K1JMnqmnL+Ztef7/1hn+m+b/L2090D7N//9Uz7byM1Mq4peR4nf+6un4YtXOQ/Ghc5bL/V2kOHb2C7lcHCjLddvQea5AZ2ZgWfb/IsU/fbC5bHc+5JMbZU/u+sQ+IsrxPxwpfvgX34/fzNs2P/9h+/E/tPVA+zT+T/VsO7TpeQV77jp5/I9HipeefDt+K2+73fM/us/eOJoL33o+xz6N/2d6tg3lz/3te9N1AAAAAAAAAACAR9pAKuLvI8WPR/vTC3nbbv7939TWA+3Tv//6bM+2qXuzXtEdX+z5pAIAAADAQ2IgFfGzSHFt8e1bc6g3z//umf/5exvzP0fSlr3V3/N9snpuwL38+79eQ/lzJ/bebQAAAAAAAAAAAAAAAAAAAHiopFTEC3k99YlqPv/Ujuupr0SKV/7nuVwuHSnLddeBH6p+rV2cnTl+fnp6drK52Lwy3aqPzTUnW2XdpyLF2t9+IdctqvXVu+vNd9Z431iLfT5SjP5Dt2xnLfbu2uRPdcsutU6WZT8VKf77HzeX7a5j/ZmN454qy/5NpPjmv2xf9shG2dNl2e9Hip98s94te6gs230+6mc3yj4/OVvs5jR/8qOPDAAAAAAAAAAAAAAAAAAAAI+TgVTEn0eK/72+fGsuf17/f6DnbeWtb/es97/FzWqd/6Fq/f+dXt/N+v/VcwWWdvpUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4eEpRxJuRYu7iWloZLN931C60Z27cHB8Z3b7awVTV7KvKlz+1k6dOn/nKC8Nnu3n7+vfa5+K1scvn6y/PXp+bby0stKbq4zPtydmp1q6PsNf6Wx2rTkD9+us3pq5eXaifev70pt03h94ffOLI0LnhZ48/0yn7ifr4yOjoWE+Z/oGP8HmDt9+ddth+IIr460jx3A9+nn48GFHE3s/FHb47++1g1YljVSfGR0arjky3mzOL5c5L3RNRRNR7KjW65yiP257GYj81IpbK5pcNPlZ2b2yuOd+8Mt2qX2rOL7YX27Mzl1KntWV/6lHE2RSxHBGr23xHBqKI1yPF9w6vpX/N41+dhy9fHPv6iVM7t6PYxz7uQl/Zt4GI5eJ2Y3aH3xTEYBTxz5HiF+8cjX8bjOiPzk98KeLVMn8U8VZ0xjuVX4wzEe85rR8b/VHE/5fjf24tvTNYXg+615UL36h/bebqbE/Z7nXlkb8/xH28mD/k95NaFPGT6oq/lv7d72sAAAAAAAAAAAAAAACAh0gRvx4pXnz3aKrmB9+aU9yeuVa/3Lwy3ZnW1537150zvb6+vl5PnWzknMi5lHM550rO1ZxR5Po5G2XW1tcn8vulnMs5V3Ku5oy+XD9nI+dEzqWcyzlXcq7mjP5cP2cj50TOpZzLOVdyrua8n9MHAQAAAAAAAAAAAAAAAACAx0dR/S/Fd7+1ltYHq/Wl+7r7VqwH+rH3qwAAAP//3v/zCw==")
r4 = syz_open_dev$dri(&(0x7f0000000280), 0x1, 0x301)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r4, 0xc01064c8, &(0x7f0000000200)={0x4000, 0x0, 0x0})
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x4c020, 0x0, 0xfc, 0x0, &(0x7f00000000c0))
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000001c0)=0xf)
r6 = openat$fb0(0xffffffffffffff9c, &(0x7f00000000c0), 0x12b900, 0x0)
ioctl$TIOCNXCL(r5, 0x540d)
ioctl$FBIOBLANK(r6, 0x4611, 0x0)
add_key$keyring(&(0x7f0000000180), &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)

37m44.577260558s ago: executing program 1 (id=171):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=ANY=[], 0x5c}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r0, 0x0, 0x40)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="100029bd7000ffdbdf250e0000003400410908000800060000"], 0x48}, 0x1, 0x0, 0x0, 0x40081c4}, 0x44000)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x31384142, 0x4, 0x2, 0x7, 0x3, 0x5, 0x1, 0x4, 0x2, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
set_mempolicy(0x2, &(0x7f0000000080)=0x51e1, 0x3ff)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)
ftruncate(r3, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
recvmmsg(r5, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0)
sendfile(r4, r3, 0x0, 0x578410eb)
sendmsg$IPCTNL_MSG_CT_NEW(r1, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
r6 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NFC_CMD_DEV_UP(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="010023010000340200000200000008000100", @ANYRES32=0x0, @ANYBLOB="8218dea5fa7fbd0201f097682fcc062f2d786fb5c6772f3ac9fe9638ee137239a6e49fe3d2011ec1f7816fe63ab275f4047c16ae0abdfb508ffc71c1baf13abb3f8f68871eaa4a63e2a3652cfe345f99e3398f2068b536345d4926d544cc65a310c02daab0f23df890b1f7533b63e47c63f98595dd3aa7e86361f4dbeca4ffffffffffffd019fee270d9a54c63e603045673deb8fa574a7431a8b4f5d006c2d400a1c50d22c7b45798bc5f10d2e6ebf1cea5abf5bade9ef133d10ef71f8f1f24e4d35852485fb929d7cf3ed32975e38439a7d0dbb8cc38e2d892728fba7eec80394ef443e0c92e"], 0x1c}}, 0x0)
ioctl$sock_bt_hidp_HIDPCONNADD(r6, 0x400448c8, 0x0)

37m37.770798007s ago: executing program 1 (id=178):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=ANY=[], 0x5c}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r0, 0x0, 0x40)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="100029bd7000ffdbdf250e0000003400410908000800060000"], 0x48}, 0x1, 0x0, 0x0, 0x40081c4}, 0x44000)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x31384142, 0x4, 0x2, 0x7, 0x3, 0x5, 0x1, 0x4, 0x2, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
set_mempolicy(0x2, &(0x7f0000000080)=0x51e1, 0x3ff)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)
ftruncate(r3, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
recvmmsg(r5, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0)
sendfile(r4, r3, 0x0, 0x578410eb)
sendmsg$IPCTNL_MSG_CT_NEW(r1, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
r6 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFC_CMD_DEV_UP(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="010023010000340200000200000008000100", @ANYRES32=0x0, @ANYBLOB="8218dea5fa7fbd0201f097682fcc062f2d786fb5c6772f3ac9fe9638ee137239a6e49fe3d2011ec1f7816fe63ab275f4047c16ae0abdfb508ffc71c1baf13abb3f8f68871eaa4a63e2a3652cfe345f99e3398f2068b536345d4926d544cc65a310c02daab0f23df890b1f7533b63e47c63f98595dd3aa7e86361f4dbeca4ffffffffffffd019fee270d9a54c63e603045673deb8fa574a7431a8b4f5d006c2d400a1c50d22c7b45798bc5f10d2e6ebf1cea5abf5bade9ef133d10ef71f8f1f24e4d35852485fb929d7cf3ed32975e38439a7d0dbb8cc38e2d892728fba7eec80394ef443e0c92e"], 0x1c}}, 0x0)
ioctl$sock_bt_hidp_HIDPCONNADD(r6, 0x400448c8, 0x0)

37m29.749229895s ago: executing program 1 (id=187):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
setsockopt$MRT6_TABLE(0xffffffffffffffff, 0x29, 0xcf, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mount$fuse(0x0, 0x0, 0x0, 0x2018081, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file4/file5\x00', 0x81c0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file4/file7\x00', 0x1c0)
r3 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x200000, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r3, 0x1, &(0x7f0000000340)={0x2000, r4}, 0x0)
landlock_restrict_self(r3, 0x0)
landlock_restrict_self(r3, 0x0)
linkat(0xffffffffffffff9c, &(0x7f0000000500)='./file1/file4/file5\x00', 0xffffffffffffff9c, &(0x7f0000000540)='./file1/file4/file7/file5\x00', 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)

37m27.88153594s ago: executing program 1 (id=189):
keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000000040)=""/9, 0x9)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000000)={'gre0\x00', &(0x7f00000001c0)={'ip_vti0\x00', 0x0, 0x700, 0x8, 0x0, 0x5, {{0xa, 0x4, 0x1, 0x2e, 0x28, 0x65, 0x0, 0x33, 0x2f, 0x0, @multicast1, @private=0xa010102, {[@timestamp_prespec={0x44, 0x4, 0xd2, 0x3, 0xc}, @ssrr={0x89, 0x3, 0x1c}, @timestamp={0x44, 0x4, 0xc3, 0x0, 0x4}, @timestamp={0x44, 0x8, 0xf4, 0x0, 0x7, [0x8776]}]}}}}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, 0x0, 0x0)
setsockopt$SO_TIMESTAMP(r3, 0x1, 0x3f, &(0x7f0000000040)=0xffffffff, 0x4)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
connect$inet(r4, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r4, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0)

37m11.65280797s ago: executing program 33 (id=189):
keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000000040)=""/9, 0x9)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000000)={'gre0\x00', &(0x7f00000001c0)={'ip_vti0\x00', 0x0, 0x700, 0x8, 0x0, 0x5, {{0xa, 0x4, 0x1, 0x2e, 0x28, 0x65, 0x0, 0x33, 0x2f, 0x0, @multicast1, @private=0xa010102, {[@timestamp_prespec={0x44, 0x4, 0xd2, 0x3, 0xc}, @ssrr={0x89, 0x3, 0x1c}, @timestamp={0x44, 0x4, 0xc3, 0x0, 0x4}, @timestamp={0x44, 0x8, 0xf4, 0x0, 0x7, [0x8776]}]}}}}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, 0x0, 0x0)
setsockopt$SO_TIMESTAMP(r3, 0x1, 0x3f, &(0x7f0000000040)=0xffffffff, 0x4)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
connect$inet(r4, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r4, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0)

24m38.585087156s ago: executing program 3 (id=2089):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000002900), r0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = syz_io_uring_setup(0x5, &(0x7f0000000100)={0x0, 0x8de3, 0x10310, 0x1, 0x4004a, 0x0, r3}, &(0x7f00000003c0)=<r5=>0x0, &(0x7f0000000400)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r4, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r7 = socket$pppl2tp(0x18, 0x1, 0x1)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r7, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r8, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1}}, 0x2}}, 0x2e)
close(r7)
r9 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r9, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x12}}, 0x2, 0x0, 0x0, 0x2}}, 0x2e)
ioctl$PPPIOCGL2TPSTATS(r7, 0x40047459, 0x0)
r10 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r10, 0xc0045005, &(0x7f0000000140)=0x2000)
openat$sndseq(0xffffff9c, &(0x7f0000000240), 0x101000)
write$dsp(r10, 0x0, 0x0)
ppoll(&(0x7f00000000c0)=[{r10, 0x9620}], 0x1, 0x0, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x3)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c)
syz_open_dev$vim2m(0x0, 0x7fffffff, 0x2)

24m36.614249732s ago: executing program 3 (id=2093):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r1}, 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="01"], 0x48}}, 0x20000000)

24m35.781524612s ago: executing program 3 (id=2095):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r3, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_int(r3, 0x0, 0xd, &(0x7f0000000040)=0xfffffffc, 0x4)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000000c0)={{}, 0x0, 0x0}, 0x20)
recvmmsg(r3, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001900)=@newtaction={0xeb8, 0x30, 0xb, 0x0, 0x0, {}, [{0xea4, 0x1, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0xb}}]}, {0x4}, {0xc}, {0xc}}}, @m_pedit={0xe58, 0x2, 0x0, 0x0, {{0xa}, {0xe2c, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{}, 0x1}, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x9, 0x0, 0x0, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {0x400}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x1000000}, {}, {}, {0x0, 0x800, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {0x400000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x1}, {0x0, 0x3}, {0x0, 0x0, 0x3}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x3}, {0x0, 0x1}]}}, @TCA_PEDIT_KEYS_EX={0x8, 0x5, 0x0, 0x1, [{0x4}]}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xeb8}}, 0x4000)
readv(0xffffffffffffffff, 0x0, 0x0)
connect$qrtr(0xffffffffffffffff, &(0x7f0000000140)={0x2a, 0x3, 0x7fff}, 0xc)
r5 = fsopen(&(0x7f0000000040)='binder\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
close(r5)
r6 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
setsockopt$llc_int(r6, 0x10c, 0x4, &(0x7f0000000180)=0x8, 0x4)
mount$fuse(0x0, 0x0, &(0x7f00000001c0), 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x81, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000004c00)=ANY=[@ANYBLOB="040100001a0007000000000000000000fe80000000000000000000000000001be0000002000000000000000000000000ffff0000000000000000000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ff010000000000000000000000000001000000002b000000fc000000000000000000000000000000000000000000000000b4000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000700000000000000fdffffffffffffff0000040000000000e80a000000000000000000000a0002007000000014000e"], 0x104}}, 0x0)

24m27.38222108s ago: executing program 3 (id=2110):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0)

24m26.375901079s ago: executing program 3 (id=2114):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCDELRT(r0, 0x890c, &(0x7f0000005d80)={0x0, @l2tp={0x2, 0x0, @loopback}, @nl=@kern={0x10, 0x0, 0x0, 0x40000}, @nfc={0x27, 0x0, 0x1, 0x3}, 0xf28, 0x0, 0x0, 0x0, 0x708d, 0x0, 0x100, 0x4, 0x3})
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x23b, &(0x7f0000000380)={0x0, 0xce0a, 0x10100, 0x3, 0x370, 0x0, r3}, &(0x7f0000000180)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_setup(0x8, &(0x7f0000000680)=<r6=>0x0)
io_pgetevents(r6, 0x2, 0x2, &(0x7f00000000c0)=[{}, {}], 0x0, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x2d)
r8 = gettid()
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000d00), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="d4c9ff806c388d4195ccbe13bec711f6e0e95ade9073a09b0ac4205c195939fe20", @ANYRES16=r10, @ANYBLOB="010000000000000000000c000000180001801400020073797a5f74756e00000000000000000014000380100003800c0001800800010000400000"], 0x40}, 0x1, 0x0, 0x0, 0x1}, 0x0)
timer_create(0x0, &(0x7f00000003c0)={0x0, 0x21, 0x800000000004, @tid=r8}, &(0x7f0000000380))
ioctl$F2FS_IOC_START_VOLATILE_WRITE(r1, 0xf503, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe2(&(0x7f0000001440), 0x0)
r11 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
read$qrtrtun(r11, 0x0, 0x0)
connect$qrtr(0xffffffffffffffff, &(0x7f0000000040)={0x2a, 0xffffffff, 0xfffffffe}, 0xc)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)

24m24.164306509s ago: executing program 3 (id=2123):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket(0x21, 0x3, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000500)="9a161709c58230e35c57dd6d2cea14e8b9428208af0b68a2f92a8529833b4a38acc6b8f1b26db22644bbbee704fa68b86fc9d894418e31e4f2b10238817e82a8814a2a13f5e66dd538365c0e97742bbd7c058028cb4c4ef1c9ad52293f25a1f41700fcaececc01bed0ba0bfd64bd29183abc802328630068f363c6d725cea6074772ba71309e4de050ac654fa5e9bfb2b0f088c66993f5a3216dcbbf06cb38c7c59a02e09f2ecb1a96e22c58cb276eb636dfe70afc6c086fd6a10f8c701e62d684c6710c058ff788a45acec37af64c", &(0x7f00000000c0)=@tcp=r2, 0x4}, 0x1c)
bind$unix(r2, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000001680)=[{{&(0x7f0000000380)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x1, 0x40094)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r4 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r5 = openat$binfmt(0xffffffffffffff9c, r4, 0x42, 0x1ff)
close(r5)
execveat$binfmt(0xffffffffffffff9c, r4, 0x0, 0x0, 0x0)
r6 = openat$binfmt(0xffffffffffffff9c, r4, 0x2, 0x0)
close(r6)
execveat$binfmt(0xffffffffffffff9c, r4, 0x0, 0x0, 0x0)
modify_ldt$write2(0x11, &(0x7f0000000100)={0x1, 0x1000, 0x4000, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1}, 0x10)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
sync_file_range(r0, 0xffffffffffffa525, 0x7, 0x3)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r8=>0x0})
r9 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0xffa1, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r8, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

24m8.957460601s ago: executing program 34 (id=2123):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket(0x21, 0x3, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000500)="9a161709c58230e35c57dd6d2cea14e8b9428208af0b68a2f92a8529833b4a38acc6b8f1b26db22644bbbee704fa68b86fc9d894418e31e4f2b10238817e82a8814a2a13f5e66dd538365c0e97742bbd7c058028cb4c4ef1c9ad52293f25a1f41700fcaececc01bed0ba0bfd64bd29183abc802328630068f363c6d725cea6074772ba71309e4de050ac654fa5e9bfb2b0f088c66993f5a3216dcbbf06cb38c7c59a02e09f2ecb1a96e22c58cb276eb636dfe70afc6c086fd6a10f8c701e62d684c6710c058ff788a45acec37af64c", &(0x7f00000000c0)=@tcp=r2, 0x4}, 0x1c)
bind$unix(r2, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000001680)=[{{&(0x7f0000000380)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x1, 0x40094)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r4 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r5 = openat$binfmt(0xffffffffffffff9c, r4, 0x42, 0x1ff)
close(r5)
execveat$binfmt(0xffffffffffffff9c, r4, 0x0, 0x0, 0x0)
r6 = openat$binfmt(0xffffffffffffff9c, r4, 0x2, 0x0)
close(r6)
execveat$binfmt(0xffffffffffffff9c, r4, 0x0, 0x0, 0x0)
modify_ldt$write2(0x11, &(0x7f0000000100)={0x1, 0x1000, 0x4000, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1}, 0x10)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
sync_file_range(r0, 0xffffffffffffa525, 0x7, 0x3)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r8=>0x0})
r9 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0xffa1, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r8, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

23m29.992162077s ago: executing program 5 (id=2235):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000180)={r0, 0xfffffffffffffff8, 0x1, 0x100000})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'vlan0\x00'})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
syz_emit_ethernet(0x3e, &(0x7f0000000140)={@broadcast, @random="17043a73dbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x0, @empty=0xac1414aa}}}}}}, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$FOU_CMD_ADD(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x20008000}, 0x4000)
getsockname$packet(r4, &(0x7f0000000740)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20004090)
inotify_add_watch(0xffffffffffffffff, 0x0, 0x2)
socket$inet(0x2, 0x4000000805, 0x0)
syz_open_dev$vim2m(0x0, 0x9, 0x2)
r5 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r5, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900})
ioctl$VIDIOC_DQEVENT(r5, 0x80885659, &(0x7f0000000240)={0x0, @src_change})
r6 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_QUERYMENU(r6, 0xc008561c, &(0x7f0000000000)={0x980900, 0x3, @name="51da06bc7338e17dfebb1580e15b95473b09f0d1fb8aa1e9959ef9dc00"})
r7 = syz_io_uring_setup(0x111, &(0x7f0000000b00)={0x0, 0x35da, 0x2, 0x7, 0x367}, &(0x7f0000000140)=<r8=>0x0, &(0x7f0000000400))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0x200, 0x0, 0x4)
io_uring_enter(r7, 0x66a8, 0x4000, 0xf, 0x0, 0x18)

23m24.198398707s ago: executing program 5 (id=2244):
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000280)={@my=0x1})
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f00000001c0)={0x28, 0x0, 0x0, @my=0x1}, 0x10)

23m19.765226572s ago: executing program 5 (id=2251):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000001880)={0x0, 0x0, &(0x7f0000001840)={&(0x7f0000001540)=ANY=[@ANYBLOB], 0x28}, 0x1, 0x0, 0x0, 0x40800}, 0x4004010)

23m18.376405348s ago: executing program 5 (id=2256):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
mq_getsetattr(0xffffffffffffffff, &(0x7f0000000300)={0xb0000000, 0x6, 0x6, 0x8}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x1e, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet(0x2, 0x3, 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000340)=[{0xb1, 0xc, 0x77, 0xfffff024}, {0x6, 0x0, 0x0, 0x2}]}, 0x8)
r5 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtaction={0x48, 0x30, 0xffff, 0x0, 0x0, {}, [{0x34, 0x1, [@m_police={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x48}}, 0x0)
sendmmsg(r3, &(0x7f0000001c00), 0x400000000000159, 0x40840)

23m12.671772029s ago: executing program 5 (id=2271):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
r3 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000001c0)={r1, r2, 0x26, 0x0, @void}, 0x10)
bpf$LINK_DETACH(0x22, &(0x7f0000000400)=r3, 0x4)
bpf$LINK_DETACH(0x22, &(0x7f00000002c0)=r3, 0x4)

23m11.636240926s ago: executing program 5 (id=2273):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
ioctl$VIDIOC_ENUMSTD(r0, 0xc0485619, &(0x7f00000003c0)={0x8, 0x1000, "88ccc5daf80cd6a4471030967393bca9378705edf628163e", {0x7, 0x2}, 0x800})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
syz_open_dev$dri(&(0x7f0000000340), 0x4, 0x20000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x50313134, 0x0, 0xa, [{}, {0x10}, {}, {0x0, 0xffffffff}, {0x6}]}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, &(0x7f0000000180)={0xf0f015, 0x4})
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(aes-generic)\x00'}, 0x58)
r6 = accept4(r5, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000300)="ad56b6c5820fae9d", 0x8)
sendto$inet6(r6, &(0x7f0000000080)="255b2a20f709b4a43a1307c620044218fe1f90c892edda55948fc95472faf2", 0x1f, 0x800, 0x0, 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_group_source_req(r7, 0x29, 0x2e, &(0x7f0000000000)={0x0, {{0xa, 0x4e24, 0x4, @mcast2, 0x4}}, {{0xa, 0x4e20, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3fe000}}}, 0x108)
setsockopt$inet6_group_source_req(r7, 0x29, 0x2e, &(0x7f0000000280)={0x0, {{0xa, 0x4e20, 0x4, @mcast2}}, {{0xa, 0x4e24, 0x9, @private2, 0x5}}}, 0x104)
syz_emit_ethernet(0x46, &(0x7f0000000440)=ANY=[@ANYBLOB="5f00000000003df150d0555f86dd60d2339600103afffe80000000000000000000000000e5d8e8528b535f890b00000000"], 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})

22m56.42096997s ago: executing program 35 (id=2273):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
ioctl$VIDIOC_ENUMSTD(r0, 0xc0485619, &(0x7f00000003c0)={0x8, 0x1000, "88ccc5daf80cd6a4471030967393bca9378705edf628163e", {0x7, 0x2}, 0x800})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
syz_open_dev$dri(&(0x7f0000000340), 0x4, 0x20000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x50313134, 0x0, 0xa, [{}, {0x10}, {}, {0x0, 0xffffffff}, {0x6}]}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, &(0x7f0000000180)={0xf0f015, 0x4})
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(aes-generic)\x00'}, 0x58)
r6 = accept4(r5, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000300)="ad56b6c5820fae9d", 0x8)
sendto$inet6(r6, &(0x7f0000000080)="255b2a20f709b4a43a1307c620044218fe1f90c892edda55948fc95472faf2", 0x1f, 0x800, 0x0, 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_group_source_req(r7, 0x29, 0x2e, &(0x7f0000000000)={0x0, {{0xa, 0x4e24, 0x4, @mcast2, 0x4}}, {{0xa, 0x4e20, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3fe000}}}, 0x108)
setsockopt$inet6_group_source_req(r7, 0x29, 0x2e, &(0x7f0000000280)={0x0, {{0xa, 0x4e20, 0x4, @mcast2}}, {{0xa, 0x4e24, 0x9, @private2, 0x5}}}, 0x104)
syz_emit_ethernet(0x46, &(0x7f0000000440)=ANY=[@ANYBLOB="5f00000000003df150d0555f86dd60d2339600103afffe80000000000000000000000000e5d8e8528b535f890b00000000"], 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})

9m34.243683698s ago: executing program 4 (id=5217):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r0}, 0x9)
add_key(&(0x7f0000000280)='rxrpc\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff)

9m33.965018336s ago: executing program 4 (id=5220):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002d40)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = gettid()
sendmsg$unix(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000640)='Q', 0x1}], 0x1, &(0x7f0000001040)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r2, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0000000030000000000000000100000001000000", @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r1, @ANYBLOB="1c000000000000000100000402000000", @ANYRES32, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r0, @ANYBLOB="0000000018"], 0xa0}, 0x4004881)

9m33.669246917s ago: executing program 4 (id=5222):
r0 = socket$inet6(0xa, 0x3, 0x3c)
setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000000040)=ANY=[@ANYBLOB="0002020100000008ff"], 0x18)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x5}, 0x1c)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000100)="88", 0xfdef}], 0x1)

9m33.331360662s ago: executing program 4 (id=5227):
r0 = socket$rds(0x15, 0x5, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$rds(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x2, 0x0, @dev}, 0x10, 0x0, 0x0, &(0x7f0000000140)=[@rdma_map={0x30, 0x10c, 0x3, {{0x0}, 0x0, 0x19}}, @rdma_map={0x30, 0x114, 0x3, {{0x0}, 0x0, 0x6}}], 0x60, 0x45}, 0x0)

9m32.986479599s ago: executing program 4 (id=5232):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r0}, 0x9)
add_key(&(0x7f0000000280)='rxrpc\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff)

9m31.342578719s ago: executing program 4 (id=5235):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x7, 0x4, 0x208, 0x1}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYRESHEX=0x0], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000004c0)=ANY=[@ANYBLOB="1809000000000000000000000001000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r3}, &(0x7f0000000540), &(0x7f0000000580)=r4}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r3, &(0x7f0000000780)}, 0x20)
io_uring_register$IORING_UNREGISTER_RING_FDS(r2, 0x15, &(0x7f0000005140)=[{0x4, 0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000e80)=""/246, 0xf6}, {&(0x7f0000000f80)=""/239, 0xef}, {&(0x7f0000001080)=""/218, 0xda}, {&(0x7f0000001180)=""/195, 0xc3}], &(0x7f0000000500)=[0x8, 0xaf, 0xd5e8]}, {0x4, 0x1, 0x0, &(0x7f0000000b80)=[{&(0x7f0000000ac0)=""/126, 0x7e}, {&(0x7f0000001280)=""/75, 0x4b}, {&(0x7f0000001300)=""/239, 0xef}, {&(0x7f0000001400)=""/129, 0x81}], &(0x7f00000014c0)=[0x679, 0x7, 0x2, 0x5, 0x8000, 0x0, 0x80]}, {0x4, 0x0, 0x0, &(0x7f00000026c0)=[{&(0x7f0000001500)=""/4096, 0x1000}, {&(0x7f0000002500)=""/104, 0x68}, {&(0x7f0000002580)=""/66, 0x42}, {&(0x7f0000002600)=""/176, 0xb0}], &(0x7f0000002700)=[0xfff, 0x869c, 0x6, 0x8, 0x4040000000, 0xc19, 0x2, 0x5, 0x425c]}, {0x1, 0x0, 0x0, &(0x7f00000027c0)=[{&(0x7f0000002780)=""/8, 0x8}], &(0x7f0000002800)=[0x6, 0x7fff, 0x3ff]}, {0x2, 0x1, 0x0, &(0x7f00000029c0)=[{&(0x7f0000002840)=""/248, 0xf8}, {&(0x7f0000002940)=""/74, 0x4a}], &(0x7f0000002a00)=[0xc, 0x100, 0x80, 0x7, 0x8000000000000000, 0x7]}, {0x2, 0x0, 0x0, &(0x7f0000002b80)=[{&(0x7f0000002a40)=""/248, 0xf8}, {&(0x7f0000002b40)=""/23, 0x17}], &(0x7f0000002bc0)=[0x1, 0x294, 0x2, 0x8, 0x9, 0x6, 0xfffffffffffeffff, 0x3]}, {0x8, 0x0, 0x0, &(0x7f0000005040)=[{&(0x7f0000002c00)=""/133, 0x85}, {&(0x7f0000002cc0)=""/224, 0xe0}, {&(0x7f0000002dc0)=""/4096, 0x1000}, {&(0x7f0000003dc0)=""/104, 0x68}, {&(0x7f0000003e40)}, {&(0x7f0000003e80)=""/180, 0xb4}, {&(0x7f0000003f40)=""/4096, 0x1000}, {&(0x7f0000004f40)=""/194, 0xc2}], &(0x7f00000050c0)=[0x2, 0x7fffffff, 0xffffffffffffffff, 0x7e8, 0x3, 0x4, 0x400, 0xffffffffffff7fff, 0xa19c, 0x5]}], 0x7)
prlimit64(0x0, 0x8, &(0x7f0000000000)={0xfffffffffffffffb, 0xfffffffffffffffc}, 0x0)
getrlimit(0x8, &(0x7f0000000b40))
bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x1a, 0xb, &(0x7f0000000c80)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095", @ANYRES16=r2, @ANYRES32=r0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc0}, 0x94)
r5 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="0c0100001000130428bd700000000000e0000001000000000000000000000000ff0200000000000000000000000000014e2100004e2400000200202000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc020000000000000000f30000000001000000003cf87af4cc53c7bf418f4e77ad34c80000000a0101000000000000000000000000000400000000000000060000000000000000000000000000000400000000004000ffffffffffffffff03000000000000007f00000000000000000000000000000000000000000000000000000001000000cc000000000000000000000000000000f60000000000000000000000000000000000001c00040002004e21002700"/196], 0x10c}}, 0x804)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
clock_gettime(0x1, &(0x7f0000000000)={<r7=>0x0, <r8=>0x0})
clock_settime(0x0, &(0x7f0000000040)={r7, r8+10000000})
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x1c, 0x0, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}]}, 0x1c}}, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r5, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f0000000d00)=ANY=[@ANYBLOB="4c900000ea5d7ead9870d9c3afeda3fef5148380481c876cd402eec1447634a7e4d179891852423c4134ce0d4782f4963510d89e8e3bcb6579c2174c457a2a", @ANYRES16=0x0, @ANYBLOB="080428bd7000fddbdf250e000000080004000000800030000280080003000100000006000f009400000014000100ffffffff0000000000000000000000000800050008000000"], 0x4c}, 0x1, 0x0, 0x0, 0x4400}, 0x90)
open$dir(&(0x7f0000000080)='./file0\x00', 0x804000, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18)
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800, &(0x7f0000000380)={[{@errors_remount}, {@discard}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5e}}, {@noauto_da_alloc}, {@bsdgroups}, {@jqfmt_vfsv1}, {@abort}, {@data_err_ignore}]}, 0x1, 0x476, &(0x7f0000000540)="$eJzs3M1vFOUfAPDvzLblx2v7Q3wBUavE2PjS0oLKwYtGEw8YTfSAN2tbCKFQQ2sihEg1Bi8mhkTP6tHEv8CbF6OeTLzq3ZAQ5QJ6qpnZmbK7dLctLLuF/XySZZ9n5pl9nm9nnp1n5pklgJ41nP2TRGyLiN8jYrCarS8wXH27duXc1D9Xzk0lsbT05l9JXu7qlXNTZdFyu61FZiSNSD9JikrqzZ85e2JydnbmdJEfWzj53tj8mbPPHD85eWzm2MypiUOHDh4Yf/65iWfbEmcW19U9H87t3f3q2xdfmzpy8d2fv8vau61YXxtHg00N72s2nAX+91JueWFafXt83RFsbNtr0klfFxvCulQiIttd/Xn/H4xKXN95g/HKx11tHHBbZeemFie2xSXgLpZEt1sAdEd5os+uf8tXh4YeG8LlF6sXQFnc14pXdU1feameXxttv031D0fEkcV/v8pe0fo+BABAW3w29eXheHql8V8a99WU21HMoQxFxP8jYmdE3BMRuyLi3oi87P0R8cDqVaa1mcapoRvHP+mlmw5uDbLx3wvF3Fb9+G+5mUOVIrc9j78/OXp8dmZ/8TcZif5NWX68RR0/vPzb583W1Y7/sldWfzkWLNpxqa/hBt305MJkPihtg8sfRezpWyn+ZHkmIImI3RGxZ30fvaNMHH/y273NCq0efwttmGda+ibiier+X4yG+EtJ6/nJsf/F7Mz+sfKouNEvv154o1n9txR/G2T7f0v98d9YZCipna+dX38dF/74tOk1zc0e/wPJW/m2A8WyDyYXFk6PRwwkh/N83fKJ69uW+bJ8Fv/IvpX7/85imyz+ByMiO4gfioiHI+KRou2PRsRjEbGvRfw/vdR8XX38m7d1Y/9PN3z/bc7XLB//Dft//YnKiR+/X7n2r99Z2/4/mKdGiiX5998q1trAW/zzAQAAwB0hzZ+BT9LR5XSajo5Wn+HfFVvS2bn5haeOzr1/arr6rPxQ9Kflna7Bmvuh48li8YnV/ERxr7hcf6C4b/xFZXOeH52am53ucuzQ67Y26f+ZPyvdbh1w2600jzYx0IWGAB3X2P/T+uz51zvZGKCjmj5Hs6Wz7QA6b5Xn6NJOtQPoPP9fC/Sulfr/+Ya8uQC4Ozn/Q+/S/6F36f/Qu/R/6Emr/Ui+cou//Ze44xLJ2gpH2v2mboxEf0S05QMHNkQ4RaLb30wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADt8V8AAAD//5qI6jE=")
bpf$PROG_LOAD(0x5, &(0x7f0000000dc0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffff"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x21, 0x0, 0x0, 0x100000, 0x400, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2000000, 0x0, 0x200000000000000}, 0x50)

9m15.827862316s ago: executing program 36 (id=5235):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x7, 0x4, 0x208, 0x1}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYRESHEX=0x0], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000004c0)=ANY=[@ANYBLOB="1809000000000000000000000001000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r3}, &(0x7f0000000540), &(0x7f0000000580)=r4}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r3, &(0x7f0000000780)}, 0x20)
io_uring_register$IORING_UNREGISTER_RING_FDS(r2, 0x15, &(0x7f0000005140)=[{0x4, 0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000e80)=""/246, 0xf6}, {&(0x7f0000000f80)=""/239, 0xef}, {&(0x7f0000001080)=""/218, 0xda}, {&(0x7f0000001180)=""/195, 0xc3}], &(0x7f0000000500)=[0x8, 0xaf, 0xd5e8]}, {0x4, 0x1, 0x0, &(0x7f0000000b80)=[{&(0x7f0000000ac0)=""/126, 0x7e}, {&(0x7f0000001280)=""/75, 0x4b}, {&(0x7f0000001300)=""/239, 0xef}, {&(0x7f0000001400)=""/129, 0x81}], &(0x7f00000014c0)=[0x679, 0x7, 0x2, 0x5, 0x8000, 0x0, 0x80]}, {0x4, 0x0, 0x0, &(0x7f00000026c0)=[{&(0x7f0000001500)=""/4096, 0x1000}, {&(0x7f0000002500)=""/104, 0x68}, {&(0x7f0000002580)=""/66, 0x42}, {&(0x7f0000002600)=""/176, 0xb0}], &(0x7f0000002700)=[0xfff, 0x869c, 0x6, 0x8, 0x4040000000, 0xc19, 0x2, 0x5, 0x425c]}, {0x1, 0x0, 0x0, &(0x7f00000027c0)=[{&(0x7f0000002780)=""/8, 0x8}], &(0x7f0000002800)=[0x6, 0x7fff, 0x3ff]}, {0x2, 0x1, 0x0, &(0x7f00000029c0)=[{&(0x7f0000002840)=""/248, 0xf8}, {&(0x7f0000002940)=""/74, 0x4a}], &(0x7f0000002a00)=[0xc, 0x100, 0x80, 0x7, 0x8000000000000000, 0x7]}, {0x2, 0x0, 0x0, &(0x7f0000002b80)=[{&(0x7f0000002a40)=""/248, 0xf8}, {&(0x7f0000002b40)=""/23, 0x17}], &(0x7f0000002bc0)=[0x1, 0x294, 0x2, 0x8, 0x9, 0x6, 0xfffffffffffeffff, 0x3]}, {0x8, 0x0, 0x0, &(0x7f0000005040)=[{&(0x7f0000002c00)=""/133, 0x85}, {&(0x7f0000002cc0)=""/224, 0xe0}, {&(0x7f0000002dc0)=""/4096, 0x1000}, {&(0x7f0000003dc0)=""/104, 0x68}, {&(0x7f0000003e40)}, {&(0x7f0000003e80)=""/180, 0xb4}, {&(0x7f0000003f40)=""/4096, 0x1000}, {&(0x7f0000004f40)=""/194, 0xc2}], &(0x7f00000050c0)=[0x2, 0x7fffffff, 0xffffffffffffffff, 0x7e8, 0x3, 0x4, 0x400, 0xffffffffffff7fff, 0xa19c, 0x5]}], 0x7)
prlimit64(0x0, 0x8, &(0x7f0000000000)={0xfffffffffffffffb, 0xfffffffffffffffc}, 0x0)
getrlimit(0x8, &(0x7f0000000b40))
bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x1a, 0xb, &(0x7f0000000c80)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095", @ANYRES16=r2, @ANYRES32=r0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc0}, 0x94)
r5 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="0c0100001000130428bd700000000000e0000001000000000000000000000000ff0200000000000000000000000000014e2100004e2400000200202000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc020000000000000000f30000000001000000003cf87af4cc53c7bf418f4e77ad34c80000000a0101000000000000000000000000000400000000000000060000000000000000000000000000000400000000004000ffffffffffffffff03000000000000007f00000000000000000000000000000000000000000000000000000001000000cc000000000000000000000000000000f60000000000000000000000000000000000001c00040002004e21002700"/196], 0x10c}}, 0x804)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
clock_gettime(0x1, &(0x7f0000000000)={<r7=>0x0, <r8=>0x0})
clock_settime(0x0, &(0x7f0000000040)={r7, r8+10000000})
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x1c, 0x0, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}]}, 0x1c}}, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r5, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f0000000d00)=ANY=[@ANYBLOB="4c900000ea5d7ead9870d9c3afeda3fef5148380481c876cd402eec1447634a7e4d179891852423c4134ce0d4782f4963510d89e8e3bcb6579c2174c457a2a", @ANYRES16=0x0, @ANYBLOB="080428bd7000fddbdf250e000000080004000000800030000280080003000100000006000f009400000014000100ffffffff0000000000000000000000000800050008000000"], 0x4c}, 0x1, 0x0, 0x0, 0x4400}, 0x90)
open$dir(&(0x7f0000000080)='./file0\x00', 0x804000, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18)
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800, &(0x7f0000000380)={[{@errors_remount}, {@discard}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5e}}, {@noauto_da_alloc}, {@bsdgroups}, {@jqfmt_vfsv1}, {@abort}, {@data_err_ignore}]}, 0x1, 0x476, &(0x7f0000000540)="$eJzs3M1vFOUfAPDvzLblx2v7Q3wBUavE2PjS0oLKwYtGEw8YTfSAN2tbCKFQQ2sihEg1Bi8mhkTP6tHEv8CbF6OeTLzq3ZAQ5QJ6qpnZmbK7dLctLLuF/XySZZ9n5pl9nm9nnp1n5pklgJ41nP2TRGyLiN8jYrCarS8wXH27duXc1D9Xzk0lsbT05l9JXu7qlXNTZdFyu61FZiSNSD9JikrqzZ85e2JydnbmdJEfWzj53tj8mbPPHD85eWzm2MypiUOHDh4Yf/65iWfbEmcW19U9H87t3f3q2xdfmzpy8d2fv8vau61YXxtHg00N72s2nAX+91JueWFafXt83RFsbNtr0klfFxvCulQiIttd/Xn/H4xKXN95g/HKx11tHHBbZeemFie2xSXgLpZEt1sAdEd5os+uf8tXh4YeG8LlF6sXQFnc14pXdU1feameXxttv031D0fEkcV/v8pe0fo+BABAW3w29eXheHql8V8a99WU21HMoQxFxP8jYmdE3BMRuyLi3oi87P0R8cDqVaa1mcapoRvHP+mlmw5uDbLx3wvF3Fb9+G+5mUOVIrc9j78/OXp8dmZ/8TcZif5NWX68RR0/vPzb583W1Y7/sldWfzkWLNpxqa/hBt305MJkPihtg8sfRezpWyn+ZHkmIImI3RGxZ30fvaNMHH/y273NCq0efwttmGda+ibiier+X4yG+EtJ6/nJsf/F7Mz+sfKouNEvv154o1n9txR/G2T7f0v98d9YZCipna+dX38dF/74tOk1zc0e/wPJW/m2A8WyDyYXFk6PRwwkh/N83fKJ69uW+bJ8Fv/IvpX7/85imyz+ByMiO4gfioiHI+KRou2PRsRjEbGvRfw/vdR8XX38m7d1Y/9PN3z/bc7XLB//Dft//YnKiR+/X7n2r99Z2/4/mKdGiiX5998q1trAW/zzAQAAwB0hzZ+BT9LR5XSajo5Wn+HfFVvS2bn5haeOzr1/arr6rPxQ9Kflna7Bmvuh48li8YnV/ERxr7hcf6C4b/xFZXOeH52am53ucuzQ67Y26f+ZPyvdbh1w2600jzYx0IWGAB3X2P/T+uz51zvZGKCjmj5Hs6Wz7QA6b5Xn6NJOtQPoPP9fC/Sulfr/+Ya8uQC4Ozn/Q+/S/6F36f/Qu/R/6Emr/Ui+cou//Ze44xLJ2gpH2v2mboxEf0S05QMHNkQ4RaLb30wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADt8V8AAAD//5qI6jE=")
bpf$PROG_LOAD(0x5, &(0x7f0000000dc0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffff"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x21, 0x0, 0x0, 0x100000, 0x400, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2000000, 0x0, 0x200000000000000}, 0x50)

10.112430309s ago: executing program 7 (id=8373):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000e40), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000001080)={0x0}}, 0x0)

9.810728763s ago: executing program 7 (id=8378):
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = syz_pidfd_open(0x0, 0x0)
pidfd_send_signal(r2, 0x37, &(0x7f00000003c0)={0x16, 0x3, 0x101}, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
keyctl$restrict_keyring(0xa, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000300)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000480)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x4}}, {@delalloc}, {@dioread_lock}]}, 0x67, 0x52b, &(0x7f0000000a00)="$eJzs3V9rLGcZAPBnNrvHk3NymlS90IK12krOQc9u0tg2eFEriF4V1HpfY7IJIZtsyG7ak1BMDn4AQUQFr/TGG8EPIEjBGy9FKOi1oqKInuqFF9qR2Z1Nc5L913aTTZPfDybzvjPvzPO8G2Z2ZmeYCeDKeiIiXoiIt9I0vRMR0/n0Qj7EYXvI2r354LXlbEgiTV/6RxJJPq2zriQf38wXux4RX/tyxDeT03Ebe/sbS7VadSevV5qb25XG3v7d9c2ltepadWthYf7ZxecWn1mcG0k/b0XE81/8y/e/89MvPf/Lz7z6x5f/dvtbWVpT+fzj/XiHiv1mtrtean0WxxfYeZfBLqJiq4e5yW4tJk5NuX/GOQEA0F12jP/BiPhkRNyJ6ZjofzgLAAAAvA+ln5+K/yYRaXfXekwHAAAA3kcKrXtgk0I5vxdgKgqFcrl9D++H40ahVm80P71a391aad8rOxOlwup6rTqX3ys8E6Ukq8+3ym/Xnz5RX4iIRyPie9OTrXp5uV5bGfePHwAAAHBF3Dxx/v/v6fb5f8fBOJMDAAAARmdm3AkAAAAAZ27Y8/8bZ5wHAAAAcHZc/wcAAIBL7SsvvpgNaef91yuv7O1u1F+5u1JtbJQ3d5fLy/Wd7fJavb7Wembf5qD11er17c/G1u69SrPaaFYae9djs7671Xx5/aFXYAMAAADn6NGPv/77JCIOPzfZGjLXhlt0yGbARVU8KiX5uMtm/YdH2uM/n1NSwLmYGHcCwNgUx50AMDalcScAjF0yYH7Pm3d+k48/Mdp8AACA0Zv9aO/r/4W+Sx72nw1ceDZiuLpc/4erq3X9f9g7eR0swKVSGnQE0HebPxhxNsA4vOfr/wOl6TtKCAAAGLmp1pAUysVOvVAolyNutV4LUEpW12vVuYh4JCJ+N136QFafb7VMBp4zAAAAAAAAAAAAAAAAAAAAAAAAAABtaZpECgAAAFxqEYW/Jr9qP8t/dvqpqZO/D1xL/jMd+StCX/3RSz+4t9Rs7sxn0/95NL35w3z60+P4BQMAAACuhAEv8H9Y5zy9cx4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKP05oPXljvDecb9+xciYqZb/GJcb42vRykibvwrieKx5ZKImBhB/Mnsz0e6xU+ytI5Cdos/OYL4h/f7xo/D/FPoFv/mCOLDVfZ6tv95odv2V4gnWuPu218x4qH6u9V7/xdH+7+JHtv/rSFjPPbGzys949+PeKx4Kv5BFqETP+kR/8kh43/j6/v7vealP46Y7fr9k3SaZHvIqDQ3tyuNvf2765tLa9W16tbCwvyzi88tPrM4V1ldr1Xzv11jfPdjv3irX/9v9Ig/M6D/T51a27WuMf73xr0HH2oXS93i336yS/xf/yRvcTp+If/u+1RezubPdsqH7fJxj//st4/36/9Kj/4P+v/f7rXSE+589dt/GrIpAHAOGnv7G0u1WnXn0hays/QhG2dHZxciZ4XzKRyMdIVpmqbZNvUe1pPERfhYWoVx75kAAIBRe/ugf9yZAAAAAAAAAAAAAAAAAAAAwNV1Ho8TOxnz8KiUjOIR2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI/H/AAAA///s19ky")
r3 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
r4 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
write$binfmt_register(r4, &(0x7f0000000440)={0x3a, 'syz2', 0x3a, 'M', 0x3a, 0x0, 0x3a, 'usrjquota=', 0x3a, '', 0x3a, './file2', 0x3a, [0x46]}, 0x32)
unshare(0x22020600)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r3, 0x7, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f00000004c0)=ANY=[@ANYBLOB="51bf70c7e7e7d5e8cbe8dc2995a12e180300000000000000000000fa0000001811000046939f13b3060bc1b4b01e98a2fcd368b5618e1840cc485ecd92234ab9e8b299de45fc7bad3e43a4a5da62e8002f8e438223d000d5392fccd4a5f5266436d5424f7823", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10)
r7 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25SDTEFACILITIES(r7, 0x89eb, &(0x7f00000002c0)={0x1, 0xfd34, 0xc29c, 0x1, 0xf9, 0x1a, 0x1a, "931f96eeac346ba0c0a27b386a562ee616f59c36", "86efda90380f8f5a9eef7794662227c28cd98a1d"})
pivot_root(&(0x7f00000001c0)='.\x00', &(0x7f0000002080)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00')
getsockopt$IP_VS_SO_GET_INFO(r1, 0x0, 0x481, &(0x7f0000000000), &(0x7f0000000240)=0xc)
sendmsg$nl_route_sched(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, 0x0, {0xf000, 0xffff}, {}, {0x7, 0x8}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_CLASSID={0x6, 0x1, {0x0, 0x4}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)
ptrace$getsig(0x4202, 0x0, 0xcc43, &(0x7f0000000340))

9.184516495s ago: executing program 2 (id=8383):
creat(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x182)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15)
dup(r0)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000300), 0x0, 0x0)

8.140367019s ago: executing program 6 (id=8385):
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
msgget(0x1, 0x2b0)
mount$9p_fd(0x0, 0x0, &(0x7f0000000080), 0x400, &(0x7f0000000340)=ANY=[@ANYRESHEX, @ANYRES64])
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @rand_addr=0x64010100}, 0x10)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
ioctl$sock_ifreq(r4, 0x8943, &(0x7f0000000080)={'dummy0\x00', @ifru_ivalue})
shutdown(0xffffffffffffffff, 0x1)
fspick(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x1)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
socket$inet6(0xa, 0x5, 0x6)
sync()
r6 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_GINFO(r6, 0xc0f85403, 0x0)
close(0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)

7.955126791s ago: executing program 2 (id=8387):
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0xf, 0x0, 0x7fff8000}]})
r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000300)={{0x1, 0x1, 0x18, <r2=>r0, {0xee01, 0xffffffffffffffff}}, './file0\x00'})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000007c0)={'batadv0\x00', <r3=>0x0})
sendmsg$inet6(r2, &(0x7f0000000800)={&(0x7f0000000480)={0xa, 0x4e24, 0x8000, @local, 0x2}, 0x1c, &(0x7f00000006c0)=[{&(0x7f0000000640)="c9c59e6712f9caa1ef0232f298fa18228fbad10390c1c8a75b69ff281d3009fef67b45548d5a35554a053ebff3ec3e7afa1b05efd2d0ca6b21f9f5234a5cced22eaa1fd9ee05c2c4177fbf5a9d2edf", 0x4f}, {&(0x7f0000000900)="2bc6555380752e35ae5f6a3beb33178a8d4319027266798da626c66401848523493688f34b3c651710dc8abc7c6bf1c97c5aec68adc95afa598618ecd834732f33076278215a00acdfeec6a5dae50305cbb5e2db9754892dbdf330f158318318dbfaa0b6735bd1336dcce199f22cdb", 0x6f}, {&(0x7f0000000a00)="b31281dbef1a2e5cda5fcdc816db952461b388042ac341ae1f0802b7730d8305dce70273b925c9aed4ce7e3c0497af8473f2ec835b786f5a1879e5ebff482feb11faa182d6ab56da92ae21e82f1105f182bf0c6f64f2c56fd0d395adfa5d4a136ba9633c97a14b0dc95081a9e335ed8998d228b4d731a6fb3512ffa9873583b8c52cecfa2106f6cb9b6ace19fb9dfe90821d78ee9fb0484e7290f5d05b00f3984403096479e9c02af9ccb53abaf19ce9cace7cc863ac956f746fac35676b7906f86390ef4e", 0xc5}], 0x3, &(0x7f0000000b00)=ANY=[@ANYBLOB="1400000000000000290000004304000054f0ffff0000000024000000000000fe8000000000000000000000000000bb000000000000000000", @ANYRES32=r3, @ANYBLOB="0000000014000000000000002900000043000000ff00000000000000"], 0x58}, 0x20000080)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r1, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="02000000040000000400000009"], 0x50)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0d00000006000000040000000100000000000000", @ANYRES32=r4, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000000019b33a56a77cc579a940b7b52e3d6254b8009b0aaaace79ad66dac755e6eea642ce156713f591417b69b8f17a5ae3813ebc34871577eaeead3fa"], 0x50)
close(r4)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="4000000010"], 0x40}, 0x1, 0x0, 0x0, 0x4040080}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021100011800c000100636f756e746572009c0000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000700003806c000080080003400000000260000b80440001800c000100636f756e746572"], 0x130}, 0x1, 0x0, 0x0, 0x8000}, 0x8880)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000000)='sys_enter\x00'}, 0x18)
lsm_set_self_attr(0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x47, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
acct(&(0x7f00000121c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, 0x0, 0x20050800)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r5}, 0x0, &(0x7f0000000880)=r4}, 0x20)
ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, &(0x7f0000000240)={0x0, 0x0, 0xfffc, 0x360}, 0x8, 0x9, 0x80, 0x0, 0x0, 0x101, 0x0})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x8031, 0xffffffffffffffff, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

6.514303204s ago: executing program 0 (id=8389):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
rt_sigpending(0x0, 0x0)
dup(r0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
request_key(&(0x7f0000000040)='user\x00', 0x0, &(0x7f0000000140)='\\\\@[*#)\x00', 0xfffffffffffffffe)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xeb48195b69e85694, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_calipso(0x0, r1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00'}, 0x10)
r2 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r2, &(0x7f00000032c0), 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000780), 0x4)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000006c0)}, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0900000001000000e27f0000010000"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000740), 0x80000002, r3}, 0x38)

6.494483559s ago: executing program 7 (id=8390):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000e40), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000001080)={0x0}}, 0x0)

5.928345127s ago: executing program 8 (id=8391):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1d9)
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000300), 0x382, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f00000002c0), 0x401, &(0x7f00000006c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = dup(r2)
write$UHID_INPUT(r3, &(0x7f0000004000)={0xf, {"a2e3ad21ed0d09f90750090987f70906d038e7ff7fc6e5539b0d3d0e8b089b39326d63060890e0878f0e1ac6e7049b334a959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070b07580936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383701d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b6080000007a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb06ffc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb15da202d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0xfffffffffffffe59}}, 0xfa)

5.765336444s ago: executing program 7 (id=8392):
bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000840)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r0}, 0x10)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000280)={'gre0\x00', &(0x7f0000000100)={'syztnl2\x00', 0x0, 0x2810, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x7, 0x2f, 0x0, @empty, @multicast1}}}})

5.605666894s ago: executing program 9 (id=8393):
r0 = epoll_create1(0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
epoll_pwait2(r0, &(0x7f0000000080)=[{}], 0x1, &(0x7f0000000100)={0x0, 0x989680}, 0x0, 0x0)

5.384337718s ago: executing program 8 (id=8394):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000002c0)='kfree\x00', r1}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c000280050001000000000008"], 0x64}}, 0x0)

5.089648091s ago: executing program 7 (id=8395):
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0xe, 0x16, &(0x7f0000000e00)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x8}, 0x94)
socket$inet6_tcp(0xa, 0x1, 0x0)
io_setup(0x4082, &(0x7f0000000380)=<r0=>0x0)
syz_io_uring_setup(0x100293f, &(0x7f0000001400)={0x0, 0x2000004, 0x10, 0xfffffffc}, &(0x7f0000000080), &(0x7f00000014c0))
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_VENDOR(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="dfbf00000000000000006700000008000300", @ANYRES32=r3, @ANYBLOB="0800c300741300000800c4"], 0x30}, 0x1, 0x0, 0x0, 0x240408c3}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x4, &(0x7f0000000680)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7}, [@alu={0x7, 0x0, 0xc, 0x7, 0x0, 0x20, 0x19}]}, &(0x7f00000000c0)='GPL\x00', 0x5, 0x21, &(0x7f0000000300)=""/33, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
r5 = socket(0x10, 0x803, 0x0)
keyctl$KEYCTL_PKEY_ENCRYPT(0x19, &(0x7f0000000000), &(0x7f0000000180)={'enc=', 'oaep', ' hash=', {'sha512-arm64\x00'}}, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_MSG_GETSETELEM(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="700200000d0a010800000000000000000a0000010900020073797a31000000000900010073797a31000000004402038040020080080003400000000234020180100002800900020073797a3200000000240002800800034000000001080003400000000308000180fffffffc080003400000000429000100"], 0x270}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14)
bind$can_raw(r5, &(0x7f00000000c0), 0x10)
io_pgetevents(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r7}, 0x10)
unshare(0x22020600)
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
r8 = socket$inet(0x2, 0x2, 0x1)
sendmsg$inet(r8, &(0x7f0000000600)={&(0x7f0000000040)={0x2, 0x2400, @rand_addr=0x64010101}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000240)="1e217b53eb21", 0x6}], 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000007000000810b040a0101027f00000100000000001c000000000000000000000008"], 0x40}, 0x20000040)

4.846495307s ago: executing program 9 (id=8396):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1e, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="070000000400000008"], 0x50)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x2, 0xa, 0x0, 0x0, 0x2}, 0x10}}, 0x0)

4.790975722s ago: executing program 0 (id=8397):
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
pidfd_send_signal(0xffffffffffffffff, 0x2, 0x0, 0x0)
r0 = socket$kcm(0x2b, 0x1, 0x0)
close(r0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000540)=ANY=[@ANYRES32=r3, @ANYRES32=r2, @ANYBLOB='\a'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r3, &(0x7f0000000240), &(0x7f0000000140)=@tcp6=r1}, 0x20)
sendmmsg$inet6(r1, &(0x7f0000008c00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000180)='P', 0x1}], 0x1}}], 0x1, 0x20004810)
close(r0)
r4 = socket$igmp6(0xa, 0x3, 0x2)
sendmsg$inet6(r4, &(0x7f0000000640)={&(0x7f0000000340)={0xa, 0x4e21, 0x6, @dev={0xfe, 0x80, '\x00', 0x15}}, 0x1c, &(0x7f0000000500)=[{&(0x7f00000003c0)="c24dd8f346fab6a104967e7ab68da3d07287b049d9f6c0042af38f29683c640631f777523f17502ffda23d8a987c3c37b826406fca3a19e78141a74dc63d9299a2c7f5ebe53d912ee3393aba7c30f36792040a41ba516ad99b1f57aa6deeb929c0cd1eb7f0b1204c4e90361dad8611d015f027207b0428f1b0770381c4a2b40b1083886bdb44f308cdf9004917e2c82769f9b31f185edf05e6003da283f2338ec51bd40bcc2a3be484ff3488a3b101f0d60c1974ebd6fbde2c0ac8bc58fa8e896c30b98f", 0xc4}, {&(0x7f0000000580)="1e43e787c45ccf02b98e80dcba44f5bca1dc53b3907866367f966232a1ffdfc1abe175a58c8904b43972a0fda5c39de851188d97eddfa5ebfd963d03a007c125c333a6526a76ff0c0f52736f26249317952d9f3f7138e4dd92576f1103467b0ab8ad414393c578a43009f40886c4e9127db6e7acd38647ef9df9a794bf28a9072a36b6bbc0e3be28e4c1aeda79e9d2ad8e432c867223cb0f8b49ac0f79636113b7582e8f5f6acbc3d65564eac007f2139fad5a2133c989ca06", 0xb9}, {&(0x7f0000000740)="040ff50005c48b78c252c453ad424db0c7f8a90d5558f5230a5a687e0b78c4e6ffa5ed198a109548bc31094272829441a8ab650e684ec1feda771648e9633be4748c65945530fdcf4e8b407715f7f63eddfcf866593fca58ab116a7ae04decf3c0", 0x61}], 0x3, &(0x7f0000001b00)=[@rthdrdstopts={{0x140, 0x29, 0x37, {0x2e, 0x24, '\x00', [@enc_lim={0x4, 0x1, 0x7}, @ra={0x5, 0x2, 0xfff7}, @pad1, @pad1, @jumbo={0xc2, 0x4, 0x9}, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @pad1, @ra={0x5, 0x2, 0x8000}, @calipso={0x7, 0x18, {0x2, 0x4, 0x8, 0x7, [0x100000000, 0x4]}}, @generic={0x7, 0xe4, "5ef6743838960489d8f08e93b0a03b4ed0110f8206a15110c6b4a96840b5abeb320340a14b3259cbb15df885dfab6189e75dda8a5b6078b45744cd337e94f03f4b879880611922f00133533f13708eda92e3da000c0c1f14420e5702439052dc6447cf2bfcbda9c7eb314b3b3d45366414e97039d7faa36ebb81589ce75a2216a0f7f86f686046ef59e3f38e8bd9b915a5d76ef10f28f21c313f1922f4b2bf3e67f19eb292facdb1333e909f1f761cc8df6afeb8f7b649caa5533db7e10f3a361475b4435e74bcd8d154bef0b40078a011d55ea0c1c7b48b34a0506333df22de58f3f124"}]}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x90bf}}, @hopopts_2292={{0x1b8, 0x29, 0x36, {0x1, 0x34, '\x00', [@jumbo={0xc2, 0x4, 0xe5f}, @calipso={0x7, 0x38, {0x3, 0xc, 0x1, 0x1, [0x3ff, 0xc, 0x8d6, 0x8, 0x101, 0x8]}}, @pad1, @enc_lim, @generic={0x6, 0x6c, "6b5eb719b9a8342b8fa8619c8f6b5579ba1cd046f5d15944ed8ed5494759c330455929764a6ed90ce50aa8c000b2f9389f52a4a0bf7599944fe7db11d3a822b82f39f24a16b45b7f4e772555ad635f37c4ec7e28ea729a992b98ee364d6558ad4998ad4c3a9d4334f5f2c362"}, @pad1, @ra={0x5, 0x2, 0x9}, @generic={0x3, 0xe3, "8f311d017afe3af23224829a302cfecc0c856a949e187a7e3fdf6926c5feca4e924493af5ce4d81b3bdbc7ebc08e2529419d20561751a3048bbd3bc77e1ad9e3ec12edc4c195d6a66c078fc3679eba2ddd8236cf4e9bf6cc29830982e017e37797bc74a9575ef05dc17bc0bd8013faba487025c0db633dddc453079907ccee14b3086c8e67a272073a30637a52648f551e543aab467ead499cd369aef5aebdaad529ce9332fb0188a985f6b5b73b62c60ddf4ce39b21d4edd91685bda91ef48dae6152c2c0ed49bae4556b60cc988f8927442c73d41628bfd1f5783d43dd280280b526"}]}}}, @dstopts={{0xf8, 0x29, 0x37, {0x73, 0x1b, '\x00', [@ra={0x5, 0x2, 0xd}, @generic={0x9, 0xd8, "c1bdc877d517d0f3d06fd058a729caf824b7d37aee89c3eae04cdbe4ecab4a762f775be6af1a9c37a30728d8501f71166599017fc6bdf739b7f38b830940d867a71494dd9097fd16386a8f3c87566bc5f83d7c7a2f6fb98b76e7e09ff8ff2576c5e22357a2d29d732594cb0175a1d9adad39be409655cc27d50b794c7aac1ce112c1f361cf55729b7c0f25b0f57cb3a111a476e5f2fabe1311ef6de76b7a21618357a1a57a2d4e65a99a6825801f769b0707d50952afd97e6b715f15e6463403b465821e7fd7e0b1772e48fefcb73eeaf4ac82d097c3dc14"}]}}}, @hopopts={{0x158, 0x29, 0x36, {0x62, 0x27, '\x00', [@padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0x8}, @generic={0x1, 0xdf, "33cd42787a2aa3cdec3fc591eb0b9fd3d34cd715ce15209f74f60d60a913a09bb30a13222f96d55ce0bf91f4826909f7f9cd6bb79a5168c9d565d5bd886f9414269e948de3d3da34263ff1e50767609c3c9e9901d8349bab5fab2d861d4c38cca1ed24a24458c8d3835b60c87ccfaab07d37924696c7be6dee5348bc93e85b9d32f2589a477d5483a19ea9f88f29691aef20188d175f843e60a45f6b69bbd63153c858bcdaadb4f0f57fb3399c653d0198803e5e4c6cf4ffcbdeaa26ffb42f7c42218d68121b0944345b2ce7df6ab6c077eba01e1089b5213627703bdf1ab7"}, @jumbo={0xc2, 0x4, 0x9}, @calipso={0x7, 0x48, {0x2, 0x10, 0x90, 0x100, [0x5, 0x3, 0x1000, 0x3, 0x1c8, 0x0, 0xfffffffffffffffb, 0x6]}}]}}}, @hopopts={{0x138, 0x29, 0x36, {0xa8, 0x23, '\x00', [@calipso={0x7, 0x30, {0x1, 0xa, 0x82, 0x9, [0x3, 0x0, 0x7b0, 0x8, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @padn={0x1, 0xa, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @generic={0x6, 0xa6, "18687aafe16abb2ee0a3762bcf99d576d37a755c4a1a11b54831d833949878d507e7a921cff62e2c6e20d942b121677a898b0685b28e972641359a5c52f6edc41609bb6f6c51b73e4bed0cb81ec9d9ed936d5e787cdbc79b64b8565492069eac2ea2b8e6708c6abedbe1a780c0b2e1df58992499d9dd501f0bed5dfd7cb42c946390b9b7b873d6f258a4150d38484de4a015daa5a7b3e038845c98e9808add12467b5e6a6254"}, @padn={0x1, 0xa, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @hao={0xc9, 0x10, @mcast1}, @ra={0x5, 0x2, 0xeb3c}]}}}], 0x698}, 0x84)
socket$kcm(0x2, 0xa, 0x2)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r4, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00', {0x3}})
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2e, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000540)='kfree\x00', r5, 0x0, 0x6}, 0x18)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee104"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffffffffffff27}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)

4.592177767s ago: executing program 8 (id=8398):
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="120000000100000004"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3, 0x0, 0x1}, 0x18)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000480)={[{@errors_remount}, {@noload}, {@nogrpid}, {@usrquota}, {@noblock_validity}, {}, {@mblk_io_submit}, {@acl}, {@resgid}, {@sysvgroups}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@acl}, {@usrjquota}], [{@obj_type={'obj_type', 0x3d, '/'}}], 0x3d}, 0x1, 0x51f, &(0x7f00000007c0)="$eJzs3UFsI1cZAOB/HDvd7KZNChygEqXQouwK1k4a2kY9lCIhOFUCyn0JiRNFceIodtpNVEFWHDgiIQRInMqFCxInTkioEheOCKkSnEGAQAi2cEACdirb4+xuMk6yG8fOJt8nTea955n3v+doxn7jp5kALqxnIuLViLiTpum1iJjIygvZErudpbXde7ffWmgtSaTp6/9IIsnKunWlbY/FlWy3SxHxlS9GfD05GLexvbM6X6tVN7N8pbm2UWls71xfWZtfri5X12dnZ16ce2nuhbnpvvRzPCJe+fxfvv+dn3zhlV9++s0/3vjb1W8kWXns68cDKh72YqfrpfZ7ce8Omw8Z7CwqtnuYGcvbYuRAya1TbhMAAL19ICI+ERHXYiJGDv86CwAAADyC0s+Ox/+S7m93B4z2KAcAAAAeIYX2HNikUM7m+45HoVAuR3sO74ficqFWbzQ/tVTfWl/szJWdjFJhaaVWnc7mCk9GKWnlZ9rpu/nn9+VnI+LJiPjexFg7X16o1xaHffEDAAAALogr+8b//57ojP8BAACAc2Zy2A0AAAAATp3xPwAAAJx/xv8AAABwrn3ptddaS9p9/vXiG9tbq/U3ri9WG6vlta2F8kJ9c6O8XK8vt+/Zt3ZUfbV6feMzsb51s9KsNpqVxvbOjbX61nrzxsp9j8AGAAAABujJj73z+yQidl8eay8to8fb9ZibAWdVcS+VZOucw/oPT3TWfx5Qo4CBGBl2A4ChKQ67AcDQlIbdAGDokiNe7zl55zfZ+uP9bQ8AANB/Ux/J//3/6OuCu4UBNA84RQ5iALh42t/zjzuT15cFOFdKZgDChXfi3/+PlKYP1CAAAKDvxttLUihnl/fGo1AolyMebz8WoJQsrdSq0xHxRET8bqL0WCs/094zOXLMAAAAAAAAAAAAAAAAAAAAAAAAAAB0pGkSKQAAAHCuRRT+mvyqcy//qYnnxvdfHxhN/jMR2SNC3/zR6z+4Od9sbs60yv+5V978YVb+/DCuYAAAAMCFUHyQjbvj9O44HgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD66b3bby10l0HG/fvnImIyL34xLrXXl6IUEZf/lUTxnv2SiBjpQ/yx1p8P58VPWs3aC5kXf+ztk8ffvXVo/JjM3oW8+FdOHh4utHda559X846/QjzTXucff8WI+/IPq/f5L/bOfyM9jv/HjxnjqXd/VukZ/1bEU8X88083ftIj/rN5Ff782weKvvbVnZ1e8dO3I6ZyP3+S+2JVmmsblcb2zvWVtfnl6nJ1fXZ25sW5l+ZemJuuLK3Uqtnf3Bjf/egv7hzW/8s94k8e0f/ncuobzSn7/7s3b3+wkyzlxb/6bE78X/842+Jg/EL22ffJLN16faqb3u2k7/X0T3/79GH9X+zR/6P+/1d7VbrPtS9/60/H3BQAGIDG9s7qfK1W3TwbiZej7zW3RvhD79ejl/hveiaacbqJb/a1wjRN09YxdYJ6khjcm5Ac3tRhn5kAAIB+u/ulf9gtAQAAAAAAAAAAAAAAAAAAgItrEHca2x9zdy+V9OMW2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAffF+AAAA///0iOAC")
mremap(&(0x7f0000a99000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f0000ff8000/0x2000)=nil)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
unshare(0x60000480)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', r4, 0x0, 0xffffffffffffffff}, 0x18)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, 0x0, 0x8084)
sendmsg$NFT_BATCH(r5, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x20008000)
clock_getres(0x3, &(0x7f0000000300))

4.561048428s ago: executing program 6 (id=8399):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90)
r1 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000010100008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2c0000000d0a0103000000000000f7ff090000010900020073797a31000000000900010073797a31fc2db1caabe7123ccedbfc54319cb155005781640cd6"], 0x2c}, 0x1, 0x0, 0x0, 0x4000801}, 0x20008144)
ioctl$SG_GET_VERSION_NUM(r1, 0x2284, &(0x7f0000000080))
shutdown(r0, 0x1)

4.131909484s ago: executing program 9 (id=8400):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x8, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r1}, 0x18)
mlock2(&(0x7f0000ff6000/0x3000)=nil, 0x3000, 0x0)

4.114812389s ago: executing program 6 (id=8401):
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, 0x0, 0x0)
writev(r0, &(0x7f0000000400)=[{&(0x7f0000000280)="581a17919cc77431510e7fc4ed9fb860505f1495ff92f16a44f8a13d58751d926def1f80b315bdc726cdd8b5d1a91f485854af8fc854b0da7a02522fe7b2c21db7a46c48473099d4a4654cfd97a67c9e79afc0d444e6c78b0216d2201b128df9d4ed5b4dbe676fe56a6354f819d997a6acb8595633cff6f77473b2b3abcc65b51cb3d3a30bf9b0b2ce59d568d3a89b49331904da2a37c89ea236f5d5640c32c3ac74e4bde1a62c560cb63836552f881c8a8305d2a13d838a5160a6c06c63decc865a92e9539f3513af3a1e6f78608890f912f087214dac06387a94d5e1b31c35be117ee540dc4560aa500269b81a0bbc", 0xf0}, {&(0x7f0000000100)="1d4ac370cf8c47025bd7a6566c8bd20f39915734b4a24e9b596dfcd1abdb72276d5f80b1d38cedd7d704de6ec72fa6861cd700b4f8c0f594861c0296", 0x3c}, {&(0x7f0000000380)="88e584aac45d6d83e6c2e7857149eb55d2c259a747dbdfc0787e87150d7e40953e657417f2c201284dd4714eb1aeeb70c4294fb9be03e73d06a9", 0x3a}, {&(0x7f0000000500)="83c0b58e5bcffe6c14ab199d81f63d9e77512d040c3f3a7b41a3a1ed6cf40450443e4e377139b523eb3dd725f87a1ed946e28c6b19e1fc6ea21fe2eef736ec85289f34830b89c7169369862871b9608f2e976924a41f64f236a395563ddb3b994b4d9cf9f465dea2adad06013851713e9d30f195383be99db35611dd11a69721e423fcf5904c2af8ca4b1774bc6438d1c6218a2ada56c8b5b289274c2d116ecd4aafbd01536f931c84ec7f95ce8c6d118d1dec3bfa645c3e72018e9c154a80fd84b6e0233520ee1dc56ec62472820000000000000000", 0xd6}, {&(0x7f0000004480)}, {&(0x7f00000001c0)="aba1501aab68c98b25f2a20fd588ccbb9eb6a11a63c2af70c8d13d17203fcea6070b6cef7d3590e1fdb152e02a93faa1d6dbdc5521f78e31514c75451251", 0x3e}, {&(0x7f0000001040)="65f1fb1a78c7208104e561957164c4cb38edf4d2681ed8a273aa1547cd372536a9941f061d40bd54b2ef467436d8d884ed28cf2ec696717ca21ca217d08653731e88443af8825c7121b5f5d5968b532d3b43888304e84a036af507c157155a19fea0483cdf210968fcaa2f7019c677e6015d365fef54f858d3d6982bed510a0cefef18c7aaf9e7b1faa23648b6edb22fde5eb84afd46282fd14358571d6071c2bbeef0eae77a3bffeff9012aa34644428fabce65f24b3ebba184f5d4cf769d982c378b03f4213d1f9d3183a7da412096663d49c592bb0778794791e02e4daf3fbee0720565ada5af7c3a1f121813ac14ba54e84b4a187271118008fd43b6a7207b8c497a72a3efcf5a12cec484e78d1aece1fa44ae43be26b0ff866155caa94cff08d4546de2d060bd05803492738b8bd8aa075d5ddbb531f31b41266f56d9ef831de3fef1a971ebe3e44f1482d6c34ec2f9ba73d038f1db97c71364aaf66dd41bc93dd55a15e0dd16fb4f03b1adb819b28400cd4afc2377551e9a83485c7293f4fed30b0b5475cf1dd3eae3b6e3be8fc2ab4ea381f3c2ab8af2329292e363e288c2b2c4a4992e6d73f9763e933401163562bfebbf5c1e0a2a0540f2786e24f9d4b94d3d7912f844ca63ae2155161c806cf2901430d0759f1f7a3cbdb14922fde81f0684c58560a1bab9e44d72a2234bc2d02be1d47990911f0e094f854f012792c3208e39c4941ad0ed50f83b298b4bd64a972ae1c2f3db355a80df032f89de359849c4d0d43560368587531cf4804b6663cb83c536b40e78de444edb997ef87a55e0983e5b8d07111eae3bc74532b545a515722f42f5e630f636f7582eda2940be14323bf0b9f5c1f95c85c96fc1a5c20f9ba5f332b853872b431d3bd7e362add18b1e0d0851d5669c92d15b21e05fbcc32d99a17cd018ecbfeabb6a0a56dd1706e64726de65e4617fc8c91ee6109e261046b6adef9c98637bbbce54ee4effb77d9f9e0cc9c41bb55a7659b8ef5526560b183c92726acb1a628f9c725f220b7084b93a0e1782704155c3f3aa6479015ba06903caeeb432e4131002ade465de39b3bb125c10787f8a2038ad95c99191d2612913da7880369ec5c2206ed9c2b782624d8b4c1ee1910db9015b2124c6ef1b7f5ddb7fd74cafa8c866b5a1cc343f2bd86930316be5304898f05c6287ae384d63a02bb1b1cd9e871a1bf2f16f66ae418e1f87151f1250f8febabadfe549c70a3b02c276f9176af5475ab24f73bbc1ae96640988c49375590860d590c663bc0cb52fe8f9c33944f1a8c301283510647da0c11e421268b4fd3bd46c912e5919d6d27ab77f17b9fdab75e373bf8bbb2c6763e5a0cc8dccb294b27f6d7c0c070084b84be99b30411a3950debeb62b834925291623900842889e0546458031eee5b7be283b2ed0c20c6374e856d70d4701c30d650e9df85b282c5a51a436affb9a41f89e7b6e7a1aa384cb12b11cbac3664a1f9ea325d2bc4b994de617368b592ea913767d5cc1be010c4a77b2a44421ae0f21032361e07907688c15d958c417f60f56ba3daac1fc043e52e775ac64af41fc6ef2daef45cb9d8cd813571c7dba3df9d8b9004a09fa47aa79debeea68c37e5f54ffd396ac5a4df07c9b77a6d0be21247a19293f3cd20b549e563b6f0fbede11ed4d6d4487ca4b639fe38b475bea56099212f16138f998aa33332c9b6c5799d7ea04b6a7390d7af608faade280317d3c0308d9d284e154ded7d0ba44606fb5d210d659f1ec06a8b7cb213adf978a3f0d52c3b7a060202e4889c1b150d60f06ec9d064e1994b4248b2b3d073de8ac6d1209c413fd3991bfa4e729a59384afb218e097ab453395d0fefb25cba071e11971625b31158f9ed7ae28e959775996cab3634e8494df310056cf3e21171e457d4f7925ce1216125d1a798ec3bdbea351aacb68164d2240872577ff7d3f3ef582a22581cc52707c6a624ff88230de353d9f4664051f2c9a0801abd4ffe2b058defebd2f7eabe25b021556313c43da0feaf98eaa4b94256c1aa444fbb9c31e480b41b218fe1f112652667e92d5faae092ce4291a28107388f19764ee1212e53461d4daad7bb0bfa302c251ba4a209d42e013a00c919d66fa3b5c3ead6081a81c7b6a02f9d01c2a31f7507acd496ff0fc07dfcf7105ca08151e691cf652dfa9f0e5d866548566d39260996f9ffd92f81414d0f7aa90a1caec25722454a5b29b85336a63ca33db864ecf20dcbadcf624bb07438786eb3957173dddf46e698b653f4e89dc9f7d5557eb94743f25152f5e20088bb588c2c76d3f3eb86c1dc572b859e44a4847d79068c6c55237281b3802a440a141c9a69f0fbc15b749662f0d890ddf5016c4c1c6de2da652785e7943045f68ff01e1915f24eac38f2b2f8a015bd11f41b3cb540c9029ab6c8bb9a71d7260447a338d0843eaaeb22b79d5ae52b4eb02059d2a64320bbb326a7523d97bd56394b5d4ae43270a0d937e5dc8601adfbf675a2dc94ccd6f724ed9b37a1d7040862e68b8703d57e7769497340514a45946069af2c0d23ec3a1bf529c4992bf3742c7d0dd1dfcbf734e8968941c817dc3755117d9d17d15831ecafd42df99052250584341bcbb1fe12e059a421699738064c859073f274c5a865fc79ea6be409a6c2beb8f2bb8110a7b77c0b24662fddccb321250c986fc582de426e112b04a216a71c5e2f38c0b2638c4c07702c98c1a1c16a3fd72de363de66a3ea1a3dd89a454c0429f9b59a0f8de8476909a75988981aee125cff3a77182043c1eefed48a4ac7bebaaca19774d174e236b09f9e513f4026afb00e078bf54110124fc068c88f28b4969a34a91cc13bcde3f750689d3b46152e5535926820d23eab09a0c3b2ac9b8f504785e713a891692d46c3e3cb84cc8e181b68f4e7d3adc122909ffc2ae852b2fb41ad145c6b5382440af5b77f39917a27d58cdbc627510da22de3d1fc0a389f1236a6ee30fbe7a09aba36041229dbb5a3c11d9e650d97e7f688b858a70884498ca0d0a2f6278ef7cbdf08668308045924014918ba46b15e75fafd95b12f09b2abce06a50e87e9f087b87c54cd055d5d58f15ce1259f559a17a54f9ee4821609e29e9ac364e7bc35fac0b2f43c8f2dd9de11cf1b18b8d52c39ca6cad3b8910d6469e79661e7b03a715ae461a5a189f7c332825b813e126a864b8742fb8a53964433a19fef34d50c5b685309909a6743a10e2a6928be7366353cb8b90be93bb4633477b27e10469d4f193a9b680d490b6cc05985ee9be6f6a24c7b8ab19cfcc6fb6e89fa79fc306556e8d75cb4adb18ac95a194cdc00f920ad48192a31db884eeb50c080d8caf6f46ea383f81cde27feb7bb7038de555d972e84c913a0c8500674ca7969c05ce470b2857c30dfd1762236599d4bced022ca8cc54fb0bdabf85022af3dd304d92dd3a904e12d9cd0630774fb39f6ee6eb37be2e8148ce79d299916924b34b0405f909bb814c77a52107b67dd513606bcae4262056b4bcab0f3de6cc89a2efb2c034d040afea4a69eeba45d2defe3ef8fcbd61c830b2e8310124ed9b7be8d81ba02d3e28915145c17a0f694b712d8ddd69f13adfe46ddaee45aaae23d67ca610642eaf7cfb150428c971dd933271e23001583bb3e078340158835b536dad0d206ea0962ab45619da69f67c1fb4f02bace0d328952ee64e4a738faf46ca4ab19f0bdd75f234ea3fde63dda343faae703e5ede0a509b0bf23e6971c023019e172686bef6c9ac205cbec9032872a5ac8e7fa39f799bc853edf65fca5d7512ae2118309460b3b21c7a456c29acd7b7cf9367aea08f6874101ed405a542bdf6a1c05ace9bd27854856af855984d5286b31858abfdff8273e9f370296a94674e880987fac2aff528bd37c4af5851f805926d26642eaadb4e35ab6973a15603e973fcc6d2fd451a34857ffd8e6e8ddee86d1e77714a44e3683035c7e783e207d644926589afec0b82e89a6a0c1f78cfe2e1956ee5906869d9a8408d49afb87c1c98906d43b86dd9fa0ad24c90c4c6737915c0ee5717055e9ee40ebf13ce49b639b3e3790db699add5c7ffe4ceada091fd5cc698d57f21317dc598d399ba00eabf128f749823cfadfa418cc6df104dd5bb5087d595e0e3be72573a2c8b28ba11124d3c418608fe070183aec90f0c600f19e07e30aa3b68f256553a22ca5aeeb8efb55c32c6f59ab7a805de0143f11109b17487262441741f099e91e008bcd4e4f922b8e6afa726575581d70ae25cd02e3bfb651ba4a38f04f03487e749a18355c545d00ff3aebee8fe1802a199eae119a3486ae7fe811bc66302ff42871fc7a282336124708b05c63fefd556df9df1c71b46b06d49afc032c04f83a997f2dbf262d2a465a3c5e1185424123f478f72976a5b819d1aa570ae9ce23be3717e60326c4131711b953fa6bfd4a588be7d09bad3b7815d6a48867e1ba0a6359f6cc1871ea37d3ac774ec2c4671ee6255774d336ca15290dcd3e7b0163e42d55a2a63bb72c880f6763c1ba8048c21941307487f013dfa2d24ae9e1cfd5fde1258be432a49db8f8a0e202d9ddc96339df06d9ed9575ff3ab10d14625b3aa34478304242297d8ab0de52b1b203f565d6ae3213f7a9177926c862942feab437836d53fd1f2dc6d13a5a0155741216a79f410f6893b2568bd8eb0831723090cec1856eca8e7bb73933973c0f9704bddfb54dac4725e55aa9c1d12601d79a033500ec16405405f24ceab2ff9a4f8f0080422f1f9eae194dff918845e912f4dff8d85d09d935c1b6712548a5fcfb5240cdfca41ff5d489f7ac8a2bb608897d6e5ac9d0ca084efff661d0afd46441966b61ab245182cb478a41262cb3fdec5c4970f38021de369dc0d0e96593aadd1bae87ad39a109ddcd133a6d80d8b8aaa8c134b35626cbd7232f4a6f7d3be5c73d4ed349cb009403087106454f93f51ab637569dd4801485dfbe6c49bdee07f406740611357c0e9df832fae30fec8e98d777982d893ad3251c7cdc92865742054824a1c8733354efbd34a9dcdd11907bd965b9d344f0faf68f071ab84744b3abf38e71e200977e65a5c4299c78ae7e0030eedbdf401afb97b711e913bb448b7630b873e426b9182414bb440734ebefea52d87ff5dc4755fa03774dffcc733478f3750a11760b1b73694764f10e5961622c8235f56ea1991ef8c009f393db126b877ac4c7c2b0e67a026afd366bacd891458ea5fb2a5211a9f871d09b638bc4832e9d6c656b784a54db56d9a294bc9d94ab3f6cbfc520a42fa2e02a4c27d4d223a8f21ac09b27c179139b44201306a3c68247b12d40971806ed4044b3bd9e55ba82d41d7bf449534b50f4e77a16fb6a0857eba15cb3dcb7c5ca80416247d0a60fe19990da5efdc2c438fb1fafdc703912da4505c6535866f88c752d49bee0eb6e443d9e98da1ede906b8e42ccc55ca60fe596d2e91342d9a8e3307508ee296181f695c48a125412a4af3138b1755073762a683be13823d945eae5f59f088a5f0201fa77c00545db07518e4f3807fde66409c2368f804099962ba37afc2e1ef066200b3783a1b6c67f78a181da1994b3ad6ebd7bb1dd0304eb6c4f55b03506fb6791c6d0d41bc8002af6f70359e04c9db9622776c96e44ad", 0xfa0}], 0x7)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0xdc, &(0x7f0000000200), 0x1, 0x46f, &(0x7f00000008c0)="$eJzs3M9vFFUcAPDvbFsQEFsM/uCHUkUj0djSgsrBAxhNPGhiogc81rYQpFBDayKESDUGj4ZEozfj0cS/wJNejHoy8ap3Q0IMF5DTmNmdYbfL/ujShW3ZzyeZ9L2ZN33v25nXfW9epwH0rdGI+Cwi7o+IvyJiOCKS+gKjlS/Xr56f/u/q+ekk0vTtf5NyuWtXz08XRYvzthSZpUp+V4N6F86eOzk1Nzd7Js+PL576YHzh7LnnT5yaOj57fPb05KFDBw9MvPTi5AsriGKgbYmsTdd2fjy/e8fr7156c/ropfd++yHJw4u6OLpktNXBp7tcWa9trUkngz1sCB3Jek52uYbK/X84BqJ68YbjtU972jjgjkrTNN3Y/PBSCtzDklhxyTvbEOAuKz7os/lvsd2loceacOVIZQKUxX093ypHBqOUlxmqm992UzbbOrp049tsizvzHAIAYJmfjlS+3jr+K8XDNeUO52tDIxGxrWZxY3tEPBRRLvtIRDzaYf31iyS3jn9Klzv8lh3Jxn8v52tby8d/xegvRgby3NZy/EPJsRNzs/sj4oGI2BdDG7P8RIs6fn71zy+aHRutGf9lW1Z/MRbM23F5sO4B3czU4tRqYq515ZOInYON4k9urgQkEbEjInbuqTlxw8rrOPHs97ubHWsffwtdWGdKv4t4pnL9l6Iu/kLSen1y/L6Ym90/XtwVt/r9j4tvNau/0/i3fVOds3VDdv03N7z/b8Y/kg7UrNcudF7Hxb8/bzqnud37f0PyTjld3IYfTS0unpmI2JC8ke8/XN0/WT23yBfls/j37W3c/x+M6k9iV0RkN/FjEfF4ROzJ2/5ERDwZEXtbxP/rK0+9v2zHjerke1X3fxdk8c+0uf5J7Xr9bSQGTv7y47JKR6rJlV3/g+XUvnxP+fff163jWmkDV/8TBAAAgLWvVP7b/6Q0djNdKo2NVf5efntsLs3NLyw+d2z+w9MzlXcERmKoVDzpGq55HjqRT+uL/GRd/kD+3PjLgU3l/Nj0/NxMr4OHPrelSf/P/NP+tRpgvfO+FvQv/R/6l/4P/Uv/h77V6P3/Te3KpB4Owj2h0ef/hR60A7j7jP+hf3Xa/yuTgxb/NgxYN3z+Q//S/6Evrea9/lUmin8/2LBMsf7Qi4a1TaRpuzKDrU6/0DjkdZaI0ppoRpcSX62NZqyhRG9/LwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTL/wEAAP//lrDxFg==")
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
syz_io_uring_setup(0x593, &(0x7f0000000400)={0x0, 0xc458, 0x80, 0x3, 0xb8}, &(0x7f0000000300), &(0x7f0000000a40))
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)
read(r1, 0x0, 0x0)

3.260902453s ago: executing program 0 (id=8402):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff0000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
r2 = syz_open_dev$usbfs(&(0x7f0000000080), 0xf, 0x8041)
ioctl$USBDEVFS_ALLOC_STREAMS(r2, 0x8008551c, &(0x7f0000000000)={0x184a, 0x1, [{0x1, 0x1}]})

3.080419827s ago: executing program 2 (id=8403):
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x80, 0x1, 0x28}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x6, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x72, 0x11cfa, 0x5, 0x5, 0x3, 0x4, 0x1, 0x0, 0x7cce8c743ee810dc})
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
read(r0, &(0x7f0000000840)=""/40, 0x28)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r1, 0x40505330, &(0x7f0000000bc0)={0x800100, 0x0, 0x0, 0x724f, 0x400, 0x55a})

2.861946644s ago: executing program 9 (id=8404):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b00)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x38, 0x1403, 0x1, 0x70bd29, 0x25dfdbff, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth0_to_bridge\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8081}, 0x20000010)

2.784518264s ago: executing program 0 (id=8405):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={0x0}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
syz_emit_ethernet(0x9a, &(0x7f0000000540)=ANY=[@ANYBLOB="0180c2000000ffffffffffff86dd6000008000641100fe80000000f0ffffffffffffff0000bbff02000000000000000000000000000100004e22004d907802000000"], 0x0)

2.678747856s ago: executing program 2 (id=8406):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x28107dd, &(0x7f0000000480)={[{@data_writeback}, {@noblock_validity}, {@min_batch_time={'min_batch_time', 0x3d, 0x5}}, {@errors_remount}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x5}, 0x0}, {@noauto_da_alloc}, {@nogrpid}, {@nobarrier}, {@mblk_io_submit}, {@delalloc}, {@test_dummy_encryption}, {@nolazytime}, {@journal_dev={'journal_dev', 0x3d, 0xfffffffffffffff7}}, {@norecovery}, {@nobarrier}, {@quota}, {@resgid={'resgid', 0x3d, 0xee00}}], [{@smackfsroot={'smackfsroot', 0x3d, 'usrjquota='}}, {@uid_lt={'uid<', 0xee01}}], 0x2c}, 0x2, 0x4f8, &(0x7f0000000700)="$eJzs3EtvVGUfAPD/mbaUvtC3fXm9cVFG0dhopLRcFy6AaMLGxERjcFnbQpAChtYESCPFGEhcaPgEXnYmfgJXujFqXGjcStwaE2K6AV2YY87MmTrt6fTGtGPp75fM8JzbPM//nPMwz2VOA9iwytlbErE1In6OiJ7q4uwdytV/7k5PDv8xPTmcRJq+8ntS2e/O9ORwbdfacVvyhb5SROm9JHYWs+0cv3zl7NDY2OjFfEX/RClPnRs6PXp69PzgkSMH9ncdPjR4sClxZmW6s+OdC7u2n3j95kvDJ2++8e3nWXnTfHt9HFW9lfdNS86hrbCmHOXZ57LOU0sv+rrQXZdO2rP3UusKw5Jld212uToq9b8n2ipLVT3x4rstLRywqtI0TTsLa2e+y6bSeklSPSBNr6XAfSCJVpcAaI3aF/2d6aynOjlc7Aff324fi0oPKIv7bv6qbmmv9GDLvdW+Uccq5f9ARJyc+vOj7BXzjkMAADTXl8cibhyvtjtqr+qWUjxUt99/87mh3oj4X0Rsi4j/5+2XByMq+z4cEY/UHdO9hFmA8pzlYvvnx648Ud9cbZqs/fd8Prc1u/03U/LetnypuxJ/R3LqzNjovvyc9EVHZ7Y8UPzomWG1r1746cNG+Zfr2n/ZK8u/1hbMy/Fb+5wBupGhiaF7jbvm9rXKib1ajD+J9qSWitgeETtW8PnZOTvzzGe7Gm2fFX8WZyH+Dxp/ePsKCjRH+knE09XrPxVz4o98/i+pzE+ee6t//PKV587Uz08OHD40eLB/c4yN7uuv3RVF3/1w/eU8WehGLHD9a1VjVSfSsuv/n3nv/5mZy94sNTNfO778PK7futGwT7PS+39T8molXZufvTQ0MXFxIGJTMlVcP/jPsZeGumbtn8Xft2f++r8t4q+P8+N2RkR2Ez8aEY9FxO687I9HxBMRsWeB+L85/uSbjbqQi8e/urL4R5Z1/Rsljn4fMf+mtrNff1HI+P1yIf6OaHT9D1RSffmakaGJzYvFtVBJ6xP3fAIBAABgHdgdEVsjKe3NB5q2Rqm0d2/ElpkRlPGJZ09dePv8SPUZgd7oKNVGunrqxkMH8rHhbDk7arBuOdu+vzJunKZp2pUtZ/33se7Whg4b3pYG9T/za/GRFuB+s6x5tEZPtAHr0tz6f2vJRzb/BxnA2mrC72iAdUr9h41ryfV/tZ6CA1pmvvp/NeJuC4oCrLH56v9rhTVH16QswNrS/4eNa+X1348BYL3z/Q8b0pIekl9BYtuJBfZJ2lcn08aJUiz8VwB6I2pram2ahT/wl1JEc0rY1tRIu2Zd09K8+2yOZuQVpUX3aV/GH2JY20Tp31GMaqIzIha5e2dutqu1xJXVLlilEnza2v+dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7t3fAQAA///tUdPr")
r0 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)

2.640463248s ago: executing program 7 (id=8407):
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
write$UHID_CREATE2(r1, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100"/257], 0x119)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x81)
ioctl$HIDIOCSFEATURE(r2, 0xc0404806, &(0x7f0000000040))
ioctl$HIDIOCSFEATURE(r2, 0xc0404806, &(0x7f0000000440))
close_range(r0, 0xffffffffffffffff, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000001d00)=@newtaction={0x10f8, 0x30, 0x12f, 0x0, 0x0, {}, [{0x10e4, 0x1, [@m_police={0x10e0, 0x1, 0x0, 0x0, {{0xb}, {0x10b4, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0xfffffffe, 0xb84, 0x3, 0x5, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x100, 0x0, 0x0, 0xc74, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x100, 0x5, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x100, 0x0, 0x7, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffff002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffff, 0x0, 0x200, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0xfffffffc, 0x6, 0x0, 0x0, 0x0, 0xf, 0xf, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x1, 0x5, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0xfffffffc, 0x1]}, @TCA_POLICE_RATE64={0xc, 0x8, 0x16}, @TCA_POLICE_RESULT={0x8, 0x5, 0xa}, @TCA_POLICE_TBF={0x3c, 0x1, {0xdc, 0x10000000, 0x7fffffff, 0x5, 0xfffffffd, {0x6, 0x2, 0x1, 0x401, 0x1, 0xc}, {0x9a, 0x0, 0x40, 0x5, 0x400}, 0x5, 0x0, 0x81}}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0xe8d0, 0x101, 0x8, 0x200, 0x3, 0x7f, 0x3, 0xffffffff, 0x3, 0x80000001, 0x8000000b, 0x1, 0xfffff0c2, 0x7, 0xa042, 0xfffffc21, 0xffff7fff, 0x4, 0x4, 0x400, 0x8, 0x7, 0x5d3b2fc3, 0x87f, 0x7ff, 0x5, 0x5, 0x2, 0x1, 0xa0, 0xb, 0xf14, 0x2, 0x7f, 0x7, 0x1, 0x1, 0x5, 0x1, 0x9, 0x4, 0x1, 0x8, 0x7, 0x8, 0x40000000, 0x5, 0x0, 0x40, 0x1, 0x5, 0x1, 0x9, 0x1ff, 0x0, 0x9, 0x426, 0x6, 0x7fff, 0xffffffff, 0x3a, 0x5, 0x9, 0x3feb, 0x0, 0x5, 0xeb5, 0x1ff, 0x5, 0x8, 0x0, 0x0, 0x7, 0x4, 0x2597, 0x9, 0x7, 0x4, 0xb8, 0xcb, 0xf, 0x0, 0x2, 0x4, 0x0, 0x27d, 0xc2c, 0x6, 0x1, 0x6, 0x4, 0x0, 0x8, 0x9, 0x10001, 0x3, 0x6, 0x2, 0xc, 0x6, 0x9, 0x3, 0x1c1, 0x3, 0x9, 0x4, 0x3, 0xfffffffa, 0x6, 0x4, 0xa21, 0xffff, 0x3ff, 0x0, 0x8, 0x355a, 0x1, 0x6, 0xffffff60, 0xee, 0x1000, 0x6, 0xfffffffb, 0x2, 0x7, 0x0, 0x2, 0xe0, 0x7f, 0xea50, 0x5, 0x2, 0x1000, 0x8, 0x0, 0x8, 0x1000, 0x7, 0x5, 0xfffffffa, 0x200, 0x7ff, 0xfffffff9, 0xfffffffd, 0x6, 0x1000, 0x8, 0x7ff, 0x81, 0x401, 0xe, 0x0, 0x8, 0x5, 0xfff, 0x1f2, 0x24000, 0x7, 0x100, 0x5, 0x6, 0x7ff, 0x7, 0x1b, 0x3a03, 0x7, 0xffffffff, 0x2, 0x3, 0x5, 0x3, 0x171751e3, 0x5, 0x6, 0x54, 0xfffffffb, 0xfa7, 0x7, 0x60, 0x1, 0x10, 0xcc0b, 0xa, 0x62, 0x8, 0x120000, 0x8, 0x4, 0x1, 0x8001, 0xd, 0x5, 0x5, 0x5c, 0x4, 0x67bd, 0x3866, 0x9, 0xed1, 0x8, 0x5, 0x1, 0x2, 0x2, 0x2, 0x2, 0xb, 0x6, 0xb0c, 0x7, 0x5, 0x5c3b, 0x6, 0xb21, 0x40, 0x9, 0x3, 0x8, 0x3, 0x40000000, 0x2, 0x8, 0x4, 0xfff, 0x80000000, 0x5, 0x2b, 0x0, 0x3, 0x8, 0x9, 0x6, 0x400, 0x10e, 0x7, 0x101, 0x41a, 0x6, 0x7, 0x6, 0x0, 0x8, 0x6, 0x401, 0xfffffffe, 0xa, 0x0, 0x0, 0x1, 0xfffffff8, 0x9, 0xf87, 0x1, 0x9, 0x5, 0x9]}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x9}, @TCA_POLICE_RATE={0x404, 0x2, [0x400, 0x72aad88, 0x8ec3, 0x0, 0x1, 0x4, 0xfffffffe, 0x2000000, 0x1ff, 0xfbd, 0x1, 0xb, 0x7, 0x5, 0x7a, 0x4c7c, 0x2782, 0x2, 0x1, 0x1, 0xfffffff3, 0x1ff, 0x3, 0x0, 0xffff, 0x8, 0xfffffbff, 0x9, 0x0, 0x3, 0x8001, 0x6, 0x9, 0x580, 0x8b1, 0xc, 0x3, 0x717, 0x8, 0x4, 0x450a, 0x0, 0x2, 0x7, 0x5, 0x4, 0x3, 0x8000, 0x0, 0x5, 0x1, 0x7fffffff, 0x5, 0x793, 0x6, 0x4, 0xfffffffc, 0x9, 0x8, 0x9, 0x5, 0xd0, 0x0, 0x311, 0x23e8, 0xd6de, 0x9, 0x5, 0xc, 0x7, 0x18, 0xa, 0x1, 0x8, 0x1, 0x400, 0x3e, 0x1, 0xf, 0x81, 0x3, 0xfffffff7, 0x7, 0x4, 0xb6a5, 0x37a, 0x6, 0x9, 0x0, 0x80000000, 0xbd72, 0x6, 0x5184, 0x1, 0x30000000, 0x9, 0x526, 0x3, 0x6c18, 0x6, 0x5, 0x1, 0x7, 0x3, 0xe, 0x3, 0x9, 0x4c8a, 0x1000, 0x100000, 0x0, 0x3, 0x14a, 0x5, 0x56ad2c07, 0x7fffffff, 0x3ff, 0xfffffbff, 0x8, 0x6, 0x6, 0x6658, 0x10001, 0xe, 0x4, 0x1, 0x10000, 0xfffffbff, 0x200, 0x8, 0x0, 0x3ff, 0x8001, 0x5, 0x6, 0x8000, 0xffff, 0x0, 0x4c05390b, 0x9, 0x8000, 0x0, 0x3, 0x0, 0x2, 0x9, 0x9de, 0xfff, 0x0, 0x5, 0x80000001, 0x1000, 0x5, 0x1, 0x3, 0x7, 0x7, 0x3, 0x2, 0x1, 0x3, 0xff, 0xd3, 0x10000, 0x73, 0x1800000, 0x8, 0x0, 0x3, 0x2, 0x2, 0x0, 0x9, 0x6f32, 0xc, 0x7ff, 0x5, 0xc, 0x883, 0x8, 0xc, 0x4, 0x5, 0x0, 0x7, 0x4, 0x3ff, 0x1, 0x2, 0x8, 0x9, 0x2, 0x4, 0xfffffffd, 0x7, 0x8, 0x5e4a, 0x8, 0x9, 0x800, 0x6, 0x7, 0xffff, 0x8, 0x0, 0x8001, 0xde, 0xc, 0x8ef, 0xffffffff, 0x9, 0x81, 0x0, 0x3, 0x0, 0x3, 0x8001, 0x0, 0x7, 0x4, 0x9, 0x9, 0x6, 0x1, 0x0, 0xfffffff8, 0x1ff, 0x80000000, 0x71, 0x8, 0x4, 0x80000000, 0x1eea, 0x81, 0x200, 0x10000, 0x4, 0x7ff, 0x7, 0xfffffff8, 0xa, 0x81, 0x2, 0x7, 0x8, 0x5, 0x640, 0x7, 0x947, 0x7, 0x0, 0x5, 0x1, 0x6, 0x8, 0x7fffffff]}], [@TCA_POLICE_AVRATE={0x8, 0x4, 0xffffffff}], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0xe7c1, 0x9, 0x2, 0x5e9, 0x2, 0x36d, 0x2, 0x1, 0x101, 0x5, 0x5, 0x7ff, 0x7, 0x1, 0x0, 0x3, 0xc0a9, 0x7, 0x0, 0x10000, 0x7f, 0x8000, 0xfffffffd, 0x8, 0x4b8, 0x81d9, 0x3, 0x401, 0x81, 0x30f, 0x765, 0x369, 0x2, 0x6, 0x1ff, 0xe, 0x2, 0x7, 0xf, 0x3, 0x6, 0x8, 0xd, 0x3ff, 0x1, 0x30000, 0x24, 0x9, 0x2, 0x5c2c, 0x8, 0x4, 0x10, 0x0, 0x5, 0x100, 0x10001, 0x2, 0x400, 0x4, 0x400, 0x6e0f1d14, 0x2, 0x5, 0x5, 0xd90d, 0x3, 0x3, 0x2, 0xa, 0x4, 0x2, 0x4, 0x4fbe, 0x1, 0x4, 0x5, 0x7, 0xffff, 0x7, 0xa, 0x2, 0xaf8, 0x1, 0x3ff, 0x9, 0x10001, 0x5529, 0x9, 0x80, 0x7, 0xd, 0x5, 0x2, 0xffffffff, 0x6, 0x81, 0xdbb, 0xa1b, 0x2, 0x2, 0x2, 0x3, 0x101, 0x10, 0x3, 0x800, 0x80000000, 0x3, 0x5055, 0x3, 0x8, 0x4a47, 0x0, 0x6, 0x80000000, 0x7, 0xe, 0x100, 0x8001, 0x4, 0x8, 0x2, 0x8, 0x5, 0x6, 0x1, 0x3ff, 0x9, 0x7fffffff, 0x1, 0xfffffff7, 0x8, 0x3ff, 0xffffffff, 0x1, 0x4, 0x9, 0xff, 0x7ff, 0xc, 0x6, 0xfffffbf2, 0x80000000, 0xa, 0x8, 0x400, 0x1, 0x2, 0x1, 0xe, 0x4, 0x0, 0x8, 0x6, 0x3, 0xe8, 0x58d, 0x5, 0x6, 0x63, 0xfffffffd, 0x6fe55df5, 0x3, 0x8001, 0xf, 0x2, 0x1, 0x40, 0x7ff, 0x6, 0x4, 0x9, 0x5, 0x5, 0x3, 0xffff0001, 0x1d, 0x8, 0x0, 0x8, 0x3, 0x2, 0xb, 0xaf, 0x27ff, 0x100, 0x5, 0x25, 0x8e7e, 0x7fff, 0x3, 0x6, 0x5, 0x80000001, 0xe, 0xeaaf, 0x7, 0xb, 0x1, 0x7f, 0x4, 0x5, 0x1, 0xffff, 0x1, 0x6, 0x8, 0x3, 0x4, 0x100000cb, 0x7ae3, 0x7, 0x5, 0x0, 0xad980, 0x9, 0x6, 0x3, 0x5, 0x3, 0x7, 0x8, 0x3ff, 0x5, 0x1, 0x4, 0x1, 0x7, 0x4, 0x8, 0x3, 0x4, 0xc871, 0xff, 0x10000, 0x80, 0xffff, 0x401, 0xfffffffc, 0x1ff, 0x8, 0x7, 0xba, 0x8001, 0xd96f, 0x1, 0xa, 0x2, 0xfffffff8, 0x4, 0x9, 0x3, 0x8000, 0xb, 0xe]}, @TCA_POLICE_TBF={0x3c, 0x1, {0xffff, 0x0, 0x1, 0x9, 0x100, {0x4, 0x2, 0x7, 0x2, 0x8000, 0x3}, {0x8, 0x0, 0x7fff, 0x8, 0x1, 0x100}, 0x2, 0x10, 0xe723}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa, {0x1}}}}]}]}, 0x10f8}}, 0xc0)
getegid()
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)

2.376506329s ago: executing program 6 (id=8408):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0b00000005000000010001000900000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000022007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10)
msgrcv(0x0, 0x0, 0x0, 0x2, 0x3000)

2.227227613s ago: executing program 0 (id=8409):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
rt_sigpending(0x0, 0x0)
dup(r0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
request_key(&(0x7f0000000040)='user\x00', 0x0, &(0x7f0000000140)='\\\\@[*#)\x00', 0xfffffffffffffffe)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xeb48195b69e85694, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_calipso(0x0, r1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00'}, 0x10)
r2 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r2, &(0x7f00000032c0), 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000780), 0x4)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000006c0)}, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0900000001000000e27f0000010000"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000740), 0x80000002, r3}, 0x38)

2.225448076s ago: executing program 9 (id=8410):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000b00), 0x1, 0x55f, &(0x7f0000000580)="$eJzs3d9rU+cbAPDnpK2/v18riGxjjIIXczhT2+6Hg124y7HJhO3ehfZYpKmRJhXbCdOLebObIYMxJozdb/e7lP0D+yuETZAhZbvYTcZJT2q0SRNrtNF8PnDkfXNO+p4n73le35M3IQEMrYnsn0LEyxHxTRJxMCKSfN9o5Dsn1o9bu391NtuSqNc//StpHJfVm3+r+bz9eeWliPjtq4jjhc3tVldWF0rlcrqU1ydri5cmqyurJy4slubT+fTi9MzMqbdnpt97952+xfrG2X++/+T2h6e+Prr23S93D91M4nQcyPe1xvEErrVWJmIif03G4vQjB071obFBkuz0CbAtI3mej0U2BhyMkTzrgRfflxFRB4ZUIv9hSDXnAc17+z7dBz837n2wfgO0Of7R9fdGYk/j3mjfWvLQnVF2vzveh/azNn7989bNbIv+vQ8B0NW16xFxcnR08/iX5OPf9p3s4ZhH2zD+wbNzO5v/vNlu/lPYmP9Em/nP/ja5ux3d879wtw/NdJTN/95vO//dWLQaH8lr/2vM+caS8xfKaTa2/T8ijsXY7qy+1XrOqbU79U77Wud/2Za135wL5udxd3T3w8+ZK9VKTxJzq3vXI15pO/9NNvo/adP/2etxtsc2jqS3Xuu0r3v8T1f9p4jX2/b/gxWtZOv1ycnG9TDZvCo2+/vGkd87tb/T8Wf9v2/r+MeT1vXa6uO38eOef9NO+x6KP3q//nclnzXKu/LHrpRqtaWpiF3Jx5sfn37w3Ga9eXwW/7GjW49/7a7/vRHxeY/x3zj886s9xd+t/5/CImsW/9xj9f/jF+589MUP248/6/+3GqVj+SO9jH+9nuCTvHYAAAAAAAAwaAoRcSCSQnGjXCgUi+uf7zgc+wrlSrV2/Hxl+eJcNL4rOx5jheZK98GWz0NM5Z+HbdanH6nPRMShiPh2ZG+jXpytlOd2OngAAAAAAAAAAAAAAAAAAAAYEPs7fP8/88fITp8d8NT5yW8YXl3zvx+/9AQMJP//w/CS/zC85D8ML/kPw0v+w/CS/zC85D8ML/kPAAAAAAAAAAAAAAAAAAAAAAAAAAAAfXX2zJlsq6/dvzqb1ecurywvVC6fmEurC8XF5dnibGXpUnG+Upkvp8XZymK3v1euVC5NTcfylclaWq1NVldWzy1Wli/Wzl1YLM2n59KxZxIVAAAAAAAAAAAAAAAAAAAAPF+qK6sLpXI5XVJQ2FZhdDBOY3UhYiBO40Up7PTIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/BcAAP//8NI25Q==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x4042, 0x1db)
writev(r0, &(0x7f0000000140)=[{&(0x7f0000001200)="10", 0x100000}], 0x1)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000840)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
lsetxattr$system_posix_acl(&(0x7f0000000000)='./file1\x00', &(0x7f00000003c0)='system.posix_acl_access\x00', &(0x7f0000000140)=ANY=[@ANYBLOB="0200000001000000000000000400000000000000100000000000000020"], 0x24, 0x0)

2.058636726s ago: executing program 8 (id=8411):
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
msgget(0x1, 0x2b0)
mount$9p_fd(0x0, 0x0, &(0x7f0000000080), 0x400, &(0x7f0000000340)=ANY=[@ANYRESHEX, @ANYRES64])
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @rand_addr=0x64010100}, 0x10)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
ioctl$sock_ifreq(r4, 0x8943, &(0x7f0000000080)={'dummy0\x00', @ifru_ivalue})
shutdown(0xffffffffffffffff, 0x1)
fspick(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x1)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
socket$inet6(0xa, 0x5, 0x6)
sync()
r6 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_GINFO(r6, 0xc0f85403, 0x0)
close(0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)

678.157061ms ago: executing program 0 (id=8412):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x7f}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', <r6=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_SET(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000fedbdf25080000001800028014000380100001800400030008000100050000000c00018008000100", @ANYRES32=r6], 0x38}, 0x1, 0x0, 0x0, 0x4000804}, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bridge0\x00', <r7=>0x0})
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0xffa1, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="440000001000ffff27bd7000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="fda65f0500000000140012800c0001006d616376746170000400028008000500", @ANYRES32=r7, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r7], 0x44}, 0x1, 0x0, 0x0, 0x308}, 0x0)

677.256371ms ago: executing program 2 (id=8413):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1e, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="070000000400000008"], 0x50)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x2, 0xa, 0x0, 0x0, 0x2}, 0x10}}, 0x0)

559.316212ms ago: executing program 8 (id=8414):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2, 0x0, 0x2}, 0x18)
connect$inet(r0, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)

460.44245ms ago: executing program 6 (id=8415):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, 0x0, 0x1, 0x7}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001a40)={0x6, 0x1, &(0x7f0000000080)=ANY=[], &(0x7f0000001700)='GPL\x00', 0xc, 0x40, &(0x7f0000001740)=""/64, 0x40f00, 0x61, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1ff}, 0x94)

201.946347ms ago: executing program 8 (id=8416):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0)
sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x40, r1, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy1\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0x100}}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_TYPE={0x5}]}, 0x40}, 0x1, 0x0, 0x0, 0x4084}, 0x800)

142.502108ms ago: executing program 2 (id=8417):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x8, 0x2, 0x4, 0x5}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r2, 0x0, 0x7}, 0x18)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580), &(0x7f0000000680), 0x7fffffff, r1}, 0x38)

5.301775ms ago: executing program 6 (id=8418):
unshare(0x28000600)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000240)={r0, 0x0, 0x0}, 0x20)

0s ago: executing program 9 (id=8419):
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e8500000005"], 0x0, 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1a"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r3}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r4}, 0x10)
r5 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[], [], 0x6b}})

kernel console output (not intermixed with test programs):

scall=321 compat=0 ip=0x7f5d9cb8ebe9 code=0x7ffc0000
[ 2404.469782][   T30] audit: type=1326 audit(2000000481.199:6536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30796 comm="syz.8.7719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d9cb8ebe9 code=0x7ffc0000
[ 2404.507637][T28578] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 2404.541124][   T30] audit: type=1326 audit(2000000481.199:6537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30796 comm="syz.8.7719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5d9cb8ebe9 code=0x7ffc0000
[ 2404.564960][T28578] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 2404.575793][   T30] audit: type=1326 audit(2000000481.199:6538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30796 comm="syz.8.7719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d9cb8ebe9 code=0x7ffc0000
[ 2404.599034][   T30] audit: type=1326 audit(2000000481.199:6539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30796 comm="syz.8.7719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d9cb8ebe9 code=0x7ffc0000
[ 2404.622398][T28578] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 2404.666901][T28578] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 2404.690044][T28578] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 2404.724197][   T36] netdevsim netdevsim7 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 2404.754432][   T36] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2404.774781][T30809] 9pnet_fd: Insufficient options for proto=fd
[ 2404.859022][T30813] netlink: 52 bytes leftover after parsing attributes in process `syz.0.7723'.
[ 2404.897195][T30813] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7723'.
[ 2404.917321][T30813] netlink: 52 bytes leftover after parsing attributes in process `syz.0.7723'.
[ 2404.953276][T30813] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7723'.
[ 2404.982777][   T36] netdevsim netdevsim7 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 2405.022982][   T36] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2405.100138][T30804] lo speed is unknown, defaulting to 1000
[ 2405.255884][   T36] netdevsim netdevsim7 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 2405.298918][   T36] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2405.358783][T30804] lo speed is unknown, defaulting to 1000
[ 2405.503117][   T36] netdevsim netdevsim7 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 2405.520943][   T36] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2405.538266][T30829] program syz.9.7730 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 2405.920287][T30840] __nla_validate_parse: 1 callbacks suppressed
[ 2405.920314][T30840] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7732'.
[ 2406.756948][T28578] Bluetooth: hci2: command tx timeout
[ 2407.266283][T30863] loop6: detected capacity change from 0 to 128
[ 2407.275381][T30865] 9pnet_fd: Insufficient options for proto=fd
[ 2407.335136][T30863] FAT-fs (loop6): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[ 2407.367557][T30863] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[ 2407.478168][T30870] loop0: detected capacity change from 0 to 1024
[ 2407.486379][T30870] EXT4-fs: Ignoring removed orlov option
[ 2407.526080][T30870] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 2407.869385][T30878] netlink: 52 bytes leftover after parsing attributes in process `syz.9.7746'.
[ 2407.883083][T30878] netlink: 12 bytes leftover after parsing attributes in process `syz.9.7746'.
[ 2407.893445][T30878] netlink: 52 bytes leftover after parsing attributes in process `syz.9.7746'.
[ 2407.902635][T30878] netlink: 12 bytes leftover after parsing attributes in process `syz.9.7746'.
[ 2407.915196][T30878] netlink: 52 bytes leftover after parsing attributes in process `syz.9.7746'.
[ 2407.939515][   T36] bond0 (unregistering): (slave vxlan0): Releasing backup interface
[ 2408.302233][   T36] bond0 (unregistering): Released all slaves
[ 2408.345649][T30804] lo speed is unknown, defaulting to 1000
[ 2408.365456][T30804] lo speed is unknown, defaulting to 1000
[ 2408.511639][T28577] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2408.761936][   T36] tipc: Disabling bearer <udp:£>
[ 2408.768211][   T36] tipc: Left network mode
[ 2408.836778][T28578] Bluetooth: hci2: command tx timeout
[ 2409.020154][T30804] chnl_net:caif_netlink_parms(): no params data found
[ 2409.039676][   T30] kauditd_printk_skb: 25 callbacks suppressed
[ 2409.039704][   T30] audit: type=1326 audit(2000000486.269:6565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30893 comm="syz.0.7752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f879e38ebe9 code=0x7ffc0000
[ 2409.080203][T30892] loop6: detected capacity change from 0 to 2048
[ 2409.169956][   T30] audit: type=1326 audit(2000000486.269:6566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30893 comm="syz.0.7752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f879e38ebe9 code=0x7ffc0000
[ 2409.203973][T30892]  loop6: p1 < > p4
[ 2409.244122][T30892] loop6: p4 size 8388608 extends beyond EOD, truncated
[ 2409.251427][   T30] audit: type=1326 audit(2000000486.309:6567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30893 comm="syz.0.7752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f879e38ebe9 code=0x7ffc0000
[ 2409.251512][   T30] audit: type=1326 audit(2000000486.309:6568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30893 comm="syz.0.7752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f879e38ebe9 code=0x7ffc0000
[ 2409.251590][   T30] audit: type=1326 audit(2000000486.309:6569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30893 comm="syz.0.7752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f879e38ebe9 code=0x7ffc0000
[ 2409.251664][   T30] audit: type=1326 audit(2000000486.309:6570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30893 comm="syz.0.7752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f879e38ebe9 code=0x7ffc0000
[ 2409.251740][   T30] audit: type=1326 audit(2000000486.309:6571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30893 comm="syz.0.7752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f879e38ebe9 code=0x7ffc0000
[ 2409.275767][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2409.688344][   T30] audit: type=1326 audit(2000000486.319:6572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30893 comm="syz.0.7752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f879e38ebe9 code=0x7ffc0000
[ 2409.726813][   T30] audit: type=1326 audit(2000000486.319:6573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30893 comm="syz.0.7752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f879e38ebe9 code=0x7ffc0000
[ 2409.760638][   T30] audit: type=1326 audit(2000000486.329:6574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30893 comm="syz.0.7752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f879e38ebe9 code=0x7ffc0000
[ 2409.983553][T30911] rdma_rxe: rxe_newlink: failed to add lo
[ 2410.774172][T30804] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2410.787586][T30804] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2410.806817][T30804] bridge_slave_0: entered allmulticast mode
[ 2410.838916][T30804] bridge_slave_0: entered promiscuous mode
[ 2410.864635][T30804] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2410.891675][T30804] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2410.914785][T30804] bridge_slave_1: entered allmulticast mode
[ 2410.927284][T28578] Bluetooth: hci2: command tx timeout
[ 2410.990919][T30804] bridge_slave_1: entered promiscuous mode
[ 2411.091911][T30930] usb usb5: usbfs: process 30930 (syz.6.7762) did not claim interface 0 before use
[ 2411.121621][T30929] loop8: detected capacity change from 0 to 1024
[ 2411.186405][T30929] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 2411.245317][T30804] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2411.292787][   T36] hsr_slave_0: left promiscuous mode
[ 2411.306014][   T36] hsr_slave_1: left promiscuous mode
[ 2411.338266][T30935] EXT4-fs error (device loop8): mb_free_blocks:2014: group 0, inode 15: block 97:freeing already freed block (bit 6); block bitmap corrupt.
[ 2411.373733][   T36] team0: left allmulticast mode
[ 2411.397198][   T36] team0: left promiscuous mode
[ 2411.402470][   T36] veth1_macvtap: left promiscuous mode
[ 2411.423736][   T36] veth0_macvtap: left promiscuous mode
[ 2411.525775][T24365] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2411.689110][T30941] loop8: detected capacity change from 0 to 256
[ 2411.713858][T30941] FAT-fs (loop8): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1)
[ 2412.204871][T30949] loop6: detected capacity change from 0 to 128
[ 2412.234661][T30952] 9pnet_fd: Insufficient options for proto=fd
[ 2412.320552][T30949] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[ 2412.409161][T30949] ext4 filesystem being mounted at /574/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[ 2412.442276][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2412.579427][T21866] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 2413.006988][T28578] Bluetooth: hci2: command tx timeout
[ 2414.000176][ T1099] smc: removing ib device s
z1
[ 2414.011317][T30804] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2414.022556][ T5952] lo speed is unknown, defaulting to 1000
[ 2414.066727][ T5952] 3yz0: Port: 1 Link DOWN
[ 2414.176918][T30971] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 2414.213250][T30973] bridge0: port 3(syz_tun) entered blocking state
[ 2414.237638][T30973] bridge0: port 3(syz_tun) entered disabled state
[ 2414.279986][T30973] syz_tun: entered allmulticast mode
[ 2414.861580][T30804] team0: Port device team_slave_0 added
[ 2414.938351][   T30] kauditd_printk_skb: 9 callbacks suppressed
[ 2414.938378][   T30] audit: type=1326 audit(2000000492.159:6584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30981 comm="syz.0.7781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f879e38ebe9 code=0x7ffc0000
[ 2415.001894][T30804] team0: Port device team_slave_1 added
[ 2415.080058][   T30] audit: type=1326 audit(2000000492.159:6585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30981 comm="syz.0.7781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f879e38ebe9 code=0x7ffc0000
[ 2415.278264][   T30] audit: type=1326 audit(2000000492.169:6586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30981 comm="syz.0.7781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=151 compat=0 ip=0x7f879e38ebe9 code=0x7ffc0000
[ 2415.307156][T30983] loop0: detected capacity change from 0 to 512
[ 2415.358449][T30983] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 2415.369617][   T30] audit: type=1326 audit(2000000492.369:6587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30981 comm="syz.0.7781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f879e38ebe9 code=0x7ffc0000
[ 2415.392353][   T30] audit: type=1326 audit(2000000492.369:6588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30981 comm="syz.0.7781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f879e38ebe9 code=0x7ffc0000
[ 2415.417481][T30983] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[ 2415.430148][   T30] audit: type=1326 audit(2000000492.399:6589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30981 comm="syz.0.7781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=43 compat=0 ip=0x7f879e38ebe9 code=0x7ffc0000
[ 2416.094665][T30983] EXT4-fs (loop0): 1 truncate cleaned up
[ 2416.136775][   T30] audit: type=1326 audit(2000000492.399:6590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30981 comm="syz.0.7781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f879e38ebe9 code=0x7ffc0000
[ 2416.198301][T30983] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 2416.302732][   T30] audit: type=1326 audit(2000000492.399:6591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30981 comm="syz.0.7781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f879e38ebe9 code=0x7ffc0000
[ 2416.326992][   T30] audit: type=1326 audit(2000000492.399:6592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30981 comm="syz.0.7781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f879e38ebe9 code=0x7ffc0000
[ 2416.350096][   T30] audit: type=1326 audit(2000000492.399:6593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30981 comm="syz.0.7781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f879e38ec23 code=0x7ffc0000
[ 2416.753084][T28577] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2416.837724][T31003] loop9: detected capacity change from 0 to 128
[ 2416.952059][T31003] EXT4-fs (loop9): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[ 2416.969199][T31003] ext4 filesystem being mounted at /320/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[ 2417.037045][T30804] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2417.085989][T30804] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2417.151035][T30804] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2417.169007][T31007] loop0: detected capacity change from 0 to 2048
[ 2417.191537][T25058] EXT4-fs (loop9): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 2417.201665][T30804] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2417.213450][T31007]  loop0: p1 < > p4
[ 2417.216783][T30804] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2417.282818][T31007] loop0: p4 size 8388608 extends beyond EOD, truncated
[ 2417.320514][T30804] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2417.672094][T31015] loop2: detected capacity change from 0 to 256
[ 2417.694675][T31015] FAT-fs (loop2): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1)
[ 2417.874848][T30804] hsr_slave_0: entered promiscuous mode
[ 2417.912300][T30804] hsr_slave_1: entered promiscuous mode
[ 2417.974785][T30804] debugfs: 'hsr0' already exists in 'hsr'
[ 2417.998767][T30804] Cannot create hsr debugfs directory
[ 2418.204310][T31024] smc: net device bond0 applied user defined pnetid SYZ0
[ 2418.269927][T31025] smc: net device bond0 erased user defined pnetid SYZ0
[ 2418.685720][T31020] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 2418.693725][T31020] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 2418.701029][T31020] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 2418.812265][T31020] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 2419.126608][T31041] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7796'.
[ 2419.896689][T31054] usb usb5: usbfs: process 31054 (syz.0.7800) did not claim interface 0 before use
[ 2419.967006][T31055] loop9: detected capacity change from 0 to 128
[ 2420.096431][T31055] EXT4-fs (loop9): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[ 2420.183665][T31055] ext4 filesystem being mounted at /324/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[ 2420.360811][T28578] Bluetooth: hci0: command 0x0c1a tx timeout
[ 2420.469104][T25058] EXT4-fs (loop9): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 2420.492508][T31065] loop2: detected capacity change from 0 to 256
[ 2420.506520][   T36] IPVS: stop unused estimator thread 0...
[ 2420.554991][T31065] FAT-fs (loop2): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1)
[ 2420.757210][T28578] Bluetooth: hci2: command 0x0c1a tx timeout
[ 2420.807209][T31071] loop8: detected capacity change from 0 to 2048
[ 2420.856745][T31071]  loop8: p1 < > p4
[ 2420.869391][T31071] loop8: p4 size 8388608 extends beyond EOD, truncated
[ 2421.173667][T31085] loop8: detected capacity change from 0 to 128
[ 2421.196342][T31085] FAT-fs (loop8): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[ 2421.240331][T31085] FAT-fs (loop8): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[ 2421.245436][T31081] netlink: 200 bytes leftover after parsing attributes in process `syz.9.7811'.
[ 2421.445670][T30804] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 2421.486156][T30804] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 2421.542400][T30804] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 2421.564981][T30804] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 2421.574912][T31093] loop8: detected capacity change from 0 to 128
[ 2421.634141][T31093] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[ 2421.691083][T30804] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2421.716939][T31093] ext4 filesystem being mounted at /326/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[ 2421.750474][T30804] 8021q: adding VLAN 0 to HW filter on device team0
[ 2421.820393][ T1099] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2421.827819][ T1099] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2421.891462][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2421.899052][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2421.974882][T24365] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 2422.365937][T31110] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[ 2422.837136][T28578] Bluetooth: hci2: command 0x0c1a tx timeout
[ 2423.004372][T31124] loop2: detected capacity change from 0 to 2048
[ 2423.019815][T31127] loop6: detected capacity change from 0 to 512
[ 2423.067120][T31127] EXT4-fs (loop6): feature flags set on rev 0 fs, running e2fsck is recommended
[ 2423.076540][T30804] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2423.121556][T31124]  loop2: p1 < > p4
[ 2423.130799][T31124] loop2: p4 size 8388608 extends beyond EOD, truncated
[ 2423.186326][T31127] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 2423.313712][T31133] loop8: detected capacity change from 0 to 128
[ 2423.320670][T31127] EXT4-fs error (device loop6): ext4_readdir:262: inode #2: block 3: comm syz.6.7826: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0
[ 2423.355043][T31133] FAT-fs (loop8): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[ 2423.405233][T31127] EXT4-fs error (device loop6): ext4_readdir:262: inode #2: block 12: comm syz.6.7826: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[ 2423.449606][T31133] FAT-fs (loop8): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[ 2423.478304][T31127] EXT4-fs error (device loop6): ext4_readdir:262: inode #2: block 13: comm syz.6.7826: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[ 2423.558971][T31142] loop2: detected capacity change from 0 to 128
[ 2423.576882][T31127] EXT4-fs error (device loop6): ext4_readdir:262: inode #2: block 14: comm syz.6.7826: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[ 2423.633798][T31127] EXT4-fs error (device loop6): ext4_readdir:262: inode #2: block 15: comm syz.6.7826: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[ 2423.634479][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2423.676605][T31127] EXT4-fs error (device loop6): ext4_readdir:262: inode #2: block 16: comm syz.6.7826: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[ 2423.683343][T31142] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[ 2423.701543][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2423.710545][T31127] EXT4-fs error (device loop6): ext4_readdir:262: inode #2: block 17: comm syz.6.7826: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[ 2423.724359][T31142] ext4 filesystem being mounted at /432/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[ 2423.995875][T21866] EXT4-fs warning (device loop6): ext4_update_dynamic_rev:1125: updating to rev 1 because of new feature flag, running e2fsck is recommended
[ 2424.018461][T23856] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 2424.061662][T21866] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2424.465863][T31158] netlink: 32 bytes leftover after parsing attributes in process `syz.0.7833'.
[ 2424.920195][T28578] Bluetooth: hci2: command 0x0c1a tx timeout
[ 2424.946281][T30804] veth0_vlan: entered promiscuous mode
[ 2425.131568][T30804] veth1_vlan: entered promiscuous mode
[ 2425.347801][T31167] netlink: 'syz.0.7837': attribute type 4 has an invalid length.
[ 2425.403472][T30804] veth0_macvtap: entered promiscuous mode
[ 2425.430285][ T5944] lo speed is unknown, defaulting to 1000
[ 2425.458754][T30804] veth1_macvtap: entered promiscuous mode
[ 2425.523675][T30804] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2425.567517][T31173] loop9: detected capacity change from 0 to 512
[ 2425.581664][T30804] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2425.621625][T31173] __quota_error: 18 callbacks suppressed
[ 2425.621657][T31173] Quota error (device loop9): v2_read_file_info: Free block number 1 out of range (1, 6).
[ 2425.682265][T31173] EXT4-fs warning (device loop9): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[ 2425.697074][   T12] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2425.729411][   T12] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2425.745712][   T12] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2425.760687][T31173] EXT4-fs (loop9): mount failed
[ 2425.791760][   T30] audit: type=1326 audit(2000000502.989:6612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31177 comm="syz.6.7841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8f558ebe9 code=0x7ffc0000
[ 2425.820328][T31178] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7841'.
[ 2425.855566][   T12] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2425.896080][   T30] audit: type=1326 audit(2000000502.989:6613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31177 comm="syz.6.7841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8f558ebe9 code=0x7ffc0000
[ 2425.919888][T31178] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7841'.
[ 2425.950732][   T30] audit: type=1326 audit(2000000503.009:6614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31177 comm="syz.6.7841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=148 compat=0 ip=0x7fa8f558ebe9 code=0x7ffc0000
[ 2426.003578][T31186] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7843'.
[ 2426.044494][   T30] audit: type=1326 audit(2000000503.019:6615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31177 comm="syz.6.7841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8f558ebe9 code=0x7ffc0000
[ 2426.106921][   T30] audit: type=1326 audit(2000000503.019:6616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31177 comm="syz.6.7841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8f558ebe9 code=0x7ffc0000
[ 2426.121640][T31178] team1: entered promiscuous mode
[ 2426.180619][T31178] team1: entered allmulticast mode
[ 2426.195469][   T30] audit: type=1326 audit(2000000503.049:6617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31177 comm="syz.6.7841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa8f558ebe9 code=0x7ffc0000
[ 2426.231870][T31190] loop2: detected capacity change from 0 to 128
[ 2426.301573][T31190] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[ 2426.314480][   T30] audit: type=1326 audit(2000000503.049:6618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31177 comm="syz.6.7841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8f558ebe9 code=0x7ffc0000
[ 2426.314568][   T30] audit: type=1326 audit(2000000503.049:6619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31177 comm="syz.6.7841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7fa8f558ebe9 code=0x7ffc0000
[ 2426.314643][   T30] audit: type=1326 audit(2000000503.049:6620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31177 comm="syz.6.7841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8f558ebe9 code=0x7ffc0000
[ 2426.337868][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2426.383295][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2426.405944][T18121] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2426.430967][T18121] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2426.461336][T31190] ext4 filesystem being mounted at /436/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[ 2428.876180][T18122] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2428.876218][T18122] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2429.142368][T31201] loop9: detected capacity change from 0 to 512
[ 2429.426234][T31201] EXT4-fs (loop9): feature flags set on rev 0 fs, running e2fsck is recommended
[ 2429.456327][T23856] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 2430.123959][T31201] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 2430.309099][T25058] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2430.361879][T31216] netlink: 'syz.8.7854': attribute type 4 has an invalid length.
[ 2430.643961][T31224] netlink: 52 bytes leftover after parsing attributes in process `syz.0.7856'.
[ 2430.664438][   T30] kauditd_printk_skb: 44 callbacks suppressed
[ 2430.664467][   T30] audit: type=1326 audit(2000000507.889:6665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31219 comm="syz.9.7855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2430.719717][T31224] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7856'.
[ 2430.765647][   T30] audit: type=1326 audit(2000000507.919:6666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31219 comm="syz.9.7855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2430.787878][T31224] netlink: 52 bytes leftover after parsing attributes in process `syz.0.7856'.
[ 2430.830129][   T30] audit: type=1326 audit(2000000507.949:6667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31219 comm="syz.9.7855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2430.863195][T31224] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7856'.
[ 2430.889092][   T30] audit: type=1326 audit(2000000507.949:6668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31219 comm="syz.9.7855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2430.929368][T31224] netlink: 52 bytes leftover after parsing attributes in process `syz.0.7856'.
[ 2430.964560][   T30] audit: type=1326 audit(2000000507.949:6669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31219 comm="syz.9.7855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2431.019512][   T30] audit: type=1326 audit(2000000507.949:6670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31219 comm="syz.9.7855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=86 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2431.077802][T31231] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7859'.
[ 2431.098249][   T30] audit: type=1326 audit(2000000507.969:6671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31219 comm="syz.9.7855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2431.144881][   T30] audit: type=1326 audit(2000000507.969:6672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31219 comm="syz.9.7855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2431.233756][   T30] audit: type=1326 audit(2000000508.299:6673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31230 comm="syz.2.7859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a6118ebe9 code=0x7ffc0000
[ 2431.425796][   T30] audit: type=1326 audit(2000000508.299:6674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31230 comm="syz.2.7859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a6118ebe9 code=0x7ffc0000
[ 2431.976985][T31242] loop8: detected capacity change from 0 to 512
[ 2432.026826][T31242] EXT4-fs (loop8): feature flags set on rev 0 fs, running e2fsck is recommended
[ 2432.112664][T31242] EXT4-fs error (device loop8): ext4_acquire_dquot:6935: comm syz.8.7861: Failed to acquire dquot type 1
[ 2432.127074][T31242] EXT4-fs (loop8): 1 truncate cleaned up
[ 2432.129141][T31242] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 2432.250222][T31254] netlink: 24 bytes leftover after parsing attributes in process `syz.6.7849'.
[ 2432.250270][T31254] netlink: 252 bytes leftover after parsing attributes in process `syz.6.7849'.
[ 2432.278632][T31256] loop7: detected capacity change from 0 to 256
[ 2432.302963][T31242] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2432.323870][T31256] FAT-fs (loop7): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1)
[ 2433.123325][T31279] siw: device registration error -23
[ 2433.617911][T31286] loop2: detected capacity change from 0 to 512
[ 2433.637911][T31286] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[ 2433.715048][T31286] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 2433.776898][T31297] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7885'.
[ 2433.790860][T31286] EXT4-fs error (device loop2): ext4_readdir:262: inode #2: block 3: comm syz.2.7881: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0
[ 2433.865163][T31286] EXT4-fs error (device loop2): ext4_readdir:262: inode #2: block 12: comm syz.2.7881: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[ 2433.926956][T31286] EXT4-fs error (device loop2): ext4_readdir:262: inode #2: block 13: comm syz.2.7881: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[ 2434.018334][T31286] EXT4-fs error (device loop2): ext4_readdir:262: inode #2: block 14: comm syz.2.7881: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[ 2434.058311][T31286] EXT4-fs error (device loop2): ext4_readdir:262: inode #2: block 15: comm syz.2.7881: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[ 2434.087978][T31286] EXT4-fs error (device loop2): ext4_readdir:262: inode #2: block 16: comm syz.2.7881: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[ 2434.122400][T31286] EXT4-fs error (device loop2): ext4_readdir:262: inode #2: block 17: comm syz.2.7881: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[ 2434.147259][T31286] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #2: block 18: comm syz.2.7881: lblock 23 mapped to illegal pblock 18 (length 1)
[ 2434.185485][T31286] EXT4-fs error (device loop2): ext4_readdir:262: inode #2: block 19: comm syz.2.7881: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[ 2434.248463][T31286] EXT4-fs error (device loop2): ext4_readdir:262: inode #2: block 20: comm syz.2.7881: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=2048 fake=0
[ 2434.364558][T31311] loop0: detected capacity change from 0 to 512
[ 2434.418142][T31311] EXT4-fs error (device loop0): ext4_validate_block_bitmap:440: comm syz.0.7890: bg 0: block 131: padding at end of block bitmap is not set
[ 2434.477932][T31311] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6657: Corrupt filesystem
[ 2434.505076][T31311] EXT4-fs (loop0): 1 truncate cleaned up
[ 2434.543348][T31311] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 2434.565115][T23856] EXT4-fs warning (device loop2): ext4_update_dynamic_rev:1125: updating to rev 1 because of new feature flag, running e2fsck is recommended
[ 2434.619929][T23856] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2434.740442][T28577] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2434.789123][T31297] team0 (unregistering): Port device team_slave_0 removed
[ 2434.817157][T31297] team0 (unregistering): Port device team_slave_1 removed
[ 2434.917846][T31317] tipc: Started in network mode
[ 2434.923096][T31317] tipc: Node identity ce27ba91e3bb, cluster identity 4711
[ 2434.930990][T31317] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 2434.953514][T31327] netlink: 256 bytes leftover after parsing attributes in process `syz.0.7896'.
[ 2434.980693][T31327] ksmbd: Unknown IPC event: 3, ignore.
[ 2435.005169][T31314] tipc: Disabling bearer <eth:syzkaller0>
[ 2435.203119][T31331] loop2: detected capacity change from 0 to 1024
[ 2435.247869][T31331] EXT4-fs: Ignoring removed bh option
[ 2435.255176][T31331] EXT4-fs: inline encryption not supported
[ 2435.337483][T31331] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[ 2435.394292][T31331] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[ 2435.492000][T31331] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 2: comm syz.2.7897: lblock 2 mapped to illegal pblock 2 (length 1)
[ 2435.518177][T31343] 9pnet_fd: Insufficient options for proto=fd
[ 2435.567638][T31331] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 48: comm syz.2.7897: lblock 0 mapped to illegal pblock 48 (length 1)
[ 2435.653878][T31331] EXT4-fs error (device loop2): ext4_acquire_dquot:6935: comm syz.2.7897: Failed to acquire dquot type 0
[ 2435.676208][T31352] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7905'.
[ 2435.733546][T31331] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6334: Corrupt filesystem
[ 2435.772484][T31331] EXT4-fs error (device loop2): ext4_evict_inode:254: inode #11: comm syz.2.7897: mark_inode_dirty error
[ 2435.819334][T31331] EXT4-fs warning (device loop2): ext4_evict_inode:256: couldn't mark inode dirty (err -117)
[ 2435.837514][T31356] loop8: detected capacity change from 0 to 512
[ 2435.839632][T31355] loop7: detected capacity change from 0 to 512
[ 2435.852278][T31331] EXT4-fs (loop2): 1 orphan inode deleted
[ 2435.878046][ T1099] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:6: lblock 1 mapped to illegal pblock 1 (length 1)
[ 2435.893923][T31355] EXT4-fs (loop7): feature flags set on rev 0 fs, running e2fsck is recommended
[ 2435.896064][T31356] EXT4-fs error (device loop8): ext4_validate_block_bitmap:440: comm syz.8.7908: bg 0: block 131: padding at end of block bitmap is not set
[ 2435.928938][T31331] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 2435.958542][ T1099] __quota_error: 22 callbacks suppressed
[ 2435.958570][ T1099] Quota error (device loop2): remove_tree: Can't read quota data block 1
[ 2435.974000][T31356] EXT4-fs error (device loop8) in ext4_mb_clear_bb:6657: Corrupt filesystem
[ 2435.983089][ T1099] EXT4-fs error (device loop2): ext4_release_dquot:6971: comm kworker/u8:6: Failed to release dquot type 0
[ 2435.999859][T31356] EXT4-fs (loop8): 1 truncate cleaned up
[ 2436.008840][T31355] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 2436.011989][T31356] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 2436.042953][T31331] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2436.068167][T31331] EXT4-fs error (device loop2): __ext4_get_inode_loc:4860: comm syz.2.7897: Invalid inode table block 1 in block_group 0
[ 2436.131212][T31355] EXT4-fs error (device loop7): ext4_readdir:262: inode #2: block 3: comm syz.7.7907: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0
[ 2436.150937][T31331] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6334: Corrupt filesystem
[ 2436.189497][T31331] EXT4-fs error (device loop2): ext4_quota_off:7221: inode #3: comm syz.2.7897: mark_inode_dirty error
[ 2436.207362][T31355] EXT4-fs error (device loop7): ext4_readdir:262: inode #2: block 12: comm syz.7.7907: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[ 2436.312310][T31355] EXT4-fs error (device loop7): ext4_readdir:262: inode #2: block 13: comm syz.7.7907: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[ 2436.336364][T24365] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2436.397539][T31355] EXT4-fs error (device loop7): ext4_readdir:262: inode #2: block 14: comm syz.7.7907: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[ 2436.470982][T31355] EXT4-fs error (device loop7): ext4_readdir:262: inode #2: block 15: comm syz.7.7907: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[ 2436.539578][T31355] EXT4-fs error (device loop7): ext4_readdir:262: inode #2: block 16: comm syz.7.7907: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[ 2436.848567][T31376] loop2: detected capacity change from 0 to 128
[ 2436.879223][T31376] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[ 2437.001630][T30804] EXT4-fs warning (device loop7): ext4_update_dynamic_rev:1125: updating to rev 1 because of new feature flag, running e2fsck is recommended
[ 2437.274638][T31376] ext4 filesystem being mounted at /447/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[ 2437.602896][T30804] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2438.014704][T23856] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 2438.382561][T17129] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 2438.388535][T31400] netlink: 52 bytes leftover after parsing attributes in process `syz.7.7923'.
[ 2438.417472][T17129] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 2438.464058][T17129] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 2438.476060][T31400] netlink: 12 bytes leftover after parsing attributes in process `syz.7.7923'.
[ 2438.495216][T31400] netlink: 52 bytes leftover after parsing attributes in process `syz.7.7923'.
[ 2438.505429][T17129] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 2438.518711][T31400] netlink: 12 bytes leftover after parsing attributes in process `syz.7.7923'.
[ 2438.532182][T31400] netlink: 52 bytes leftover after parsing attributes in process `syz.7.7923'.
[ 2438.544423][T17129] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 2438.737963][T21866] syz_tun (unregistering): left allmulticast mode
[ 2438.764273][T21866] bridge0: port 3(syz_tun) entered disabled state
[ 2438.815818][T31415] netlink: 'syz.9.7924': attribute type 4 has an invalid length.
[ 2439.207255][T31397] lo speed is unknown, defaulting to 1000
[ 2439.219675][T31397] lo speed is unknown, defaulting to 1000
[ 2439.499171][T31428] loop0: detected capacity change from 0 to 256
[ 2439.537508][T31428] FAT-fs (loop0): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1)
[ 2439.933300][   T30] audit: type=1326 audit(2000000517.159:6693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31440 comm="syz.9.7936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2440.044712][   T30] audit: type=1326 audit(2000000517.159:6694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31440 comm="syz.9.7936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2440.121623][   T30] audit: type=1326 audit(2000000517.159:6695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31440 comm="syz.9.7936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2440.208967][   T30] audit: type=1326 audit(2000000517.159:6696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31440 comm="syz.9.7936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2440.232709][   T30] audit: type=1326 audit(2000000517.159:6697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31440 comm="syz.9.7936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2440.256994][   T30] audit: type=1326 audit(2000000517.159:6698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31440 comm="syz.9.7936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2440.281079][   T30] audit: type=1326 audit(2000000517.159:6699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31440 comm="syz.9.7936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2440.305081][   T30] audit: type=1326 audit(2000000517.159:6700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31440 comm="syz.9.7936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2440.328172][   T30] audit: type=1326 audit(2000000517.169:6701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31440 comm="syz.9.7936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2440.530165][ T1099] bridge_slave_1: left allmulticast mode
[ 2440.560867][ T1099] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2440.604124][T28578] Bluetooth: hci4: command tx timeout
[ 2440.625739][ T1099] bridge_slave_0: left allmulticast mode
[ 2440.662842][ T1099] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2440.826303][T31456] netlink: 'syz.8.7940': attribute type 4 has an invalid length.
[ 2441.095837][T31465] loop0: detected capacity change from 0 to 1024
[ 2441.235618][T31465] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[ 2441.310446][T31465] ext4 filesystem being mounted at /164/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 2441.345700][T31469] loop7: detected capacity change from 0 to 512
[ 2441.386561][T31469] EXT4-fs (loop7): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[ 2441.421482][   T30] kauditd_printk_skb: 14 callbacks suppressed
[ 2441.421516][   T30] audit: type=1800 audit(2000000518.649:6716): pid=31465 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.7943" name="file1" dev="loop0" ino=15 res=0 errno=0
[ 2441.491082][T31469] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e12c, mo2=0002]
[ 2441.510782][T31469] System zones: 1-12
[ 2441.515530][T31469] EXT4-fs (loop7): orphan cleanup on readonly fs
[ 2441.551471][T28577] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[ 2441.575521][T31469] EXT4-fs error (device loop7): ext4_validate_block_bitmap:440: comm syz.7.7944: bg 0: block 361: padding at end of block bitmap is not set
[ 2441.669693][T31469] EXT4-fs (loop7): Remounting filesystem read-only
[ 2441.682831][T31469] EXT4-fs (loop7): 1 truncate cleaned up
[ 2441.691791][T31469] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[ 2441.739515][T31475] 9pnet_fd: Insufficient options for proto=fd
[ 2441.854798][T30804] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[ 2442.324716][ T1099] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2442.340619][ T1099] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2442.351812][ T1099] bond0 (unregistering): Released all slaves
[ 2442.376349][ T1099] bond1 (unregistering): Released all slaves
[ 2442.436895][T31397] chnl_net:caif_netlink_parms(): no params data found
[ 2442.681995][T28578] Bluetooth: hci4: command tx timeout
[ 2443.075613][T31397] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2443.096945][T31397] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2443.125390][T31397] bridge_slave_0: entered allmulticast mode
[ 2443.145064][T31397] bridge_slave_0: entered promiscuous mode
[ 2443.183707][T31498] netlink: 52 bytes leftover after parsing attributes in process `syz.0.7953'.
[ 2443.208261][T31498] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7953'.
[ 2443.227925][T31498] netlink: 52 bytes leftover after parsing attributes in process `syz.0.7953'.
[ 2443.260163][T31498] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7953'.
[ 2443.277315][T31500] 9pnet_virtio: no channels available for device 127.0.0.1
[ 2443.287327][T31397] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2443.304104][T31498] netlink: 52 bytes leftover after parsing attributes in process `syz.0.7953'.
[ 2443.308859][T31397] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2443.354989][T31503] loop9: detected capacity change from 0 to 256
[ 2443.364049][T31397] bridge_slave_1: entered allmulticast mode
[ 2443.375985][T31397] bridge_slave_1: entered promiscuous mode
[ 2443.390253][T31503] FAT-fs (loop9): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1)
[ 2443.465349][T31505] netlink: 52 bytes leftover after parsing attributes in process `syz.2.7956'.
[ 2443.546970][   T30] audit: type=1326 audit(2000000520.769:6717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31506 comm="syz.7.7957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57af18ebe9 code=0x7ffc0000
[ 2443.622922][   T30] audit: type=1326 audit(2000000520.769:6718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31506 comm="syz.7.7957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57af18ebe9 code=0x7ffc0000
[ 2443.669338][T31397] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2443.738016][   T30] audit: type=1326 audit(2000000520.779:6719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31506 comm="syz.7.7957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f57af18d550 code=0x7ffc0000
[ 2443.741633][T31397] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2443.827057][   T30] audit: type=1326 audit(2000000520.779:6720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31506 comm="syz.7.7957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57af18ebe9 code=0x7ffc0000
[ 2443.936919][   T30] audit: type=1326 audit(2000000520.779:6721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31506 comm="syz.7.7957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=8 compat=0 ip=0x7f57af18ebe9 code=0x7ffc0000
[ 2444.072338][   T30] audit: type=1326 audit(2000000520.779:6722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31506 comm="syz.7.7957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57af18ebe9 code=0x7ffc0000
[ 2444.096551][   T30] audit: type=1326 audit(2000000520.779:6723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31506 comm="syz.7.7957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f57af18ebe9 code=0x7ffc0000
[ 2444.120316][   T30] audit: type=1326 audit(2000000520.779:6724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31506 comm="syz.7.7957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57af18ebe9 code=0x7ffc0000
[ 2444.144142][   T30] audit: type=1326 audit(2000000520.779:6725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31506 comm="syz.7.7957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57af18ebe9 code=0x7ffc0000
[ 2444.774190][T28578] Bluetooth: hci4: command tx timeout
[ 2444.882358][T31511] loop2: detected capacity change from 0 to 2048
[ 2444.928203][ T1099] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2444.986020][ T1099] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2445.000802][T31511]  loop2: p1 < > p4
[ 2445.015600][T31522] netlink: 'syz.7.7960': attribute type 4 has an invalid length.
[ 2445.052300][T31511] loop2: p4 size 8388608 extends beyond EOD, truncated
[ 2445.832901][T31537] loop2: detected capacity change from 0 to 128
[ 2445.848920][T31537] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[ 2445.871253][T31537] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[ 2446.104958][T31539] loop8: detected capacity change from 0 to 512
[ 2446.141857][T31539] EXT4-fs (loop8): feature flags set on rev 0 fs, running e2fsck is recommended
[ 2446.202652][T31539] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 2446.347146][T31539] EXT4-fs error (device loop8): ext4_readdir:262: inode #2: block 3: comm syz.8.7968: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0
[ 2446.403482][T31539] EXT4-fs error (device loop8): ext4_readdir:262: inode #2: block 12: comm syz.8.7968: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[ 2446.424789][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2446.444350][T31539] EXT4-fs error (device loop8): ext4_readdir:262: inode #2: block 13: comm syz.8.7968: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[ 2446.502632][T31539] EXT4-fs error (device loop8): ext4_readdir:262: inode #2: block 14: comm syz.8.7968: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[ 2446.532267][T31539] EXT4-fs error (device loop8): ext4_readdir:262: inode #2: block 15: comm syz.8.7968: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[ 2446.602423][T31539] EXT4-fs error (device loop8): ext4_readdir:262: inode #2: block 16: comm syz.8.7968: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[ 2446.629451][T31539] EXT4-fs error (device loop8): ext4_readdir:262: inode #2: block 17: comm syz.8.7968: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[ 2446.655151][T31539] EXT4-fs error (device loop8): ext4_map_blocks:778: inode #2: block 18: comm syz.8.7968: lblock 23 mapped to illegal pblock 18 (length 1)
[ 2446.679519][T31539] EXT4-fs error (device loop8): ext4_readdir:262: inode #2: block 19: comm syz.8.7968: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[ 2446.715549][T31539] EXT4-fs error (device loop8): ext4_readdir:262: inode #2: block 20: comm syz.8.7968: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=2048 fake=0
[ 2446.939858][T28578] Bluetooth: hci4: command tx timeout
[ 2446.982288][T24365] EXT4-fs warning (device loop8): ext4_update_dynamic_rev:1125: updating to rev 1 because of new feature flag, running e2fsck is recommended
[ 2447.010851][T24365] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2447.226545][T31516] lo speed is unknown, defaulting to 1000
[ 2447.234327][T31516] lo speed is unknown, defaulting to 1000
[ 2447.287604][T31550] IPVS: stopping master sync thread 31553 ...
[ 2447.357908][T31552] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[ 2447.410780][T31397] team0: Port device team_slave_0 added
[ 2447.510891][T31397] team0: Port device team_slave_1 added
[ 2447.552362][T31558] sg_read: process 55 (syz.7.7972) changed security contexts after opening file descriptor, this is not allowed.
[ 2447.726383][T31397] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2447.759958][T31397] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2447.787681][T31397] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2447.808089][T31562] loop2: detected capacity change from 0 to 512
[ 2447.813860][T31397] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2447.828089][T31397] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2447.881790][T31397] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2447.924074][T31562] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.7973: casefold flag without casefold feature
[ 2447.954296][T31562] EXT4-fs error (device loop2): ext4_orphan_get:1395: comm syz.2.7973: couldn't read orphan inode 15 (err -117)
[ 2448.001371][T31562] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 2448.166516][T31397] hsr_slave_0: entered promiscuous mode
[ 2448.178994][T31397] hsr_slave_1: entered promiscuous mode
[ 2448.202970][T31397] debugfs: 'hsr0' already exists in 'hsr'
[ 2448.215259][T31397] Cannot create hsr debugfs directory
[ 2448.273908][T31568] loop8: detected capacity change from 0 to 512
[ 2448.322450][T31568] EXT4-fs error (device loop8): ext4_validate_block_bitmap:440: comm syz.8.7975: bg 0: block 131: padding at end of block bitmap is not set
[ 2448.347627][T31568] EXT4-fs error (device loop8) in ext4_mb_clear_bb:6657: Corrupt filesystem
[ 2448.387597][T31568] EXT4-fs (loop8): 1 truncate cleaned up
[ 2448.407382][T31568] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 2448.495480][ T1099] IPVS: stop unused estimator thread 0...
[ 2448.623830][T31573] netlink: 52 bytes leftover after parsing attributes in process `syz.9.7977'.
[ 2448.655175][T31573] netlink: 12 bytes leftover after parsing attributes in process `syz.9.7977'.
[ 2448.682547][T31573] netlink: 52 bytes leftover after parsing attributes in process `syz.9.7977'.
[ 2448.719340][T24365] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2448.738448][T31573] netlink: 12 bytes leftover after parsing attributes in process `syz.9.7977'.
[ 2448.769425][T31573] netlink: 52 bytes leftover after parsing attributes in process `syz.9.7977'.
[ 2448.934672][T31580] loop0: detected capacity change from 0 to 128
[ 2448.963577][T31580] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[ 2448.964713][T31581] loop8: detected capacity change from 0 to 1024
[ 2448.984395][T31580] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[ 2449.019902][T31581] EXT4-fs: Ignoring removed bh option
[ 2449.025531][T31581] EXT4-fs: Ignoring removed bh option
[ 2449.117153][T31581] EXT4-fs: Mount option(s) incompatible with ext2
[ 2449.278136][T31581] loop8: detected capacity change from 0 to 512
[ 2449.290549][T31581] EXT4-fs (loop8): orphan cleanup on readonly fs
[ 2449.319177][T31581] EXT4-fs error (device loop8): ext4_validate_block_bitmap:440: comm syz.8.7978: bg 0: block 248: padding at end of block bitmap is not set
[ 2449.350858][T31581] __quota_error: 47 callbacks suppressed
[ 2449.350887][T31581] Quota error (device loop8): write_blk: dquota write failed
[ 2449.366494][T31581] Quota error (device loop8): qtree_write_dquot: Error -117 occurred while creating quota
[ 2449.377236][T31581] EXT4-fs error (device loop8): ext4_acquire_dquot:6935: comm syz.8.7978: Failed to acquire dquot type 1
[ 2449.392189][T31581] EXT4-fs (loop8): 1 truncate cleaned up
[ 2449.411683][T31581] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[ 2449.575967][T31581] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[ 2449.595941][T31581] tipc: Enabled bearer <udp:syz0>, priority 10
[ 2449.779240][T23856] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2449.879421][T24365] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2450.151341][T31598] siw: device registration error -23
[ 2450.166817][T31594] netlink: 'syz.2.7983': attribute type 4 has an invalid length.
[ 2450.191909][T31397] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 2450.268060][T31397] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 2450.318532][T31397] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 2450.373164][T31397] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 2450.471548][T31604] loop9: detected capacity change from 0 to 512
[ 2450.550524][T31604] EXT4-fs error (device loop9): ext4_validate_block_bitmap:440: comm syz.9.7989: bg 0: block 131: padding at end of block bitmap is not set
[ 2450.581258][T31604] EXT4-fs error (device loop9) in ext4_mb_clear_bb:6657: Corrupt filesystem
[ 2450.591356][T31604] EXT4-fs (loop9): 1 truncate cleaned up
[ 2450.599321][T31604] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 2450.682624][T25058] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2450.825550][T31397] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2450.915727][T31397] 8021q: adding VLAN 0 to HW filter on device team0
[ 2450.964846][ T1099] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2450.972810][ T1099] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2451.034833][T25406] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2451.042140][T25406] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2451.122265][   T30] audit: type=1326 audit(2000000528.339:6773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31627 comm="syz.9.7996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2451.156000][   T30] audit: type=1326 audit(2000000528.379:6774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31627 comm="syz.9.7996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2451.232680][   T30] audit: type=1326 audit(2000000528.379:6775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31627 comm="syz.9.7996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2451.312656][   T30] audit: type=1326 audit(2000000528.379:6776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31627 comm="syz.9.7996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2451.525834][   T30] audit: type=1326 audit(2000000528.739:6777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31627 comm="syz.9.7996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2451.621607][   T30] audit: type=1326 audit(2000000528.739:6778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31627 comm="syz.9.7996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2451.816926][T31644] netlink: 'syz.9.8001': attribute type 4 has an invalid length.
[ 2451.930976][T31646] netlink: 'syz.8.8000': attribute type 4 has an invalid length.
[ 2452.028565][T27835] lo speed is unknown, defaulting to 1000
[ 2452.045879][T27835] syz2: Port: 1 Link DOWN
[ 2452.165103][T31397] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2452.472415][T31658] usb usb5: usbfs: process 31658 (syz.7.8006) did not claim interface 0 before use
[ 2452.655402][T31661] loop9: detected capacity change from 0 to 512
[ 2452.670832][T31661] EXT4-fs: Ignoring removed mblk_io_submit option
[ 2452.678016][T31661] ext4: Unknown parameter 'obj_type'
[ 2452.922813][T31661] lo speed is unknown, defaulting to 1000
[ 2452.944013][T31661] lo speed is unknown, defaulting to 1000
[ 2453.573692][   T30] audit: type=1326 audit(2000000530.799:6779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31665 comm="syz.0.8008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f879e38ebe9 code=0x7ffc0000
[ 2453.637527][   T30] audit: type=1326 audit(2000000530.799:6780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31665 comm="syz.0.8008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f879e38d550 code=0x7ffc0000
[ 2453.975807][T31678] bridge_slave_0: left allmulticast mode
[ 2454.030733][T31678] bridge_slave_0: left promiscuous mode
[ 2454.072344][T31678] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2454.196120][T31678] bridge_slave_1: left allmulticast mode
[ 2454.242412][T31678] bridge_slave_1: left promiscuous mode
[ 2454.293928][T31678] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2455.277568][T31678] bond0: (slave bond_slave_0): Releasing backup interface
[ 2455.345699][T31678] bond0: (slave bond_slave_1): Releasing backup interface
[ 2455.400607][T31678] team0: Port device team_slave_0 removed
[ 2455.445020][T31678] team0: Port device team_slave_1 removed
[ 2455.455051][T31690] netlink: 'syz.2.8015': attribute type 4 has an invalid length.
[ 2455.474102][T31678] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2455.498779][T31678] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2455.532024][T31678] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2455.558383][T31678] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2456.056135][   T30] kauditd_printk_skb: 3 callbacks suppressed
[ 2456.056163][   T30] audit: type=1326 audit(2000000533.279:6784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31702 comm="syz.7.8020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57af18ebe9 code=0x7ffc0000
[ 2456.072352][T31703] netlink: 8 bytes leftover after parsing attributes in process `syz.7.8020'.
[ 2456.145868][   T30] audit: type=1326 audit(2000000533.279:6785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31702 comm="syz.7.8020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57af18ebe9 code=0x7ffc0000
[ 2456.260637][T31703] netlink: 4 bytes leftover after parsing attributes in process `syz.7.8020'.
[ 2456.266728][   T30] audit: type=1326 audit(2000000533.289:6786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31702 comm="syz.7.8020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=148 compat=0 ip=0x7f57af18ebe9 code=0x7ffc0000
[ 2456.271965][T31397] veth0_vlan: entered promiscuous mode
[ 2456.353627][   T30] audit: type=1326 audit(2000000533.289:6787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31702 comm="syz.7.8020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57af18ebe9 code=0x7ffc0000
[ 2456.391009][   T30] audit: type=1326 audit(2000000533.289:6788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31702 comm="syz.7.8020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f57af18ebe9 code=0x7ffc0000
[ 2456.476076][T31397] veth1_vlan: entered promiscuous mode
[ 2456.508826][   T30] audit: type=1326 audit(2000000533.289:6789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31702 comm="syz.7.8020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57af18ebe9 code=0x7ffc0000
[ 2456.605507][   T30] audit: type=1326 audit(2000000533.289:6790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31702 comm="syz.7.8020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7f57af18ebe9 code=0x7ffc0000
[ 2456.656185][T31397] veth0_macvtap: entered promiscuous mode
[ 2456.696121][T31397] veth1_macvtap: entered promiscuous mode
[ 2456.718196][   T30] audit: type=1326 audit(2000000533.289:6791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31702 comm="syz.7.8020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57af18ebe9 code=0x7ffc0000
[ 2456.796454][T31716] netlink: 4 bytes leftover after parsing attributes in process `syz.9.8024'.
[ 2456.810871][T31397] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2456.834671][   T30] audit: type=1326 audit(2000000533.289:6792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31702 comm="syz.7.8020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f57af18ebe9 code=0x7ffc0000
[ 2456.891510][   T30] audit: type=1326 audit(2000000533.289:6793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31702 comm="syz.7.8020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57af18ebe9 code=0x7ffc0000
[ 2456.895816][T31397] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2457.067359][ T1032] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2457.107291][ T1032] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2457.152595][ T1032] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2457.199605][ T1032] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2457.570035][ T6094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2457.626702][ T6094] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2457.947580][ T1099] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2457.976723][ T1099] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2458.722713][T31739] netlink: 28 bytes leftover after parsing attributes in process `syz.9.8034'.
[ 2459.384779][T31746] loop7: detected capacity change from 0 to 512
[ 2459.444509][T31746] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[ 2459.507335][T31746] EXT4-fs (loop7): 1 truncate cleaned up
[ 2459.537696][T31746] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 2460.176543][T30804] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2460.227811][T31762] siw: device registration error -23
[ 2460.419672][T31766] loop7: detected capacity change from 0 to 512
[ 2460.428634][T31766] EXT4-fs (loop7): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[ 2460.483635][T31766] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842e02c, mo2=0002]
[ 2460.507026][T31766] EXT4-fs (loop7): orphan cleanup on readonly fs
[ 2460.537937][T31766] EXT4-fs error (device loop7): ext4_validate_block_bitmap:440: comm syz.7.8042: bg 0: block 361: padding at end of block bitmap is not set
[ 2460.644869][T31766] EXT4-fs (loop7): Remounting filesystem read-only
[ 2460.685451][T31766] EXT4-fs (loop7): 1 truncate cleaned up
[ 2460.715150][T31766] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[ 2460.966076][T30804] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[ 2461.106968][T31786] netlink: 8 bytes leftover after parsing attributes in process `syz.9.8051'.
[ 2461.189502][T31786] IPVS: Error joining to the multicast group
[ 2461.200781][T31790] loop7: detected capacity change from 0 to 128
[ 2461.237677][T31790] FAT-fs (loop7): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[ 2461.268520][T31790] FAT-fs (loop7): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[ 2461.476486][   T30] kauditd_printk_skb: 47 callbacks suppressed
[ 2461.476516][   T30] audit: type=1326 audit(2000000538.699:6841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31796 comm="syz.9.8056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2461.531827][T31797] netlink: 8 bytes leftover after parsing attributes in process `syz.9.8056'.
[ 2461.550015][T31797] netlink: 4 bytes leftover after parsing attributes in process `syz.9.8056'.
[ 2461.559493][   T30] audit: type=1326 audit(2000000538.759:6842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31796 comm="syz.9.8056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=148 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2461.582319][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2461.695608][   T30] audit: type=1326 audit(2000000538.759:6843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31796 comm="syz.9.8056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2461.718589][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2461.772203][   T30] audit: type=1326 audit(2000000538.759:6844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31796 comm="syz.9.8056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2461.856842][T31812] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8058'.
[ 2461.917053][   T30] audit: type=1326 audit(2000000538.759:6845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31796 comm="syz.9.8056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2462.026836][   T30] audit: type=1326 audit(2000000538.759:6846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31796 comm="syz.9.8056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2462.049333][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2462.117522][   T30] audit: type=1326 audit(2000000538.759:6847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31796 comm="syz.9.8056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2462.316743][   T30] audit: type=1326 audit(2000000538.759:6848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31796 comm="syz.9.8056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2462.419172][   T30] audit: type=1326 audit(2000000538.759:6849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31796 comm="syz.9.8056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2462.493551][   T30] audit: type=1326 audit(2000000538.759:6850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31796 comm="syz.9.8056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2462.517574][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2462.839431][T31835] loop9: detected capacity change from 0 to 512
[ 2462.895399][T31835] EXT4-fs error (device loop9): ext4_validate_block_bitmap:440: comm syz.9.8070: bg 0: block 131: padding at end of block bitmap is not set
[ 2462.925880][T31835] EXT4-fs error (device loop9) in ext4_mb_clear_bb:6657: Corrupt filesystem
[ 2462.928698][T31835] EXT4-fs (loop9): 1 truncate cleaned up
[ 2462.930908][T31835] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 2463.026014][T31843] loop6: detected capacity change from 0 to 128
[ 2463.071170][T31843] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 2463.078629][T31843] ext4 filesystem being mounted at /9/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 2463.092679][T25058] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2464.571060][T31397] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 2464.834455][T31869] loop6: detected capacity change from 0 to 1024
[ 2464.895620][T31869] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 2464.939435][T31874] netlink: 12 bytes leftover after parsing attributes in process `syz.7.8082'.
[ 2464.962977][T31879] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8081'.
[ 2465.016168][T31869] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 2465.201980][T31884] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8084'.
[ 2465.222108][T31397] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2465.435382][T31888] loop7: detected capacity change from 0 to 512
[ 2465.467654][T31888] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[ 2465.514676][T31888] EXT4-fs error (device loop7): ext4_orphan_get:1418: comm syz.7.8085: bad orphan inode 6
[ 2465.552841][T31888] EXT4-fs (loop7): Remounting filesystem read-only
[ 2465.579767][T31888] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 2465.724640][T31894] loop6: detected capacity change from 0 to 128
[ 2465.734690][T31894] FAT-fs (loop6): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[ 2465.751995][T31894] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[ 2465.762669][T30804] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2465.865169][T31898] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8090'.
[ 2465.986389][T31901] tipc: Started in network mode
[ 2466.012822][T31901] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[ 2466.035087][T31902] netlink: 44 bytes leftover after parsing attributes in process `syz.0.8092'.
[ 2466.059109][T31901] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[ 2466.118631][T31901] tipc: Enabled bearer <udp:syz0>, priority 10
[ 2466.484144][T31917] usb usb5: usbfs: process 31917 (syz.8.8099) did not claim interface 0 before use
[ 2466.485095][T31906] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2466.760486][T31906] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2466.783689][   T30] kauditd_printk_skb: 25 callbacks suppressed
[ 2466.783717][   T30] audit: type=1326 audit(2000000544.009:6876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31919 comm="syz.8.8100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d9cb8ebe9 code=0x7ffc0000
[ 2466.875973][   T30] audit: type=1326 audit(2000000544.049:6877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31919 comm="syz.8.8100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5d9cb8ebe9 code=0x7ffc0000
[ 2466.932524][   T30] audit: type=1326 audit(2000000544.049:6878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31919 comm="syz.8.8100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d9cb8ebe9 code=0x7ffc0000
[ 2467.030883][   T30] audit: type=1326 audit(2000000544.049:6879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31919 comm="syz.8.8100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f5d9cb8ebe9 code=0x7ffc0000
[ 2467.112140][T31906] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2467.148854][   T30] audit: type=1326 audit(2000000544.049:6880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31919 comm="syz.8.8100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d9cb8ebe9 code=0x7ffc0000
[ 2467.235788][   T30] audit: type=1326 audit(2000000544.059:6881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31919 comm="syz.8.8100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d9cb8ebe9 code=0x7ffc0000
[ 2467.259779][T14788] tipc: Node number set to 1
[ 2467.319199][   T30] audit: type=1326 audit(2000000544.059:6882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31919 comm="syz.8.8100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f5d9cb8ebe9 code=0x7ffc0000
[ 2467.384726][   T30] audit: type=1326 audit(2000000544.089:6883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31919 comm="syz.8.8100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d9cb8ebe9 code=0x7ffc0000
[ 2467.446170][   T30] audit: type=1326 audit(2000000544.089:6884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31919 comm="syz.8.8100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f5d9cb8ebe9 code=0x7ffc0000
[ 2467.489879][   T30] audit: type=1326 audit(2000000544.089:6885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31919 comm="syz.8.8100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d9cb8ebe9 code=0x7ffc0000
[ 2467.524368][T31933] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8103'.
[ 2467.547932][T31906] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2468.016466][T31941] netlink: '+}[@': attribute type 1 has an invalid length.
[ 2468.078376][T31942] netlink: 4 bytes leftover after parsing attributes in process `syz.9.8105'.
[ 2468.229865][T31941] 8021q: adding VLAN 0 to HW filter on device bond1
[ 2468.288107][T18122] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2468.565995][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2469.231493][T31942] bond1 (unregistering): Released all slaves
[ 2469.339767][T25406] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2469.384001][T31958] loop6: detected capacity change from 0 to 256
[ 2469.539211][   T59] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2469.570678][   T59] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2469.769923][T31968] netlink: 52 bytes leftover after parsing attributes in process `syz.9.8116'.
[ 2469.796878][T31968] netlink: 12 bytes leftover after parsing attributes in process `syz.9.8116'.
[ 2469.826102][T31968] netlink: 52 bytes leftover after parsing attributes in process `syz.9.8116'.
[ 2469.883874][T31968] netlink: 12 bytes leftover after parsing attributes in process `syz.9.8116'.
[ 2469.927205][T31968] netlink: 52 bytes leftover after parsing attributes in process `syz.9.8116'.
[ 2470.041182][T31979] 9pnet_fd: Insufficient options for proto=fd
[ 2470.614832][T31989] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8123'.
[ 2470.693753][T31999] netlink: 'syz.0.8123': attribute type 10 has an invalid length.
[ 2470.773903][T31999] netlink: 40 bytes leftover after parsing attributes in process `syz.0.8123'.
[ 2470.860744][T32002] loop8: detected capacity change from 0 to 512
[ 2470.917605][T31999] team0: Port device geneve0 added
[ 2470.934220][T32002] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 2470.987405][T32002] ext4 filesystem being mounted at /386/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 2471.134615][T32002] EXT4-fs error (device loop8): ext4_empty_dir:3080: inode #12: comm syz.8.8128: Directory hole found for htree leaf block 0
[ 2471.277024][T24365] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2471.815805][T32034] netlink: 44 bytes leftover after parsing attributes in process `syz.9.8140'.
[ 2471.853033][T32035] netlink: 'syz.6.8141': attribute type 3 has an invalid length.
[ 2472.213659][T32040] loop7: detected capacity change from 0 to 512
[ 2472.532183][T32040] EXT4-fs error (device loop7): ext4_validate_block_bitmap:440: comm syz.7.8143: bg 0: block 131: padding at end of block bitmap is not set
[ 2472.895888][T32040] EXT4-fs error (device loop7) in ext4_mb_clear_bb:6657: Corrupt filesystem
[ 2472.976418][T32040] EXT4-fs (loop7): 1 truncate cleaned up
[ 2473.044488][T32040] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 2473.129772][T32055] loop9: detected capacity change from 0 to 512
[ 2473.212727][T32055] EXT4-fs error (device loop9): ext4_validate_block_bitmap:440: comm syz.9.8145: bg 0: block 131: padding at end of block bitmap is not set
[ 2473.281528][T32055] EXT4-fs error (device loop9) in ext4_mb_clear_bb:6657: Corrupt filesystem
[ 2473.298836][T32059] loop8: detected capacity change from 0 to 512
[ 2473.306219][T32055] EXT4-fs (loop9): 1 truncate cleaned up
[ 2473.338223][T32055] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 2473.381867][T32059] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[ 2473.436072][T30804] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2473.513176][   T30] kauditd_printk_skb: 56 callbacks suppressed
[ 2473.513206][   T30] audit: type=1326 audit(2000000550.739:6942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32043 comm="syz.9.8145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2473.680710][T32059] EXT4-fs (loop8): 1 truncate cleaned up
[ 2473.745540][T32059] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 2473.818154][   T30] audit: type=1326 audit(2000000550.779:6943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32043 comm="syz.9.8145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2473.899271][T32059] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2475.036963][   T30] audit: type=1326 audit(2000000550.829:6944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32043 comm="syz.9.8145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2475.110780][   T30] audit: type=1326 audit(2000000550.829:6945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32043 comm="syz.9.8145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2475.244890][T25058] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2475.266762][   T30] audit: type=1326 audit(2000000550.829:6946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32043 comm="syz.9.8145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2475.378123][   T30] audit: type=1326 audit(2000000550.829:6947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32043 comm="syz.9.8145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2475.406240][   T30] audit: type=1326 audit(2000000550.829:6948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32043 comm="syz.9.8145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2475.434193][   T30] audit: type=1326 audit(2000000550.829:6949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32043 comm="syz.9.8145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2475.546268][   T30] audit: type=1326 audit(2000000550.829:6950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32043 comm="syz.9.8145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2475.569444][   T30] audit: type=1326 audit(2000000550.859:6951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32043 comm="syz.9.8145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2475.749637][T32082] loop9: detected capacity change from 0 to 1024
[ 2475.777883][T32082] EXT4-fs: Ignoring removed orlov option
[ 2475.814905][T32082] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 2476.074412][T32089] __nla_validate_parse: 1 callbacks suppressed
[ 2476.074440][T32089] netlink: 44 bytes leftover after parsing attributes in process `syz.0.8157'.
[ 2476.198634][T32092] netlink: 'syz.8.8158': attribute type 4 has an invalid length.
[ 2476.654901][T25058] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2477.017005][T32109] netlink: 200 bytes leftover after parsing attributes in process `syz.9.8164'.
[ 2477.408691][T32119] siw: device registration error -23
[ 2477.526139][T32124] netlink: 44 bytes leftover after parsing attributes in process `syz.8.8172'.
[ 2477.739603][T32132] 9pnet_fd: Insufficient options for proto=fd
[ 2477.805955][T32131] loop7: detected capacity change from 0 to 1024
[ 2477.847908][T32131] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 2477.917093][T32131] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 2478.648789][T32154] loop0: detected capacity change from 0 to 512
[ 2478.733519][T32154] EXT4-fs error (device loop0): ext4_validate_block_bitmap:440: comm syz.0.8183: bg 0: block 131: padding at end of block bitmap is not set
[ 2478.769880][T32154] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6657: Corrupt filesystem
[ 2478.788173][T32154] EXT4-fs (loop0): 1 truncate cleaned up
[ 2478.798722][T32154] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 2479.191148][T28577] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2479.691317][T32173] $Hÿ: renamed from bond0 (while UP)
[ 2479.739484][T32173] $Hÿ: entered promiscuous mode
[ 2479.745022][T32173] bond_slave_0: entered promiscuous mode
[ 2479.768140][T32173] bond_slave_1: entered promiscuous mode
[ 2479.789465][T32173] dummy0: entered promiscuous mode
[ 2479.850356][T30804] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2479.889958][T32179] 9pnet_fd: Insufficient options for proto=fd
[ 2480.175575][   T30] kauditd_printk_skb: 22 callbacks suppressed
[ 2480.175604][   T30] audit: type=1326 audit(2000000557.399:6974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32186 comm="syz.9.8197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2480.316987][   T30] audit: type=1326 audit(2000000557.439:6975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32186 comm="syz.9.8197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2480.359462][T32192] usb usb5: usbfs: process 32192 (syz.6.8200) did not claim interface 0 before use
[ 2480.404676][   T30] audit: type=1326 audit(2000000557.469:6976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32186 comm="syz.9.8197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe2fa78d550 code=0x7ffc0000
[ 2480.440510][   T30] audit: type=1326 audit(2000000557.469:6977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32186 comm="syz.9.8197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2480.496907][   T30] audit: type=1326 audit(2000000557.469:6978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32186 comm="syz.9.8197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2480.570838][   T30] audit: type=1326 audit(2000000557.479:6979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32186 comm="syz.9.8197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=8 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2480.615807][   T30] audit: type=1326 audit(2000000557.479:6980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32186 comm="syz.9.8197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2480.680751][T32197] loop9: detected capacity change from 0 to 512
[ 2480.817597][T32197] EXT4-fs error (device loop9): ext4_validate_block_bitmap:440: comm syz.9.8202: bg 0: block 131: padding at end of block bitmap is not set
[ 2480.884594][T32197] EXT4-fs error (device loop9) in ext4_mb_clear_bb:6657: Corrupt filesystem
[ 2480.932345][T32199] loop8: detected capacity change from 0 to 8192
[ 2480.954450][T32197] EXT4-fs (loop9): 1 truncate cleaned up
[ 2480.975543][T32197] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 2481.020323][   T30] audit: type=1326 audit(2000000557.479:6981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32186 comm="syz.9.8197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2481.697184][T32212] netlink: 'syz.7.8208': attribute type 4 has an invalid length.
[ 2482.099322][T25058] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2482.143281][T32224] 9pnet_fd: Insufficient options for proto=fd
[ 2482.733204][T32234] loop7: detected capacity change from 0 to 8192
[ 2483.298633][   T30] audit: type=1800 audit(2000000560.529:6982): pid=32249 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.8214" name="file1" dev="loop7" ino=1049636 res=0 errno=0
[ 2484.551292][T32271] netlink: 44 bytes leftover after parsing attributes in process `syz.8.8228'.
[ 2484.717177][T32275] 9pnet_fd: Insufficient options for proto=fd
[ 2484.806008][T32281] loop7: detected capacity change from 0 to 128
[ 2484.867545][T32281] FAT-fs (loop7): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[ 2484.931205][T32281] FAT-fs (loop7): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[ 2485.511770][T32298] siw: device registration error -23
[ 2485.536926][   T30] audit: type=1326 audit(2000000562.759:6983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32291 comm="syz.8.8237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d9cb8ebe9 code=0x7ffc0000
[ 2485.560961][T32299] loop8: detected capacity change from 0 to 1024
[ 2485.569507][T32299] EXT4-fs: Ignoring removed orlov option
[ 2485.614040][   T30] audit: type=1326 audit(2000000562.759:6984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32291 comm="syz.8.8237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d9cb8ebe9 code=0x7ffc0000
[ 2485.681557][   T30] audit: type=1326 audit(2000000562.759:6985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32291 comm="syz.8.8237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=107 compat=0 ip=0x7f5d9cb8ebe9 code=0x7ffc0000
[ 2485.779073][   T30] audit: type=1326 audit(2000000562.759:6986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32291 comm="syz.8.8237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d9cb8ebe9 code=0x7ffc0000
[ 2485.782348][T32305] netlink: 24 bytes leftover after parsing attributes in process `syz.9.8241'.
[ 2485.801976][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2485.885386][   T30] audit: type=1326 audit(2000000562.759:6987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32291 comm="syz.8.8237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d9cb8ebe9 code=0x7ffc0000
[ 2486.005137][T32299] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 2486.043038][   T30] audit: type=1326 audit(2000000562.759:6988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32291 comm="syz.8.8237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5d9cb8ebe9 code=0x7ffc0000
[ 2486.099015][   T30] audit: type=1326 audit(2000000562.759:6989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32291 comm="syz.8.8237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d9cb8ebe9 code=0x7ffc0000
[ 2486.123250][   T30] audit: type=1326 audit(2000000562.759:6990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32291 comm="syz.8.8237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d9cb8ebe9 code=0x7ffc0000
[ 2486.153736][   T30] audit: type=1326 audit(2000000562.759:6991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32291 comm="syz.8.8237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f5d9cb8ebe9 code=0x7ffc0000
[ 2486.396745][   T30] audit: type=1326 audit(2000000562.759:6992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32291 comm="syz.8.8237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f5d9cb8ec23 code=0x7ffc0000
[ 2487.052442][T32322] netlink: 44 bytes leftover after parsing attributes in process `syz.9.8245'.
[ 2487.328633][T24365] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2487.734248][T32339] loop0: detected capacity change from 0 to 128
[ 2487.762906][T32339] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[ 2487.878653][T32339] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[ 2487.973604][T32346] loop2: detected capacity change from 0 to 1024
[ 2488.063952][T32346] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 2488.237670][T32332] netlink: 4 bytes leftover after parsing attributes in process `syz.6.8250'.
[ 2488.264393][T32350] loop9: detected capacity change from 0 to 2048
[ 2488.406091][T32350] Alternate GPT is invalid, using primary GPT.
[ 2488.437984][T32350]  loop9: p2 p3 p7
[ 2488.906367][T23856] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2488.976502][T32370] usb usb5: usbfs: process 32370 (syz.9.8265) did not claim interface 0 before use
[ 2489.085213][T32374] netlink: 14 bytes leftover after parsing attributes in process `syz.0.8267'.
[ 2489.298563][T32380] netlink: 52 bytes leftover after parsing attributes in process `syz.6.8269'.
[ 2489.321445][T32380] netlink: 12 bytes leftover after parsing attributes in process `syz.6.8269'.
[ 2489.346387][T32380] netlink: 52 bytes leftover after parsing attributes in process `syz.6.8269'.
[ 2489.370517][T32380] netlink: 12 bytes leftover after parsing attributes in process `syz.6.8269'.
[ 2489.412673][T32380] netlink: 52 bytes leftover after parsing attributes in process `syz.6.8269'.
[ 2489.487881][T32385] loop0: detected capacity change from 0 to 128
[ 2489.524728][T32385] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[ 2489.576453][T32385] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[ 2489.803994][T32393] loop7: detected capacity change from 0 to 256
[ 2489.812812][T32391] loop2: detected capacity change from 0 to 128
[ 2489.842303][T32391] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1)
[ 2489.861487][T32393] FAT-fs (loop7): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1)
[ 2490.010663][T32391] FAT-fs (loop2): FAT read failed (blocknr 128)
[ 2490.275971][T32405] loop0: detected capacity change from 0 to 2048
[ 2490.318475][T32408] loop8: detected capacity change from 0 to 512
[ 2490.327059][T32409] usb usb5: usbfs: process 32409 (syz.2.8282) did not claim interface 0 before use
[ 2490.385441][T32408] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 2490.411594][T32405] Alternate GPT is invalid, using primary GPT.
[ 2490.426083][T32408] ext4 filesystem being mounted at /419/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[ 2490.444997][T32414] netlink: 44 bytes leftover after parsing attributes in process `syz.2.8284'.
[ 2490.466923][T32405]  loop0: p2 p3 p7
[ 2490.618295][T32419] loop2: detected capacity change from 0 to 512
[ 2490.703714][T32408] loop8: detected capacity change from 512 to 0
[ 2490.722488][T32423] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2490.734185][T32419] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 2490.810319][T32419] ext4 filesystem being mounted at /511/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 2490.843387][    C0] I/O error, dev loop8, sector 0 op 0x1:(WRITE) flags 0x3800 phys_seg 1 prio class 2
[ 2490.853139][    C0] I/O error, dev loop8, sector 0 op 0x1:(WRITE) flags 0x3800 phys_seg 1 prio class 2
[ 2490.863402][    C0] buffer_io_error: 43 callbacks suppressed
[ 2490.863425][    C0] Buffer I/O error on dev loop8, logical block 0, lost sync page write
[ 2490.877968][T32423] EXT4-fs (loop8): I/O error while writing superblock
[ 2490.935136][    C0] I/O error, dev loop8, sector 48 op 0x1:(WRITE) flags 0x3800 phys_seg 1 prio class 2
[ 2490.945736][    C0] Buffer I/O error on dev loop8, logical block 12, lost sync page write
[ 2490.967365][T32419] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #2: comm syz.2.8285: corrupted inode contents
[ 2491.000514][T32419] EXT4-fs error (device loop2): ext4_dirty_inode:6538: inode #2: comm syz.2.8285: mark_inode_dirty error
[ 2491.040340][   T30] kauditd_printk_skb: 52 callbacks suppressed
[ 2491.040370][   T30] audit: type=1326 audit(2000000568.269:7045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32432 comm="syz.0.8287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f879e38ebe9 code=0x7ffc0000
[ 2491.069896][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2491.149346][T32419] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #2: comm syz.2.8285: corrupted inode contents
[ 2491.231500][T32419] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #2: comm syz.2.8285: mark_inode_dirty error
[ 2491.238579][   T30] audit: type=1326 audit(2000000568.349:7046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32432 comm="syz.0.8287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f879e38ebe9 code=0x7ffc0000
[ 2491.272929][   T30] audit: type=1326 audit(2000000568.399:7047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32432 comm="syz.0.8287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f879e38ebe9 code=0x7ffc0000
[ 2491.318978][   T30] audit: type=1326 audit(2000000568.399:7048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32432 comm="syz.0.8287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f879e38ebe9 code=0x7ffc0000
[ 2491.445313][T32439] netlink: 57 bytes leftover after parsing attributes in process `syz.6.8286'.
[ 2491.958359][   T30] audit: type=1326 audit(2000000568.399:7049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32432 comm="syz.0.8287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f879e38ebe9 code=0x7ffc0000
[ 2492.140198][   T30] audit: type=1326 audit(2000000568.399:7050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32432 comm="syz.0.8287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f879e38ebe9 code=0x7ffc0000
[ 2492.212654][T23856] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2492.228278][T32446] loop7: detected capacity change from 0 to 256
[ 2492.296557][T32446] FAT-fs (loop7): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1)
[ 2492.349568][   T30] audit: type=1326 audit(2000000568.409:7051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32432 comm="syz.0.8287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f879e38ebe9 code=0x7ffc0000
[ 2492.533056][   T30] audit: type=1326 audit(2000000568.409:7052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32432 comm="syz.0.8287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f879e38ebe9 code=0x7ffc0000
[ 2492.721334][   T30] audit: type=1326 audit(2000000568.419:7053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32432 comm="syz.0.8287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f879e38ebe9 code=0x7ffc0000
[ 2492.897255][   T30] audit: type=1326 audit(2000000568.419:7054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32432 comm="syz.0.8287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f879e38ebe9 code=0x7ffc0000
[ 2493.056495][T32455] netlink: 44 bytes leftover after parsing attributes in process `syz.9.8298'.
[ 2493.113060][T32456] netlink: 12 bytes leftover after parsing attributes in process `syz.7.8297'.
[ 2493.436925][T32458] netlink: 'syz.0.8299': attribute type 4 has an invalid length.
[ 2493.510879][T24080] lo speed is unknown, defaulting to 1000
[ 2493.520553][T24080] syz0: Port: 1 Link DOWN
[ 2493.645951][T32466] usb usb5: usbfs: process 32466 (syz.6.8303) did not claim interface 0 before use
[ 2493.806001][T32472] loop7: detected capacity change from 0 to 128
[ 2493.908589][T32472] FAT-fs (loop7): Directory bread(block 32) failed
[ 2493.915337][T32472] FAT-fs (loop7): Directory bread(block 33) failed
[ 2493.992027][T32472] FAT-fs (loop7): Directory bread(block 34) failed
[ 2494.030813][T32472] FAT-fs (loop7): Directory bread(block 35) failed
[ 2494.073194][T32472] FAT-fs (loop7): Directory bread(block 36) failed
[ 2494.103138][T32485] netlink: 'syz.9.8307': attribute type 3 has an invalid length.
[ 2494.106525][T32472] FAT-fs (loop7): Directory bread(block 37) failed
[ 2494.155578][T32472] FAT-fs (loop7): Directory bread(block 38) failed
[ 2494.168746][T32486] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 2494.193502][T32472] FAT-fs (loop7): Directory bread(block 39) failed
[ 2494.202259][T32478] bridge0: entered promiscuous mode
[ 2494.231882][T32478] macvtap1: entered allmulticast mode
[ 2494.256217][T32472] FAT-fs (loop7): Directory bread(block 40) failed
[ 2494.276006][T32478] bridge0: entered allmulticast mode
[ 2494.286356][T32472] FAT-fs (loop7): Directory bread(block 41) failed
[ 2494.306073][T32478] bridge0: port 3(macvtap1) entered blocking state
[ 2494.348349][T32478] bridge0: port 3(macvtap1) entered disabled state
[ 2494.450760][T32478] bridge0: left allmulticast mode
[ 2494.456081][T32478] bridge0: left promiscuous mode
[ 2494.775138][T32472] syz.7.8302: attempt to access beyond end of device
[ 2494.775138][T32472] loop7: rw=0, sector=4112, nr_sectors = 4 limit=128
[ 2494.838862][T32472] Buffer I/O error on dev loop7, logical block 1028, async page read
[ 2494.874016][T32472] syz.7.8302: attempt to access beyond end of device
[ 2494.874016][T32472] loop7: rw=0, sector=167964, nr_sectors = 4 limit=128
[ 2494.938369][T32472] Buffer I/O error on dev loop7, logical block 41991, async page read
[ 2494.977013][T32472] FAT-fs (loop7): Filesystem has been set read-only
[ 2495.025674][T32469] syz.7.8302: attempt to access beyond end of device
[ 2495.025674][T32469] loop7: rw=0, sector=4112, nr_sectors = 4 limit=128
[ 2495.110661][T32469] Buffer I/O error on dev loop7, logical block 1028, async page read
[ 2495.137988][T32469] syz.7.8302: attempt to access beyond end of device
[ 2495.137988][T32469] loop7: rw=0, sector=167964, nr_sectors = 4 limit=128
[ 2495.162576][T32469] Buffer I/O error on dev loop7, logical block 41991, async page read
[ 2495.189682][T32472] syz.7.8302: attempt to access beyond end of device
[ 2495.189682][T32472] loop7: rw=0, sector=4112, nr_sectors = 4 limit=128
[ 2495.215713][T32472] Buffer I/O error on dev loop7, logical block 1028, async page read
[ 2495.236993][T32472] syz.7.8302: attempt to access beyond end of device
[ 2495.236993][T32472] loop7: rw=0, sector=167964, nr_sectors = 4 limit=128
[ 2495.312812][T32472] Buffer I/O error on dev loop7, logical block 41991, async page read
[ 2495.321963][T32469] syz.7.8302: attempt to access beyond end of device
[ 2495.321963][T32469] loop7: rw=0, sector=4112, nr_sectors = 4 limit=128
[ 2495.335580][T32469] Buffer I/O error on dev loop7, logical block 1028, async page read
[ 2495.344218][T32469] syz.7.8302: attempt to access beyond end of device
[ 2495.344218][T32469] loop7: rw=0, sector=167964, nr_sectors = 4 limit=128
[ 2495.360204][T32469] Buffer I/O error on dev loop7, logical block 41991, async page read
[ 2495.368951][T32472] syz.7.8302: attempt to access beyond end of device
[ 2495.368951][T32472] loop7: rw=0, sector=4112, nr_sectors = 4 limit=128
[ 2495.383939][T32472] syz.7.8302: attempt to access beyond end of device
[ 2495.383939][T32472] loop7: rw=0, sector=167964, nr_sectors = 4 limit=128
[ 2495.566461][T32517] loop0: detected capacity change from 0 to 1024
[ 2495.648125][T32517] EXT4-fs: Ignoring removed oldalloc option
[ 2495.702339][T32517] EXT4-fs: Ignoring removed bh option
[ 2495.811233][T32517] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 2495.859815][T32472] buffer_io_error: 555 callbacks suppressed
[ 2495.859845][T32472] Buffer I/O error on dev loop7, logical block 41991, async page read
[ 2495.996908][T32525] netlink: 57 bytes leftover after parsing attributes in process `syz.8.8316'.
[ 2496.817168][T28577] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2497.115800][T32531] 9pnet_fd: Insufficient options for proto=fd
[ 2497.808046][T32541] loop9: detected capacity change from 0 to 128
[ 2497.849542][T32541] FAT-fs (loop9): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[ 2497.949649][T32541] FAT-fs (loop9): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[ 2498.276372][T32549] netlink: 44 bytes leftover after parsing attributes in process `syz.7.8330'.
[ 2498.543055][T32553] loop0: detected capacity change from 0 to 8192
[ 2498.615248][   T30] kauditd_printk_skb: 40 callbacks suppressed
[ 2498.615278][   T30] audit: type=1326 audit(2000000575.839:7095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32559 comm="syz.9.8331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2498.661469][T32553] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000e1b1)
[ 2498.680113][T32553] FAT-fs (loop0): Filesystem has been set read-only
[ 2498.732223][   T30] audit: type=1326 audit(2000000575.839:7096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32559 comm="syz.9.8331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2498.844763][   T30] audit: type=1326 audit(2000000575.879:7097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32559 comm="syz.9.8331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=23 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2498.897179][   T30] audit: type=1326 audit(2000000575.879:7098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32559 comm="syz.9.8331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2498.989863][   T30] audit: type=1326 audit(2000000575.889:7099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32559 comm="syz.9.8331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2499.003526][T32568] 9pnet_fd: Insufficient options for proto=fd
[ 2499.097199][   T30] audit: type=1326 audit(2000000575.889:7100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32559 comm="syz.9.8331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2499.171790][   T30] audit: type=1326 audit(2000000575.889:7101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32559 comm="syz.9.8331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2499.273874][   T30] audit: type=1326 audit(2000000575.889:7102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32559 comm="syz.9.8331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2499.406737][   T30] audit: type=1326 audit(2000000575.909:7103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32559 comm="syz.9.8331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2499.503393][   T30] audit: type=1326 audit(2000000575.909:7104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32559 comm="syz.9.8331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2499.696141][T32580] loop0: detected capacity change from 0 to 512
[ 2499.711334][T32580] EXT4-fs: Ignoring removed mblk_io_submit option
[ 2499.719401][T32580] ext4: Unknown parameter 'obj_type'
[ 2499.962034][T32580] lo speed is unknown, defaulting to 1000
[ 2499.983573][T32580] lo speed is unknown, defaulting to 1000
[ 2500.909444][T32599] usb usb5: usbfs: process 32599 (syz.7.8346) did not claim interface 0 before use
[ 2501.185723][T32603] loop2: detected capacity change from 0 to 512
[ 2501.200796][T32602] netlink: 'syz.9.8348': attribute type 4 has an invalid length.
[ 2501.268218][T32603] EXT4-fs error (device loop2): ext4_validate_block_bitmap:440: comm syz.2.8349: bg 0: block 131: padding at end of block bitmap is not set
[ 2501.287401][T32603] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6657: Corrupt filesystem
[ 2501.407656][T32603] EXT4-fs (loop2): 1 truncate cleaned up
[ 2501.419113][T32603] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 2502.006884][T14788] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[ 2502.166780][T14788] usb 7-1: device descriptor read/64, error -71
[ 2502.417081][T14788] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[ 2502.883976][T32630] loop7: detected capacity change from 0 to 512
[ 2502.906735][T32630] EXT4-fs: Ignoring removed mblk_io_submit option
[ 2502.914381][T32630] ext4: Unknown parameter 'obj_type'
[ 2502.987819][T14788] usb 7-1: device descriptor read/64, error -71
[ 2503.101081][T14788] usb usb7-port1: attempt power cycle
[ 2503.456840][T14788] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[ 2503.506140][T14788] usb 7-1: device descriptor read/8, error -71
[ 2503.570352][T32627] veth0_to_team: entered promiscuous mode
[ 2503.580965][T23856] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2503.788376][T32630] lo speed is unknown, defaulting to 1000
[ 2503.796115][T32630] lo speed is unknown, defaulting to 1000
[ 2504.117204][T14788] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[ 2504.148335][T32642] usb usb5: usbfs: process 32642 (syz.0.8362) did not claim interface 0 before use
[ 2504.272365][T14788] usb 7-1: device descriptor read/8, error -71
[ 2504.567036][T14788] usb usb7-port1: unable to enumerate USB device
[ 2504.753098][T32652] loop7: detected capacity change from 0 to 512
[ 2504.811423][T32652] EXT4-fs error (device loop7): ext4_validate_block_bitmap:440: comm syz.7.8366: bg 0: block 131: padding at end of block bitmap is not set
[ 2504.858778][T32658] netlink: 'syz.6.8368': attribute type 3 has an invalid length.
[ 2504.918437][T32652] EXT4-fs error (device loop7) in ext4_mb_clear_bb:6657: Corrupt filesystem
[ 2504.964624][T32652] EXT4-fs (loop7): 1 truncate cleaned up
[ 2504.975024][T32660] loop9: detected capacity change from 0 to 512
[ 2504.978786][T32652] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 2505.030422][T32662] capability: warning: `syz.8.8369' uses 32-bit capabilities (legacy support in use)
[ 2505.041429][T32660] EXT4-fs (loop9): feature flags set on rev 0 fs, running e2fsck is recommended
[ 2505.104613][T32660] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 2505.193363][T30804] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2505.337465][T25058] EXT4-fs warning (device loop9): ext4_update_dynamic_rev:1125: updating to rev 1 because of new feature flag, running e2fsck is recommended
[ 2505.370604][T25058] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2505.608081][T32679] usb usb5: usbfs: process 32679 (syz.0.8377) did not claim interface 0 before use
[ 2505.726343][T32684] loop7: detected capacity change from 0 to 512
[ 2505.784171][T32684] EXT4-fs (loop7): orphan cleanup on readonly fs
[ 2505.819632][T32684] EXT4-fs error (device loop7): ext4_orphan_get:1418: comm syz.7.8378: bad orphan inode 13
[ 2505.906686][T32684] ext4_test_bit(bit=12, block=18) = 1
[ 2505.953022][T32684] is_bad_inode(inode)=0
[ 2505.977296][T32684] NEXT_ORPHAN(inode)=2130706432
[ 2505.982203][T32684] max_ino=32
[ 2506.025847][T32684] i_nlink=1
[ 2506.052972][T32684] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[ 2506.167101][T32684] EXT4-fs (loop7): warning: mounting fs with errors, running e2fsck is recommended
[ 2506.306566][T32696] loop6: detected capacity change from 0 to 512
[ 2506.322149][T32696] EXT4-fs: Ignoring removed mblk_io_submit option
[ 2506.330180][T32696] ext4: Unknown parameter 'obj_type'
[ 2506.558936][T32696] lo speed is unknown, defaulting to 1000
[ 2506.579905][T32696] lo speed is unknown, defaulting to 1000
[ 2506.985967][T32697] EXT4-fs error (device loop7): ext4_lookup:1789: inode #2: comm syz.7.8378: deleted inode referenced: 12
[ 2507.240171][T32684] EXT4-fs error (device loop7): ext4_validate_block_bitmap:440: comm syz.7.8378: bg 0: block 248: padding at end of block bitmap is not set
[ 2507.308626][T32684] __quota_error: 1 callbacks suppressed
[ 2507.308655][T32684] Quota error (device loop7): write_blk: dquota write failed
[ 2507.380101][T32684] Quota error (device loop7): qtree_write_dquot: Error -117 occurred while creating quota
[ 2507.417608][T32711] loop0: detected capacity change from 0 to 512
[ 2507.425788][T32684] EXT4-fs error (device loop7): ext4_acquire_dquot:6935: comm syz.7.8378: Failed to acquire dquot type 1
[ 2507.467571][T32684] EXT4-fs warning (device loop7): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[ 2507.617879][T32711] EXT4-fs error (device loop0): ext4_validate_block_bitmap:440: comm syz.0.8386: bg 0: block 131: padding at end of block bitmap is not set
[ 2507.662075][T32714] netlink: 52 bytes leftover after parsing attributes in process `syz.2.8387'.
[ 2507.700180][T32714] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8387'.
[ 2507.716750][T32711] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6657: Corrupt filesystem
[ 2507.746773][T32714] netlink: 52 bytes leftover after parsing attributes in process `syz.2.8387'.
[ 2507.761400][T32711] EXT4-fs (loop0): 1 truncate cleaned up
[ 2507.807922][T32714] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8387'.
[ 2507.822269][T32711] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 2508.465179][T32714] netlink: 52 bytes leftover after parsing attributes in process `syz.2.8387'.
[ 2508.498825][T32720] lo speed is unknown, defaulting to 1000
[ 2508.507879][T32720] lo speed is unknown, defaulting to 1000
[ 2508.519040][T32720] lo speed is unknown, defaulting to 1000
[ 2508.786452][T32720] infiniband s
z1: set active
[ 2508.794851][T32720] infiniband s
z1: added lo
[ 2508.802524][T32720] s
z1: rxe_create_cq: returned err = -12
[ 2508.808472][T32720] infiniband s
z1: Couldn't create ib_mad CQ
[ 2508.815567][T32720] infiniband s
z1: Couldn't open port 1
[ 2508.855262][T32720] RDS/IB: s
z1: added
[ 2508.860751][T32720] smc: adding ib device s
z1 with port count 1
[ 2508.867110][T32720] smc:    ib device s
z1 port 1 has pnetid 
[ 2508.874152][ T5944] lo speed is unknown, defaulting to 1000
[ 2508.880639][T28577] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2508.882345][T32720] lo speed is unknown, defaulting to 1000
[ 2508.924116][T30804] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2509.260429][ T5944] lo speed is unknown, defaulting to 1000
[ 2509.283620][T32720] lo speed is unknown, defaulting to 1000
[ 2509.527728][T32734] 9pnet_fd: Insufficient options for proto=fd
[ 2509.539385][T32720] lo speed is unknown, defaulting to 1000
[ 2509.794078][T32720] lo speed is unknown, defaulting to 1000
[ 2510.048818][T32720] lo speed is unknown, defaulting to 1000
[ 2510.085747][   T30] audit: type=1326 audit(2000000587.299:7106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32737 comm="syz.9.8393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2510.314171][T32720] lo speed is unknown, defaulting to 1000
[ 2510.331920][   T30] audit: type=1326 audit(2000000587.299:7107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32737 comm="syz.9.8393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2510.589094][   T30] audit: type=1326 audit(2000000587.309:7108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32737 comm="syz.9.8393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2510.745085][   T30] audit: type=1326 audit(2000000587.309:7109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32737 comm="syz.9.8393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2510.770914][   T30] audit: type=1326 audit(2000000587.309:7110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32737 comm="syz.9.8393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2510.838966][   T30] audit: type=1326 audit(2000000587.309:7111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32737 comm="syz.9.8393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2510.897238][T32747] netlink: 4 bytes leftover after parsing attributes in process `syz.7.8395'.
[ 2510.906332][   T30] audit: type=1326 audit(2000000587.309:7112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32737 comm="syz.9.8393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2511.249477][   T30] audit: type=1326 audit(2000000587.309:7113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32737 comm="syz.9.8393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2fa78ebe9 code=0x7ffc0000
[ 2511.804254][T32756] lo speed is unknown, defaulting to 1000
[ 2511.827458][T32756] lo speed is unknown, defaulting to 1000
[ 2511.873275][T32756] lo speed is unknown, defaulting to 1000
[ 2512.046142][T32742] netlink: 464 bytes leftover after parsing attributes in process `syz.7.8395'.
[ 2512.145340][T32754] loop6: detected capacity change from 0 to 512
[ 2512.237676][T32754] EXT4-fs error (device loop6): ext4_validate_block_bitmap:440: comm syz.6.8401: bg 0: block 131: padding at end of block bitmap is not set
[ 2512.326862][T32754] EXT4-fs error (device loop6) in ext4_mb_clear_bb:6657: Corrupt filesystem
[ 2512.392722][T32754] EXT4-fs (loop6): 1 truncate cleaned up
[ 2512.413777][T32764] usb usb5: usbfs: process 32764 (syz.0.8402) did not claim interface 0 before use
[ 2512.443327][T32754] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 2512.814880][  T301] siw: device registration error -23
[ 2512.944603][T31397] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2512.970769][  T307] loop2: detected capacity change from 0 to 512
[ 2513.074594][  T307] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[ 2513.247932][  T307] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842e02c, mo2=0002]
[ 2513.307488][  T307] EXT4-fs (loop2): orphan cleanup on readonly fs
[ 2513.386733][  T307] EXT4-fs error (device loop2): ext4_validate_block_bitmap:440: comm syz.2.8406: bg 0: block 361: padding at end of block bitmap is not set
[ 2513.407296][  T312] loop9: detected capacity change from 0 to 1024
[ 2513.467267][  T307] EXT4-fs (loop2): Remounting filesystem read-only
[ 2513.528006][  T307] EXT4-fs (loop2): 1 truncate cleaned up
[ 2513.535793][  T307] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[ 2513.803775][  T312] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 2513.911154][  T322] rdma_rxe: rxe_newlink: failed to add lo
[ 2514.433078][   T30] kauditd_printk_skb: 15 callbacks suppressed
[ 2514.433106][   T30] audit: type=1800 audit(2000000591.659:7129): pid=312 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.8410" name="file1" dev="loop9" ino=15 res=0 errno=0
[ 2514.679094][T23856] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[ 2514.928910][   T30] audit: type=1326 audit(2000000592.149:7130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=329 comm="syz.8.8414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d9cb8ebe9 code=0x7ffc0000
[ 2515.018098][   T30] audit: type=1326 audit(2000000592.179:7131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=329 comm="syz.8.8414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5d9cb8ebe9 code=0x7ffc0000
[ 2515.093404][  T337] bridge0: entered promiscuous mode
[ 2515.129463][  T337] macvtap1: entered allmulticast mode
[ 2515.155427][  T337] bridge0: entered allmulticast mode
[ 2515.161581][   T30] audit: type=1326 audit(2000000592.179:7132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=329 comm="syz.8.8414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d9cb8ebe9 code=0x7ffc0000
[ 2515.210944][  T337] bridge0: port 1(macvtap1) entered blocking state
[ 2515.234354][   T30] audit: type=1326 audit(2000000592.179:7133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=329 comm="syz.8.8414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d9cb8ebe9 code=0x7ffc0000
[ 2515.274452][  T337] bridge0: port 1(macvtap1) entered disabled state
[ 2515.326405][   T30] audit: type=1326 audit(2000000592.179:7134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=329 comm="syz.8.8414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f5d9cb8ebe9 code=0x7ffc0000
[ 2515.383077][T25406] ==================================================================
[ 2515.391295][T25406] BUG: KASAN: use-after-free in ext4_find_extent+0xa36/0xa70
[ 2515.398715][T25406] Read of size 4 at addr ffff8880126e18cc by task kworker/u8:8/25406
[ 2515.406793][T25406] 
[ 2515.409127][T25406] CPU: 1 UID: 0 PID: 25406 Comm: kworker/u8:8 Not tainted syzkaller #0 PREEMPT(full) 
[ 2515.409171][T25406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2515.409198][T25406] Workqueue: writeback wb_workfn (flush-7:9)
[ 2515.409259][T25406] Call Trace:
[ 2515.409271][T25406]  <TASK>
[ 2515.409284][T25406]  dump_stack_lvl+0x116/0x1f0
[ 2515.409337][T25406]  print_report+0xcd/0x630
[ 2515.409369][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2515.409413][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2515.409456][T25406]  ? __phys_addr+0xe8/0x180
[ 2515.409507][T25406]  ? ext4_find_extent+0xa36/0xa70
[ 2515.409554][T25406]  kasan_report+0xe0/0x110
[ 2515.409588][T25406]  ? ext4_find_extent+0xa36/0xa70
[ 2515.409641][T25406]  ext4_find_extent+0xa36/0xa70
[ 2515.409693][T25406]  ext4_ext_map_blocks+0x290/0x5fe0
[ 2515.409748][T25406]  ? ret_from_fork_asm+0x1a/0x30
[ 2515.409796][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2515.409838][T25406]  ? stack_trace_save+0x8e/0xc0
[ 2515.409897][T25406]  ? __pfx_stack_trace_save+0x10/0x10
[ 2515.409944][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2515.409990][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2515.410033][T25406]  ? __pfx_ext4_ext_map_blocks+0x10/0x10
[ 2515.410088][T25406]  ? ext4_do_writepages+0x167b/0x3cf0
[ 2515.410137][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2515.410182][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2515.410226][T25406]  ? __pfx___might_resched+0x10/0x10
[ 2515.410278][T25406]  ? __pfx_down_write+0x10/0x10
[ 2515.410332][T25406]  ? ext4_es_lookup_extent+0xc7/0xc50
[ 2515.410395][T25406]  ext4_map_blocks+0x570/0x1400
[ 2515.410437][T25406]  ? __pfx_ext4_map_blocks+0x10/0x10
[ 2515.410475][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2515.410517][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2515.410566][T25406]  ? kmem_cache_alloc_noprof+0x21e/0x3b0
[ 2515.410626][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2515.410669][T25406]  ? ext4_ext_index_trans_blocks+0x159/0x190
[ 2515.410719][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2515.410761][T25406]  ? __ext4_journal_ensure_credits+0x25e/0x2f0
[ 2515.410809][T25406]  ext4_do_writepages+0x1ffa/0x3cf0
[ 2515.410857][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2515.410924][T25406]  ? __pfx_ext4_do_writepages+0x10/0x10
[ 2515.410974][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2515.411024][T25406]  ? ext4_writepages+0x37a/0x7d0
[ 2515.411066][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2515.411108][T25406]  ext4_writepages+0x37a/0x7d0
[ 2515.411153][T25406]  ? __pfx_ext4_writepages+0x10/0x10
[ 2515.411196][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2515.411238][T25406]  ? __lock_acquire+0x62e/0x1ce0
[ 2515.411302][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2515.411344][T25406]  ? __lock_acquire+0xb97/0x1ce0
[ 2515.411400][T25406]  ? __pfx_ext4_writepages+0x10/0x10
[ 2515.411446][T25406]  do_writepages+0x27a/0x600
[ 2515.411496][T25406]  ? __pfx_do_writepages+0x10/0x10
[ 2515.411539][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2515.411581][T25406]  ? reacquire_held_locks+0xcd/0x1f0
[ 2515.411637][T25406]  ? writeback_sb_inodes+0x3b0/0xfa0
[ 2515.411687][T25406]  __writeback_single_inode+0x160/0xfb0
[ 2515.411737][T25406]  ? __pfx___writeback_single_inode+0x10/0x10
[ 2515.411784][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2515.411826][T25406]  ? do_raw_spin_unlock+0x172/0x230
[ 2515.411872][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2515.411918][T25406]  writeback_sb_inodes+0x60d/0xfa0
[ 2515.411976][T25406]  ? __pfx_writeback_sb_inodes+0x10/0x10
[ 2515.412057][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2515.412099][T25406]  ? rcu_is_watching+0x12/0xc0
[ 2515.412143][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2515.412186][T25406]  ? queue_io+0x3f6/0x520
[ 2515.412227][T25406]  wb_writeback+0x419/0xb70
[ 2515.412278][T25406]  ? __pfx_wb_writeback+0x10/0x10
[ 2515.412322][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2515.412371][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2515.412414][T25406]  ? mark_held_locks+0x49/0x80
[ 2515.412472][T25406]  wb_workfn+0x14d/0xbe0
[ 2515.412522][T25406]  ? try_to_wake_up+0x160/0x1870
[ 2515.412564][T25406]  ? __pfx_wb_workfn+0x10/0x10
[ 2515.412613][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2515.412658][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2515.412703][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2515.412746][T25406]  ? rcu_is_watching+0x12/0xc0
[ 2515.412793][T25406]  process_one_work+0x9cf/0x1b70
[ 2515.412839][T25406]  ? __pfx_nsim_dev_trap_report_work+0x10/0x10
[ 2515.412942][T25406]  ? __pfx_process_one_work+0x10/0x10
[ 2515.412981][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2515.413030][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2515.413072][T25406]  ? assign_work+0x1a0/0x250
[ 2515.413108][T25406]  worker_thread+0x6c8/0xf10
[ 2515.413151][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2515.413195][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2515.413238][T25406]  ? __kthread_parkme+0x19e/0x250
[ 2515.413289][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2515.413333][T25406]  ? __pfx_worker_thread+0x10/0x10
[ 2515.413372][T25406]  kthread+0x3c5/0x780
[ 2515.413406][T25406]  ? __pfx_kthread+0x10/0x10
[ 2515.413441][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2515.413484][T25406]  ? rcu_is_watching+0x12/0xc0
[ 2515.413528][T25406]  ? __pfx_kthread+0x10/0x10
[ 2515.413563][T25406]  ret_from_fork+0x5d7/0x6f0
[ 2515.413596][T25406]  ? __pfx_kthread+0x10/0x10
[ 2515.413630][T25406]  ret_from_fork_asm+0x1a/0x30
[ 2515.413686][T25406]  </TASK>
[ 2515.413698][T25406] 
[ 2515.939427][T25406] The buggy address belongs to the physical page:
[ 2515.945839][T25406] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x26f pfn:0x126e1
[ 2515.954792][T25406] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 2515.962110][T25406] raw: 00fff00000000000 ffffea0002e16508 ffffea000049b808 0000000000000000
[ 2515.970720][T25406] raw: 000000000000026f 0000000000000000 00000000ffffffff 0000000000000000
[ 2515.979308][T25406] page dumped because: kasan: bad access detected
[ 2515.985712][T25406] page_owner tracks the page as freed
[ 2515.991066][T25406] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 317, tgid 315 (syz.8.8411), ts 2513579614652, free_ts 2514677893529
[ 2516.008910][T25406]  post_alloc_hook+0x1c0/0x230
[ 2516.013843][T25406]  get_page_from_freelist+0x132b/0x38e0
[ 2516.019456][T25406]  __alloc_frozen_pages_noprof+0x261/0x23f0
[ 2516.025435][T25406]  alloc_pages_mpol+0x1fb/0x550
[ 2516.030655][T25406]  folio_alloc_mpol_noprof+0x36/0x2f0
[ 2516.036055][T25406]  shmem_alloc_folio+0x135/0x160
[ 2516.041027][T25406]  shmem_alloc_and_add_folio+0x499/0xc20
[ 2516.046713][T25406]  shmem_get_folio_gfp+0x67f/0x1600
[ 2516.051947][T25406]  shmem_fault+0x1fe/0xa30
[ 2516.056443][T25406]  __do_fault+0x10d/0x490
[ 2516.060921][T25406]  do_pte_missing+0xf50/0x3ba0
[ 2516.065809][T25406]  __handle_mm_fault+0x152a/0x2a50
[ 2516.070958][T25406]  handle_mm_fault+0x589/0xd10
[ 2516.075837][T25406]  __get_user_pages+0x551/0x34a0
[ 2516.080817][T25406]  populate_vma_page_range+0x267/0x3f0
[ 2516.086442][T25406]  __mm_populate+0x1d8/0x380
[ 2516.091148][T25406] page last free pid 323 tgid 315 stack trace:
[ 2516.097402][T25406]  free_unref_folios+0xa61/0x16b0
[ 2516.102598][T25406]  folios_put_refs+0x56f/0x740
[ 2516.107427][T25406]  shmem_undo_range+0x58f/0x1150
[ 2516.112647][T25406]  shmem_evict_inode+0x3a1/0xbe0
[ 2516.117653][T25406]  evict+0x3e6/0x920
[ 2516.121571][T25406]  iput+0x521/0x880
[ 2516.125681][T25406]  dentry_unlink_inode+0x29c/0x480
[ 2516.130853][T25406]  __dentry_kill+0x1d0/0x600
[ 2516.135522][T25406]  dput.part.0+0x4b1/0x9b0
[ 2516.139990][T25406]  dput+0x1f/0x30
[ 2516.143648][T25406]  __fput+0x51c/0xb70
[ 2516.147651][T25406]  task_work_run+0x150/0x240
[ 2516.152283][T25406]  do_exit+0x86f/0x2bf0
[ 2516.156484][T25406]  do_group_exit+0xd3/0x2a0
[ 2516.161144][T25406]  get_signal+0x2673/0x26d0
[ 2516.165785][T25406]  arch_do_signal_or_restart+0x8f/0x7d0
[ 2516.171397][T25406] 
[ 2516.173725][T25406] Memory state around the buggy address:
[ 2516.179451][T25406]  ffff8880126e1780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2516.187633][T25406]  ffff8880126e1800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2516.195697][T25406] >ffff8880126e1880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2516.203758][T25406]                                               ^
[ 2516.210187][T25406]  ffff8880126e1900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2516.218286][T25406]  ffff8880126e1980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2516.226345][T25406] ==================================================================
[ 2516.276495][   T30] audit: type=1326 audit(2000000592.179:7135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=329 comm="syz.8.8414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d9cb8ebe9 code=0x7ffc0000
[ 2516.322587][   T30] audit: type=1326 audit(2000000592.179:7136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=329 comm="syz.8.8414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d9cb8ebe9 code=0x7ffc0000
[ 2516.376679][   T30] audit: type=1326 audit(2000000592.179:7137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=329 comm="syz.8.8414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5d9cb8ebe9 code=0x7ffc0000
[ 2516.399818][  T337] bridge0: left allmulticast mode
[ 2516.404935][  T337] bridge0: left promiscuous mode
[ 2516.405590][   T30] audit: type=1326 audit(2000000592.179:7138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=329 comm="syz.8.8414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d9cb8ebe9 code=0x7ffc0000
[ 2516.448358][T25406] Disabling lock debugging due to kernel taint
[ 2516.455002][T25406] ==================================================================
[ 2516.463112][T25406] BUG: KASAN: use-after-free in ext4_find_extent+0xa36/0xa70
[ 2516.470648][T25406] Read of size 4 at addr ffff8880126e44ac by task kworker/u8:8/25406
[ 2516.479252][T25406] 
[ 2516.481581][T25406] CPU: 1 UID: 0 PID: 25406 Comm: kworker/u8:8 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[ 2516.481632][T25406] Tainted: [B]=BAD_PAGE
[ 2516.481646][T25406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2516.481673][T25406] Workqueue: writeback wb_workfn (flush-7:9)
[ 2516.481734][T25406] Call Trace:
[ 2516.481746][T25406]  <TASK>
[ 2516.481761][T25406]  dump_stack_lvl+0x116/0x1f0
[ 2516.481813][T25406]  print_report+0xcd/0x630
[ 2516.481844][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2516.481890][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2516.481932][T25406]  ? __phys_addr+0xe8/0x180
[ 2516.481982][T25406]  ? ext4_find_extent+0xa36/0xa70
[ 2516.482028][T25406]  kasan_report+0xe0/0x110
[ 2516.482061][T25406]  ? ext4_find_extent+0xa36/0xa70
[ 2516.482120][T25406]  ext4_find_extent+0xa36/0xa70
[ 2516.482171][T25406]  ext4_ext_map_blocks+0x290/0x5fe0
[ 2516.482226][T25406]  ? ret_from_fork_asm+0x1a/0x30
[ 2516.482275][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2516.482317][T25406]  ? stack_trace_save+0x8e/0xc0
[ 2516.482368][T25406]  ? __pfx_stack_trace_save+0x10/0x10
[ 2516.482416][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2516.482463][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2516.482507][T25406]  ? __pfx_ext4_ext_map_blocks+0x10/0x10
[ 2516.482561][T25406]  ? ext4_do_writepages+0x167b/0x3cf0
[ 2516.482610][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2516.482655][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2516.482700][T25406]  ? __pfx___might_resched+0x10/0x10
[ 2516.482752][T25406]  ? __pfx_down_write+0x10/0x10
[ 2516.482808][T25406]  ? ext4_es_lookup_extent+0xc7/0xc50
[ 2516.482871][T25406]  ext4_map_blocks+0x570/0x1400
[ 2516.482913][T25406]  ? __pfx_ext4_map_blocks+0x10/0x10
[ 2516.482951][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2516.482995][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2516.483037][T25406]  ? kmem_cache_alloc_noprof+0x21e/0x3b0
[ 2516.483102][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2516.483145][T25406]  ? ext4_ext_index_trans_blocks+0x159/0x190
[ 2516.483196][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2516.483239][T25406]  ? __ext4_journal_ensure_credits+0x25e/0x2f0
[ 2516.483287][T25406]  ext4_do_writepages+0x1ffa/0x3cf0
[ 2516.483331][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2516.483393][T25406]  ? __pfx_ext4_do_writepages+0x10/0x10
[ 2516.483442][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2516.483493][T25406]  ? ext4_writepages+0x37a/0x7d0
[ 2516.483535][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2516.483578][T25406]  ext4_writepages+0x37a/0x7d0
[ 2516.483623][T25406]  ? __pfx_ext4_writepages+0x10/0x10
[ 2516.483667][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2516.483710][T25406]  ? __lock_acquire+0x62e/0x1ce0
[ 2516.483777][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2516.483820][T25406]  ? __lock_acquire+0xb97/0x1ce0
[ 2516.483876][T25406]  ? __pfx_ext4_writepages+0x10/0x10
[ 2516.483923][T25406]  do_writepages+0x27a/0x600
[ 2516.483974][T25406]  ? __pfx_do_writepages+0x10/0x10
[ 2516.484018][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2516.484061][T25406]  ? reacquire_held_locks+0xcd/0x1f0
[ 2516.484122][T25406]  ? writeback_sb_inodes+0x3b0/0xfa0
[ 2516.484172][T25406]  __writeback_single_inode+0x160/0xfb0
[ 2516.484222][T25406]  ? __pfx___writeback_single_inode+0x10/0x10
[ 2516.484270][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2516.484313][T25406]  ? do_raw_spin_unlock+0x172/0x230
[ 2516.484351][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2516.484397][T25406]  writeback_sb_inodes+0x60d/0xfa0
[ 2516.484456][T25406]  ? __pfx_writeback_sb_inodes+0x10/0x10
[ 2516.484535][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2516.484577][T25406]  ? rcu_is_watching+0x12/0xc0
[ 2516.484623][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2516.484665][T25406]  ? queue_io+0x3f6/0x520
[ 2516.484706][T25406]  wb_writeback+0x419/0xb70
[ 2516.484757][T25406]  ? __pfx_wb_writeback+0x10/0x10
[ 2516.484802][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2516.484851][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2516.484893][T25406]  ? mark_held_locks+0x49/0x80
[ 2516.484951][T25406]  wb_workfn+0x14d/0xbe0
[ 2516.485001][T25406]  ? try_to_wake_up+0x160/0x1870
[ 2516.485044][T25406]  ? __pfx_wb_workfn+0x10/0x10
[ 2516.485099][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2516.485144][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2516.485189][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2516.485231][T25406]  ? rcu_is_watching+0x12/0xc0
[ 2516.485279][T25406]  process_one_work+0x9cf/0x1b70
[ 2516.485326][T25406]  ? __pfx_nsim_dev_trap_report_work+0x10/0x10
[ 2516.485385][T25406]  ? __pfx_process_one_work+0x10/0x10
[ 2516.485425][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2516.485473][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2516.485515][T25406]  ? assign_work+0x1a0/0x250
[ 2516.485551][T25406]  worker_thread+0x6c8/0xf10
[ 2516.485594][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2516.485638][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2516.485681][T25406]  ? __kthread_parkme+0x19e/0x250
[ 2516.485734][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2516.485778][T25406]  ? __pfx_worker_thread+0x10/0x10
[ 2516.485817][T25406]  kthread+0x3c5/0x780
[ 2516.485851][T25406]  ? __pfx_kthread+0x10/0x10
[ 2516.485886][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2516.485929][T25406]  ? rcu_is_watching+0x12/0xc0
[ 2516.485974][T25406]  ? __pfx_kthread+0x10/0x10
[ 2516.486009][T25406]  ret_from_fork+0x5d7/0x6f0
[ 2516.486041][T25406]  ? __pfx_kthread+0x10/0x10
[ 2516.486076][T25406]  ret_from_fork_asm+0x1a/0x30
[ 2516.486136][T25406]  </TASK>
[ 2516.486148][T25406] 
[ 2517.016220][T25406] The buggy address belongs to the physical page:
[ 2517.022627][T25406] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x3e5 pfn:0x126e4
[ 2517.031562][T25406] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 2517.038847][T25406] page_type: f0(buddy)
[ 2517.042921][T25406] raw: 00fff00000000000 ffffea0001d8ce08 ffffea00012f0088 0000000000000000
[ 2517.051517][T25406] raw: 00000000000003e5 0000000000000000 00000000f0000000 0000000000000000
[ 2517.060211][T25406] page dumped because: kasan: bad access detected
[ 2517.066617][T25406] page_owner tracks the page as freed
[ 2517.071987][T25406] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 303, tgid 302 (syz.7.8407), ts 2513523256396, free_ts 2516257273897
[ 2517.089760][T25406]  post_alloc_hook+0x1c0/0x230
[ 2517.094556][T25406]  get_page_from_freelist+0x132b/0x38e0
[ 2517.100130][T25406]  __alloc_frozen_pages_noprof+0x261/0x23f0
[ 2517.106050][T25406]  alloc_pages_mpol+0x1fb/0x550
[ 2517.110931][T25406]  folio_alloc_mpol_noprof+0x36/0x2f0
[ 2517.116315][T25406]  shmem_alloc_folio+0x135/0x160
[ 2517.121537][T25406]  shmem_alloc_and_add_folio+0x499/0xc20
[ 2517.127187][T25406]  shmem_get_folio_gfp+0x67f/0x1600
[ 2517.132407][T25406]  shmem_fault+0x1fe/0xa30
[ 2517.136872][T25406]  __do_fault+0x10d/0x490
[ 2517.141234][T25406]  do_pte_missing+0xf50/0x3ba0
[ 2517.146031][T25406]  __handle_mm_fault+0x152a/0x2a50
[ 2517.151162][T25406]  handle_mm_fault+0x589/0xd10
[ 2517.155939][T25406]  __get_user_pages+0x551/0x34a0
[ 2517.160887][T25406]  populate_vma_page_range+0x267/0x3f0
[ 2517.166358][T25406]  __mm_populate+0x1d8/0x380
[ 2517.170979][T25406] page last free pid 303 tgid 302 stack trace:
[ 2517.177139][T25406]  free_unref_folios+0xa61/0x16b0
[ 2517.182199][T25406]  folios_put_refs+0x56f/0x740
[ 2517.186993][T25406]  shmem_undo_range+0x58f/0x1150
[ 2517.191960][T25406]  shmem_evict_inode+0x3a1/0xbe0
[ 2517.196938][T25406]  evict+0x3e6/0x920
[ 2517.200849][T25406]  iput+0x521/0x880
[ 2517.204672][T25406]  dentry_unlink_inode+0x29c/0x480
[ 2517.209993][T25406]  __dentry_kill+0x1d0/0x600
[ 2517.214620][T25406]  dput.part.0+0x4b1/0x9b0
[ 2517.219090][T25406]  dput+0x1f/0x30
[ 2517.222745][T25406]  __fput+0x51c/0xb70
[ 2517.226753][T25406]  task_work_run+0x150/0x240
[ 2517.231421][T25406]  do_exit+0x86f/0x2bf0
[ 2517.235611][T25406]  do_group_exit+0xd3/0x2a0
[ 2517.240179][T25406]  get_signal+0x2673/0x26d0
[ 2517.244705][T25406]  arch_do_signal_or_restart+0x8f/0x7d0
[ 2517.250277][T25406] 
[ 2517.252616][T25406] Memory state around the buggy address:
[ 2517.258248][T25406]  ffff8880126e4380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2517.266337][T25406]  ffff8880126e4400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2517.274413][T25406] >ffff8880126e4480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2517.282485][T25406]                                   ^
[ 2517.287882][T25406]  ffff8880126e4500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2517.295949][T25406]  ffff8880126e4580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2517.304015][T25406] ==================================================================
[ 2517.313789][T25406] ==================================================================
[ 2517.322013][T25406] BUG: KASAN: use-after-free in ext4_find_extent+0xa36/0xa70
[ 2517.330104][T25406] Read of size 4 at addr ffff8880126e4fa4 by task kworker/u8:8/25406
[ 2517.338198][T25406] 
[ 2517.340543][T25406] CPU: 0 UID: 0 PID: 25406 Comm: kworker/u8:8 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[ 2517.340597][T25406] Tainted: [B]=BAD_PAGE
[ 2517.340611][T25406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2517.340636][T25406] Workqueue: writeback wb_workfn (flush-7:9)
[ 2517.340697][T25406] Call Trace:
[ 2517.340732][T25406]  <TASK>
[ 2517.340748][T25406]  dump_stack_lvl+0x116/0x1f0
[ 2517.340799][T25406]  print_report+0xcd/0x630
[ 2517.340831][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2517.340875][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2517.340918][T25406]  ? __phys_addr+0xe8/0x180
[ 2517.340968][T25406]  ? ext4_find_extent+0xa36/0xa70
[ 2517.341014][T25406]  kasan_report+0xe0/0x110
[ 2517.341048][T25406]  ? ext4_find_extent+0xa36/0xa70
[ 2517.341110][T25406]  ext4_find_extent+0xa36/0xa70
[ 2517.341162][T25406]  ext4_ext_map_blocks+0x290/0x5fe0
[ 2517.341218][T25406]  ? ret_from_fork_asm+0x1a/0x30
[ 2517.341265][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2517.341308][T25406]  ? stack_trace_save+0x8e/0xc0
[ 2517.341357][T25406]  ? __pfx_stack_trace_save+0x10/0x10
[ 2517.341405][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2517.341451][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2517.341495][T25406]  ? __pfx_ext4_ext_map_blocks+0x10/0x10
[ 2517.341549][T25406]  ? ext4_do_writepages+0x167b/0x3cf0
[ 2517.341597][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2517.341643][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2517.341687][T25406]  ? __pfx___might_resched+0x10/0x10
[ 2517.341739][T25406]  ? __pfx_down_write+0x10/0x10
[ 2517.341793][T25406]  ? ext4_es_lookup_extent+0xc7/0xc50
[ 2517.341855][T25406]  ext4_map_blocks+0x570/0x1400
[ 2517.341897][T25406]  ? __pfx_ext4_map_blocks+0x10/0x10
[ 2517.341936][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2517.341978][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2517.342021][T25406]  ? kmem_cache_alloc_noprof+0x21e/0x3b0
[ 2517.342085][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2517.342128][T25406]  ? ext4_ext_index_trans_blocks+0x159/0x190
[ 2517.342179][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2517.342221][T25406]  ? __ext4_journal_ensure_credits+0x25e/0x2f0
[ 2517.342268][T25406]  ext4_do_writepages+0x1ffa/0x3cf0
[ 2517.342312][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2517.342374][T25406]  ? __pfx_ext4_do_writepages+0x10/0x10
[ 2517.342424][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2517.342473][T25406]  ? ext4_writepages+0x37a/0x7d0
[ 2517.342516][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2517.342558][T25406]  ext4_writepages+0x37a/0x7d0
[ 2517.342603][T25406]  ? __pfx_ext4_writepages+0x10/0x10
[ 2517.342647][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2517.342690][T25406]  ? __lock_acquire+0x62e/0x1ce0
[ 2517.342755][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2517.342798][T25406]  ? __lock_acquire+0xb97/0x1ce0
[ 2517.342854][T25406]  ? __pfx_ext4_writepages+0x10/0x10
[ 2517.342901][T25406]  do_writepages+0x27a/0x600
[ 2517.342954][T25406]  ? __pfx_do_writepages+0x10/0x10
[ 2517.342999][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2517.343042][T25406]  ? reacquire_held_locks+0xcd/0x1f0
[ 2517.343104][T25406]  ? writeback_sb_inodes+0x3b0/0xfa0
[ 2517.343155][T25406]  __writeback_single_inode+0x160/0xfb0
[ 2517.343205][T25406]  ? __pfx___writeback_single_inode+0x10/0x10
[ 2517.343252][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2517.343295][T25406]  ? do_raw_spin_unlock+0x172/0x230
[ 2517.343335][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2517.343381][T25406]  writeback_sb_inodes+0x60d/0xfa0
[ 2517.343439][T25406]  ? __pfx_writeback_sb_inodes+0x10/0x10
[ 2517.343517][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2517.343560][T25406]  ? rcu_is_watching+0x12/0xc0
[ 2517.343604][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2517.343647][T25406]  ? queue_io+0x3f6/0x520
[ 2517.343689][T25406]  wb_writeback+0x419/0xb70
[ 2517.343741][T25406]  ? __pfx_wb_writeback+0x10/0x10
[ 2517.343785][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2517.343834][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2517.343877][T25406]  ? mark_held_locks+0x49/0x80
[ 2517.343937][T25406]  wb_workfn+0x14d/0xbe0
[ 2517.343986][T25406]  ? try_to_wake_up+0x160/0x1870
[ 2517.344028][T25406]  ? __pfx_wb_workfn+0x10/0x10
[ 2517.344085][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2517.344130][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2517.344175][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2517.344218][T25406]  ? rcu_is_watching+0x12/0xc0
[ 2517.344265][T25406]  process_one_work+0x9cf/0x1b70
[ 2517.344312][T25406]  ? __pfx_nsim_dev_trap_report_work+0x10/0x10
[ 2517.344371][T25406]  ? __pfx_process_one_work+0x10/0x10
[ 2517.344410][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2517.344459][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2517.344502][T25406]  ? assign_work+0x1a0/0x250
[ 2517.344538][T25406]  worker_thread+0x6c8/0xf10
[ 2517.344581][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2517.344625][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2517.344672][T25406]  ? __kthread_parkme+0x19e/0x250
[ 2517.344723][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2517.344768][T25406]  ? __pfx_worker_thread+0x10/0x10
[ 2517.344807][T25406]  kthread+0x3c5/0x780
[ 2517.344841][T25406]  ? __pfx_kthread+0x10/0x10
[ 2517.344879][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2517.344923][T25406]  ? rcu_is_watching+0x12/0xc0
[ 2517.344967][T25406]  ? __pfx_kthread+0x10/0x10
[ 2517.345001][T25406]  ret_from_fork+0x5d7/0x6f0
[ 2517.345035][T25406]  ? __pfx_kthread+0x10/0x10
[ 2517.345070][T25406]  ret_from_fork_asm+0x1a/0x30
[ 2517.345132][T25406]  </TASK>
[ 2517.345144][T25406] 
[ 2517.873496][T25406] The buggy address belongs to the physical page:
[ 2517.879900][T25406] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x3e5 pfn:0x126e4
[ 2517.888841][T25406] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 2517.895958][T25406] page_type: f0(buddy)
[ 2517.900039][T25406] raw: 00fff00000000000 ffffea0001d8ce08 ffffea00012f0088 0000000000000000
[ 2517.908637][T25406] raw: 00000000000003e5 0000000000000000 00000000f0000000 0000000000000000
[ 2517.917219][T25406] page dumped because: kasan: bad access detected
[ 2517.923635][T25406] page_owner tracks the page as freed
[ 2517.929045][T25406] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 303, tgid 302 (syz.7.8407), ts 2513523256396, free_ts 2516257273897
[ 2517.946818][T25406]  post_alloc_hook+0x1c0/0x230
[ 2517.951612][T25406]  get_page_from_freelist+0x132b/0x38e0
[ 2517.957191][T25406]  __alloc_frozen_pages_noprof+0x261/0x23f0
[ 2517.963130][T25406]  alloc_pages_mpol+0x1fb/0x550
[ 2517.967987][T25406]  folio_alloc_mpol_noprof+0x36/0x2f0
[ 2517.973370][T25406]  shmem_alloc_folio+0x135/0x160
[ 2517.978321][T25406]  shmem_alloc_and_add_folio+0x499/0xc20
[ 2517.983971][T25406]  shmem_get_folio_gfp+0x67f/0x1600
[ 2517.989190][T25406]  shmem_fault+0x1fe/0xa30
[ 2517.993628][T25406]  __do_fault+0x10d/0x490
[ 2517.998006][T25406]  do_pte_missing+0xf50/0x3ba0
[ 2518.002801][T25406]  __handle_mm_fault+0x152a/0x2a50
[ 2518.007957][T25406]  handle_mm_fault+0x589/0xd10
[ 2518.012747][T25406]  __get_user_pages+0x551/0x34a0
[ 2518.017705][T25406]  populate_vma_page_range+0x267/0x3f0
[ 2518.023284][T25406]  __mm_populate+0x1d8/0x380
[ 2518.027887][T25406] page last free pid 303 tgid 302 stack trace:
[ 2518.034035][T25406]  free_unref_folios+0xa61/0x16b0
[ 2518.039082][T25406]  folios_put_refs+0x56f/0x740
[ 2518.043874][T25406]  shmem_undo_range+0x58f/0x1150
[ 2518.048836][T25406]  shmem_evict_inode+0x3a1/0xbe0
[ 2518.053795][T25406]  evict+0x3e6/0x920
[ 2518.057699][T25406]  iput+0x521/0x880
[ 2518.061517][T25406]  dentry_unlink_inode+0x29c/0x480
[ 2518.066731][T25406]  __dentry_kill+0x1d0/0x600
[ 2518.071331][T25406]  dput.part.0+0x4b1/0x9b0
[ 2518.075755][T25406]  dput+0x1f/0x30
[ 2518.079397][T25406]  __fput+0x51c/0xb70
[ 2518.083389][T25406]  task_work_run+0x150/0x240
[ 2518.087989][T25406]  do_exit+0x86f/0x2bf0
[ 2518.092170][T25406]  do_group_exit+0xd3/0x2a0
[ 2518.096715][T25406]  get_signal+0x2673/0x26d0
[ 2518.101704][T25406]  arch_do_signal_or_restart+0x8f/0x7d0
[ 2518.107277][T25406] 
[ 2518.109612][T25406] Memory state around the buggy address:
[ 2518.115263][T25406]  ffff8880126e4e80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2518.123333][T25406]  ffff8880126e4f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2518.131483][T25406] >ffff8880126e4f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2518.139641][T25406]                                ^
[ 2518.144891][T25406]  ffff8880126e5000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2518.154782][T25406]  ffff8880126e5080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2518.162947][T25406] ==================================================================
[ 2518.196528][T25406] ==================================================================
[ 2518.204756][T25406] BUG: KASAN: use-after-free in ext4_find_extent+0xa36/0xa70
[ 2518.212291][T25406] Read of size 4 at addr ffff8880126e4ff8 by task kworker/u8:8/25406
[ 2518.220543][T25406] 
[ 2518.222875][T25406] CPU: 0 UID: 0 PID: 25406 Comm: kworker/u8:8 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[ 2518.222930][T25406] Tainted: [B]=BAD_PAGE
[ 2518.222943][T25406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2518.222970][T25406] Workqueue: writeback wb_workfn (flush-7:9)
[ 2518.223034][T25406] Call Trace:
[ 2518.223046][T25406]  <TASK>
[ 2518.223059][T25406]  dump_stack_lvl+0x116/0x1f0
[ 2518.223111][T25406]  print_report+0xcd/0x630
[ 2518.223150][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2518.223195][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2518.223238][T25406]  ? __phys_addr+0xe8/0x180
[ 2518.223289][T25406]  ? ext4_find_extent+0xa36/0xa70
[ 2518.223337][T25406]  kasan_report+0xe0/0x110
[ 2518.223371][T25406]  ? ext4_find_extent+0xa36/0xa70
[ 2518.223423][T25406]  ext4_find_extent+0xa36/0xa70
[ 2518.223475][T25406]  ext4_ext_map_blocks+0x290/0x5fe0
[ 2518.223532][T25406]  ? ret_from_fork_asm+0x1a/0x30
[ 2518.223581][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2518.223624][T25406]  ? stack_trace_save+0x8e/0xc0
[ 2518.223674][T25406]  ? __pfx_stack_trace_save+0x10/0x10
[ 2518.223722][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2518.223769][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2518.223814][T25406]  ? __pfx_ext4_ext_map_blocks+0x10/0x10
[ 2518.223868][T25406]  ? ext4_do_writepages+0x167b/0x3cf0
[ 2518.223918][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2518.223963][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2518.224008][T25406]  ? __pfx___might_resched+0x10/0x10
[ 2518.224061][T25406]  ? __pfx_down_write+0x10/0x10
[ 2518.224116][T25406]  ? ext4_es_lookup_extent+0xc7/0xc50
[ 2518.224184][T25406]  ext4_map_blocks+0x570/0x1400
[ 2518.224225][T25406]  ? __pfx_ext4_map_blocks+0x10/0x10
[ 2518.224265][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2518.224308][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2518.224351][T25406]  ? kmem_cache_alloc_noprof+0x21e/0x3b0
[ 2518.224410][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2518.224454][T25406]  ? ext4_ext_index_trans_blocks+0x159/0x190
[ 2518.224505][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2518.224548][T25406]  ? __ext4_journal_ensure_credits+0x25e/0x2f0
[ 2518.224596][T25406]  ext4_do_writepages+0x1ffa/0x3cf0
[ 2518.224640][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2518.224702][T25406]  ? __pfx_ext4_do_writepages+0x10/0x10
[ 2518.224752][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2518.224803][T25406]  ? ext4_writepages+0x37a/0x7d0
[ 2518.224845][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2518.224888][T25406]  ext4_writepages+0x37a/0x7d0
[ 2518.224933][T25406]  ? __pfx_ext4_writepages+0x10/0x10
[ 2518.224977][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2518.225020][T25406]  ? __lock_acquire+0x62e/0x1ce0
[ 2518.225084][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2518.225134][T25406]  ? __lock_acquire+0xb97/0x1ce0
[ 2518.225190][T25406]  ? __pfx_ext4_writepages+0x10/0x10
[ 2518.225237][T25406]  do_writepages+0x27a/0x600
[ 2518.225287][T25406]  ? __pfx_do_writepages+0x10/0x10
[ 2518.225332][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2518.225375][T25406]  ? reacquire_held_locks+0xcd/0x1f0
[ 2518.225431][T25406]  ? writeback_sb_inodes+0x3b0/0xfa0
[ 2518.225482][T25406]  __writeback_single_inode+0x160/0xfb0
[ 2518.225533][T25406]  ? __pfx___writeback_single_inode+0x10/0x10
[ 2518.225581][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2518.225624][T25406]  ? do_raw_spin_unlock+0x172/0x230
[ 2518.225663][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2518.225710][T25406]  writeback_sb_inodes+0x60d/0xfa0
[ 2518.225768][T25406]  ? __pfx_writeback_sb_inodes+0x10/0x10
[ 2518.225847][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2518.225891][T25406]  ? rcu_is_watching+0x12/0xc0
[ 2518.225937][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2518.225980][T25406]  ? queue_io+0x3f6/0x520
[ 2518.226022][T25406]  wb_writeback+0x419/0xb70
[ 2518.226074][T25406]  ? __pfx_wb_writeback+0x10/0x10
[ 2518.226120][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2518.226175][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2518.226219][T25406]  ? mark_held_locks+0x49/0x80
[ 2518.226278][T25406]  wb_workfn+0x14d/0xbe0
[ 2518.226328][T25406]  ? try_to_wake_up+0x160/0x1870
[ 2518.226372][T25406]  ? __pfx_wb_workfn+0x10/0x10
[ 2518.226422][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2518.226468][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2518.226515][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2518.226559][T25406]  ? rcu_is_watching+0x12/0xc0
[ 2518.226607][T25406]  process_one_work+0x9cf/0x1b70
[ 2518.226657][T25406]  ? __pfx_nsim_dev_trap_report_work+0x10/0x10
[ 2518.226718][T25406]  ? __pfx_process_one_work+0x10/0x10
[ 2518.226758][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2518.226807][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2518.226850][T25406]  ? assign_work+0x1a0/0x250
[ 2518.226886][T25406]  worker_thread+0x6c8/0xf10
[ 2518.226929][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2518.226974][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2518.227017][T25406]  ? __kthread_parkme+0x19e/0x250
[ 2518.227070][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2518.227115][T25406]  ? __pfx_worker_thread+0x10/0x10
[ 2518.227161][T25406]  kthread+0x3c5/0x780
[ 2518.227196][T25406]  ? __pfx_kthread+0x10/0x10
[ 2518.227232][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2518.227275][T25406]  ? rcu_is_watching+0x12/0xc0
[ 2518.227320][T25406]  ? __pfx_kthread+0x10/0x10
[ 2518.227355][T25406]  ret_from_fork+0x5d7/0x6f0
[ 2518.227389][T25406]  ? __pfx_kthread+0x10/0x10
[ 2518.227424][T25406]  ret_from_fork_asm+0x1a/0x30
[ 2518.227480][T25406]  </TASK>
[ 2518.227493][T25406] 
[ 2518.756456][T25406] The buggy address belongs to the physical page:
[ 2518.762866][T25406] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x3e5 pfn:0x126e4
[ 2518.771829][T25406] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 2518.779669][T25406] page_type: f0(buddy)
[ 2518.783753][T25406] raw: 00fff00000000000 ffffea0001d8ce08 ffffea00012f0088 0000000000000000
[ 2518.792484][T25406] raw: 00000000000003e5 0000000000000000 00000000f0000000 0000000000000000
[ 2518.801160][T25406] page dumped because: kasan: bad access detected
[ 2518.807641][T25406] page_owner tracks the page as freed
[ 2518.813004][T25406] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 303, tgid 302 (syz.7.8407), ts 2513523256396, free_ts 2516257273897
[ 2518.830771][T25406]  post_alloc_hook+0x1c0/0x230
[ 2518.835592][T25406]  get_page_from_freelist+0x132b/0x38e0
[ 2518.841171][T25406]  __alloc_frozen_pages_noprof+0x261/0x23f0
[ 2518.847109][T25406]  alloc_pages_mpol+0x1fb/0x550
[ 2518.851966][T25406]  folio_alloc_mpol_noprof+0x36/0x2f0
[ 2518.857438][T25406]  shmem_alloc_folio+0x135/0x160
[ 2518.862388][T25406]  shmem_alloc_and_add_folio+0x499/0xc20
[ 2518.868058][T25406]  shmem_get_folio_gfp+0x67f/0x1600
[ 2518.873297][T25406]  shmem_fault+0x1fe/0xa30
[ 2518.877751][T25406]  __do_fault+0x10d/0x490
[ 2518.882134][T25406]  do_pte_missing+0xf50/0x3ba0
[ 2518.886920][T25406]  __handle_mm_fault+0x152a/0x2a50
[ 2518.892052][T25406]  handle_mm_fault+0x589/0xd10
[ 2518.896920][T25406]  __get_user_pages+0x551/0x34a0
[ 2518.901870][T25406]  populate_vma_page_range+0x267/0x3f0
[ 2518.907342][T25406]  __mm_populate+0x1d8/0x380
[ 2518.911938][T25406] page last free pid 303 tgid 302 stack trace:
[ 2518.918093][T25406]  free_unref_folios+0xa61/0x16b0
[ 2518.923163][T25406]  folios_put_refs+0x56f/0x740
[ 2518.927987][T25406]  shmem_undo_range+0x58f/0x1150
[ 2518.932956][T25406]  shmem_evict_inode+0x3a1/0xbe0
[ 2518.937946][T25406]  evict+0x3e6/0x920
[ 2518.941861][T25406]  iput+0x521/0x880
[ 2518.945685][T25406]  dentry_unlink_inode+0x29c/0x480
[ 2518.950913][T25406]  __dentry_kill+0x1d0/0x600
[ 2518.955624][T25406]  dput.part.0+0x4b1/0x9b0
[ 2518.960158][T25406]  dput+0x1f/0x30
[ 2518.963844][T25406]  __fput+0x51c/0xb70
[ 2518.967845][T25406]  task_work_run+0x150/0x240
[ 2518.972450][T25406]  do_exit+0x86f/0x2bf0
[ 2518.976717][T25406]  do_group_exit+0xd3/0x2a0
[ 2518.981258][T25406]  get_signal+0x2673/0x26d0
[ 2518.985782][T25406]  arch_do_signal_or_restart+0x8f/0x7d0
[ 2518.991349][T25406] 
[ 2518.993665][T25406] Memory state around the buggy address:
[ 2518.999294][T25406]  ffff8880126e4e80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2519.007373][T25406]  ffff8880126e4f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2519.015530][T25406] >ffff8880126e4f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2519.023597][T25406]                                                                 ^
[ 2519.031597][T25406]  ffff8880126e5000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2519.039684][T25406]  ffff8880126e5080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2519.048450][T25406] ==================================================================
[ 2519.060767][T25406] ==================================================================
[ 2519.068890][T25406] BUG: KASAN: use-after-free in ext4_find_extent+0xa57/0xa70
[ 2519.076311][T25406] Read of size 2 at addr ffff8880126e4ffe by task kworker/u8:8/25406
[ 2519.084390][T25406] 
[ 2519.086745][T25406] CPU: 1 UID: 0 PID: 25406 Comm: kworker/u8:8 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[ 2519.086800][T25406] Tainted: [B]=BAD_PAGE
[ 2519.086813][T25406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2519.086849][T25406] Workqueue: writeback wb_workfn (flush-7:9)
[ 2519.086909][T25406] Call Trace:
[ 2519.086921][T25406]  <TASK>
[ 2519.086935][T25406]  dump_stack_lvl+0x116/0x1f0
[ 2519.086986][T25406]  print_report+0xcd/0x630
[ 2519.087017][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.087061][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.087103][T25406]  ? __phys_addr+0xe8/0x180
[ 2519.087153][T25406]  ? ext4_find_extent+0xa57/0xa70
[ 2519.087199][T25406]  kasan_report+0xe0/0x110
[ 2519.087232][T25406]  ? ext4_find_extent+0xa57/0xa70
[ 2519.087284][T25406]  ext4_find_extent+0xa57/0xa70
[ 2519.087335][T25406]  ext4_ext_map_blocks+0x290/0x5fe0
[ 2519.087391][T25406]  ? ret_from_fork_asm+0x1a/0x30
[ 2519.087438][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.087481][T25406]  ? stack_trace_save+0x8e/0xc0
[ 2519.087529][T25406]  ? __pfx_stack_trace_save+0x10/0x10
[ 2519.087578][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.087623][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.087667][T25406]  ? __pfx_ext4_ext_map_blocks+0x10/0x10
[ 2519.087722][T25406]  ? ext4_do_writepages+0x167b/0x3cf0
[ 2519.087770][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.087815][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.087865][T25406]  ? __pfx___might_resched+0x10/0x10
[ 2519.087917][T25406]  ? __pfx_down_write+0x10/0x10
[ 2519.087971][T25406]  ? ext4_es_lookup_extent+0xc7/0xc50
[ 2519.088033][T25406]  ext4_map_blocks+0x570/0x1400
[ 2519.088076][T25406]  ? __pfx_ext4_map_blocks+0x10/0x10
[ 2519.088114][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.088156][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.088198][T25406]  ? kmem_cache_alloc_noprof+0x21e/0x3b0
[ 2519.088257][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.088299][T25406]  ? ext4_ext_index_trans_blocks+0x159/0x190
[ 2519.088349][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.088391][T25406]  ? __ext4_journal_ensure_credits+0x25e/0x2f0
[ 2519.088439][T25406]  ext4_do_writepages+0x1ffa/0x3cf0
[ 2519.088483][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.088543][T25406]  ? __pfx_ext4_do_writepages+0x10/0x10
[ 2519.088593][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.088643][T25406]  ? ext4_writepages+0x37a/0x7d0
[ 2519.088686][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.088728][T25406]  ext4_writepages+0x37a/0x7d0
[ 2519.088772][T25406]  ? __pfx_ext4_writepages+0x10/0x10
[ 2519.088816][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.088864][T25406]  ? __lock_acquire+0x62e/0x1ce0
[ 2519.088931][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.088973][T25406]  ? __lock_acquire+0xb97/0x1ce0
[ 2519.089029][T25406]  ? __pfx_ext4_writepages+0x10/0x10
[ 2519.089075][T25406]  do_writepages+0x27a/0x600
[ 2519.089124][T25406]  ? __pfx_do_writepages+0x10/0x10
[ 2519.089169][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.089211][T25406]  ? reacquire_held_locks+0xcd/0x1f0
[ 2519.089267][T25406]  ? writeback_sb_inodes+0x3b0/0xfa0
[ 2519.089318][T25406]  __writeback_single_inode+0x160/0xfb0
[ 2519.089368][T25406]  ? __pfx___writeback_single_inode+0x10/0x10
[ 2519.089415][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.089458][T25406]  ? do_raw_spin_unlock+0x172/0x230
[ 2519.089497][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.089543][T25406]  writeback_sb_inodes+0x60d/0xfa0
[ 2519.089600][T25406]  ? __pfx_writeback_sb_inodes+0x10/0x10
[ 2519.089679][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.089721][T25406]  ? rcu_is_watching+0x12/0xc0
[ 2519.089765][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.089808][T25406]  ? queue_io+0x3f6/0x520
[ 2519.089854][T25406]  wb_writeback+0x419/0xb70
[ 2519.089905][T25406]  ? __pfx_wb_writeback+0x10/0x10
[ 2519.089950][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.089999][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.090041][T25406]  ? mark_held_locks+0x49/0x80
[ 2519.090099][T25406]  wb_workfn+0x14d/0xbe0
[ 2519.090148][T25406]  ? try_to_wake_up+0x160/0x1870
[ 2519.090190][T25406]  ? __pfx_wb_workfn+0x10/0x10
[ 2519.090240][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.090284][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.090329][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.090372][T25406]  ? rcu_is_watching+0x12/0xc0
[ 2519.090419][T25406]  process_one_work+0x9cf/0x1b70
[ 2519.090465][T25406]  ? __pfx_nsim_dev_trap_report_work+0x10/0x10
[ 2519.090524][T25406]  ? __pfx_process_one_work+0x10/0x10
[ 2519.090563][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.090611][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.090653][T25406]  ? assign_work+0x1a0/0x250
[ 2519.090689][T25406]  worker_thread+0x6c8/0xf10
[ 2519.090731][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.090775][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.090817][T25406]  ? __kthread_parkme+0x19e/0x250
[ 2519.090910][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.090955][T25406]  ? __pfx_worker_thread+0x10/0x10
[ 2519.090994][T25406]  kthread+0x3c5/0x780
[ 2519.091028][T25406]  ? __pfx_kthread+0x10/0x10
[ 2519.091063][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.091104][T25406]  ? rcu_is_watching+0x12/0xc0
[ 2519.091147][T25406]  ? __pfx_kthread+0x10/0x10
[ 2519.091182][T25406]  ret_from_fork+0x5d7/0x6f0
[ 2519.091216][T25406]  ? __pfx_kthread+0x10/0x10
[ 2519.091250][T25406]  ret_from_fork_asm+0x1a/0x30
[ 2519.091305][T25406]  </TASK>
[ 2519.091317][T25406] 
[ 2519.619661][T25406] The buggy address belongs to the physical page:
[ 2519.626241][T25406] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x3e5 pfn:0x126e4
[ 2519.635179][T25406] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 2519.642289][T25406] page_type: f0(buddy)
[ 2519.646365][T25406] raw: 00fff00000000000 ffffea0001d8ce08 ffffea00012f0088 0000000000000000
[ 2519.654958][T25406] raw: 00000000000003e5 0000000000000000 00000000f0000000 0000000000000000
[ 2519.663538][T25406] page dumped because: kasan: bad access detected
[ 2519.670049][T25406] page_owner tracks the page as freed
[ 2519.675425][T25406] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 303, tgid 302 (syz.7.8407), ts 2513523256396, free_ts 2516257273897
[ 2519.693172][T25406]  post_alloc_hook+0x1c0/0x230
[ 2519.698066][T25406]  get_page_from_freelist+0x132b/0x38e0
[ 2519.703647][T25406]  __alloc_frozen_pages_noprof+0x261/0x23f0
[ 2519.709573][T25406]  alloc_pages_mpol+0x1fb/0x550
[ 2519.714434][T25406]  folio_alloc_mpol_noprof+0x36/0x2f0
[ 2519.719826][T25406]  shmem_alloc_folio+0x135/0x160
[ 2519.724787][T25406]  shmem_alloc_and_add_folio+0x499/0xc20
[ 2519.730451][T25406]  shmem_get_folio_gfp+0x67f/0x1600
[ 2519.735674][T25406]  shmem_fault+0x1fe/0xa30
[ 2519.740114][T25406]  __do_fault+0x10d/0x490
[ 2519.744651][T25406]  do_pte_missing+0xf50/0x3ba0
[ 2519.749437][T25406]  __handle_mm_fault+0x152a/0x2a50
[ 2519.754597][T25406]  handle_mm_fault+0x589/0xd10
[ 2519.759389][T25406]  __get_user_pages+0x551/0x34a0
[ 2519.764347][T25406]  populate_vma_page_range+0x267/0x3f0
[ 2519.769845][T25406]  __mm_populate+0x1d8/0x380
[ 2519.774453][T25406] page last free pid 303 tgid 302 stack trace:
[ 2519.780601][T25406]  free_unref_folios+0xa61/0x16b0
[ 2519.785655][T25406]  folios_put_refs+0x56f/0x740
[ 2519.790455][T25406]  shmem_undo_range+0x58f/0x1150
[ 2519.795423][T25406]  shmem_evict_inode+0x3a1/0xbe0
[ 2519.800385][T25406]  evict+0x3e6/0x920
[ 2519.804293][T25406]  iput+0x521/0x880
[ 2519.808111][T25406]  dentry_unlink_inode+0x29c/0x480
[ 2519.813231][T25406]  __dentry_kill+0x1d0/0x600
[ 2519.817850][T25406]  dput.part.0+0x4b1/0x9b0
[ 2519.822283][T25406]  dput+0x1f/0x30
[ 2519.825965][T25406]  __fput+0x51c/0xb70
[ 2519.829958][T25406]  task_work_run+0x150/0x240
[ 2519.834555][T25406]  do_exit+0x86f/0x2bf0
[ 2519.838749][T25406]  do_group_exit+0xd3/0x2a0
[ 2519.843291][T25406]  get_signal+0x2673/0x26d0
[ 2519.847810][T25406]  arch_do_signal_or_restart+0x8f/0x7d0
[ 2519.853380][T25406] 
[ 2519.855694][T25406] Memory state around the buggy address:
[ 2519.861317][T25406]  ffff8880126e4e80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2519.869380][T25406]  ffff8880126e4f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2519.877444][T25406] >ffff8880126e4f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2519.885675][T25406]                                                                 ^
[ 2519.893670][T25406]  ffff8880126e5000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2519.901750][T25406]  ffff8880126e5080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2519.909814][T25406] ==================================================================
[ 2519.926781][T25406] ==================================================================
[ 2519.934911][T25406] BUG: KASAN: use-after-free in ext4_ext_map_blocks+0x296e/0x5fe0
[ 2519.942780][T25406] Read of size 4 at addr ffff8880126e4ff8 by task kworker/u8:8/25406
[ 2519.950901][T25406] 
[ 2519.953760][T25406] CPU: 1 UID: 0 PID: 25406 Comm: kworker/u8:8 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[ 2519.953816][T25406] Tainted: [B]=BAD_PAGE
[ 2519.953831][T25406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2519.953860][T25406] Workqueue: writeback wb_workfn (flush-7:9)
[ 2519.953924][T25406] Call Trace:
[ 2519.953937][T25406]  <TASK>
[ 2519.953952][T25406]  dump_stack_lvl+0x116/0x1f0
[ 2519.954005][T25406]  print_report+0xcd/0x630
[ 2519.954037][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.954083][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.954133][T25406]  ? __phys_addr+0xe8/0x180
[ 2519.954185][T25406]  ? ext4_ext_map_blocks+0x296e/0x5fe0
[ 2519.954237][T25406]  kasan_report+0xe0/0x110
[ 2519.954271][T25406]  ? ext4_ext_map_blocks+0x296e/0x5fe0
[ 2519.954327][T25406]  ext4_ext_map_blocks+0x296e/0x5fe0
[ 2519.954383][T25406]  ? ret_from_fork_asm+0x1a/0x30
[ 2519.954432][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.954475][T25406]  ? stack_trace_save+0x8e/0xc0
[ 2519.954526][T25406]  ? __pfx_stack_trace_save+0x10/0x10
[ 2519.954579][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.954629][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.954677][T25406]  ? __pfx_ext4_ext_map_blocks+0x10/0x10
[ 2519.954739][T25406]  ? ext4_do_writepages+0x167b/0x3cf0
[ 2519.954791][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.954840][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.954886][T25406]  ? __pfx___might_resched+0x10/0x10
[ 2519.954946][T25406]  ? __pfx_down_write+0x10/0x10
[ 2519.955006][T25406]  ? ext4_es_lookup_extent+0xc7/0xc50
[ 2519.955069][T25406]  ext4_map_blocks+0x570/0x1400
[ 2519.955118][T25406]  ? __pfx_ext4_map_blocks+0x10/0x10
[ 2519.955157][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.955201][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.955244][T25406]  ? kmem_cache_alloc_noprof+0x21e/0x3b0
[ 2519.955304][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.955348][T25406]  ? ext4_ext_index_trans_blocks+0x159/0x190
[ 2519.955399][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.955442][T25406]  ? __ext4_journal_ensure_credits+0x25e/0x2f0
[ 2519.955491][T25406]  ext4_do_writepages+0x1ffa/0x3cf0
[ 2519.955537][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.955599][T25406]  ? __pfx_ext4_do_writepages+0x10/0x10
[ 2519.955649][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.955700][T25406]  ? ext4_writepages+0x37a/0x7d0
[ 2519.955743][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.955786][T25406]  ext4_writepages+0x37a/0x7d0
[ 2519.955831][T25406]  ? __pfx_ext4_writepages+0x10/0x10
[ 2519.955875][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.955919][T25406]  ? __lock_acquire+0x62e/0x1ce0
[ 2519.955984][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.956027][T25406]  ? __lock_acquire+0xb97/0x1ce0
[ 2519.956083][T25406]  ? __pfx_ext4_writepages+0x10/0x10
[ 2519.956138][T25406]  do_writepages+0x27a/0x600
[ 2519.956188][T25406]  ? __pfx_do_writepages+0x10/0x10
[ 2519.956233][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.956276][T25406]  ? reacquire_held_locks+0xcd/0x1f0
[ 2519.956333][T25406]  ? writeback_sb_inodes+0x3b0/0xfa0
[ 2519.956384][T25406]  __writeback_single_inode+0x160/0xfb0
[ 2519.956435][T25406]  ? __pfx___writeback_single_inode+0x10/0x10
[ 2519.956483][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.956526][T25406]  ? do_raw_spin_unlock+0x172/0x230
[ 2519.956566][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.956612][T25406]  writeback_sb_inodes+0x60d/0xfa0
[ 2519.956674][T25406]  ? __pfx_writeback_sb_inodes+0x10/0x10
[ 2519.956754][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.956797][T25406]  ? rcu_is_watching+0x12/0xc0
[ 2519.956843][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.957026][T25406]  ? queue_io+0x3f6/0x520
[ 2519.957071][T25406]  wb_writeback+0x419/0xb70
[ 2519.957132][T25406]  ? __pfx_wb_writeback+0x10/0x10
[ 2519.957192][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.957243][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.957286][T25406]  ? mark_held_locks+0x49/0x80
[ 2519.957351][T25406]  wb_workfn+0x14d/0xbe0
[ 2519.957402][T25406]  ? try_to_wake_up+0x160/0x1870
[ 2519.957446][T25406]  ? __pfx_wb_workfn+0x10/0x10
[ 2519.957496][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.957542][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.957588][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.957632][T25406]  ? rcu_is_watching+0x12/0xc0
[ 2519.957682][T25406]  process_one_work+0x9cf/0x1b70
[ 2519.957729][T25406]  ? __pfx_nsim_dev_trap_report_work+0x10/0x10
[ 2519.957791][T25406]  ? __pfx_process_one_work+0x10/0x10
[ 2519.957831][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.957882][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.957926][T25406]  ? assign_work+0x1a0/0x250
[ 2519.957963][T25406]  worker_thread+0x6c8/0xf10
[ 2519.958007][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.958052][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.958102][T25406]  ? __kthread_parkme+0x19e/0x250
[ 2519.958161][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.958206][T25406]  ? __pfx_worker_thread+0x10/0x10
[ 2519.958246][T25406]  kthread+0x3c5/0x780
[ 2519.958281][T25406]  ? __pfx_kthread+0x10/0x10
[ 2519.958316][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2519.958360][T25406]  ? rcu_is_watching+0x12/0xc0
[ 2519.958405][T25406]  ? __pfx_kthread+0x10/0x10
[ 2519.958441][T25406]  ret_from_fork+0x5d7/0x6f0
[ 2519.958475][T25406]  ? __pfx_kthread+0x10/0x10
[ 2519.958510][T25406]  ret_from_fork_asm+0x1a/0x30
[ 2519.958567][T25406]  </TASK>
[ 2519.958580][T25406] 
[ 2520.483726][T25406] The buggy address belongs to the physical page:
[ 2520.490132][T25406] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x3e5 pfn:0x126e4
[ 2520.499070][T25406] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 2520.506180][T25406] page_type: f0(buddy)
[ 2520.510259][T25406] raw: 00fff00000000000 ffffea0001d8ce08 ffffea00012f0088 0000000000000000
[ 2520.518944][T25406] raw: 00000000000003e5 0000000000000000 00000000f0000000 0000000000000000
[ 2520.527556][T25406] page dumped because: kasan: bad access detected
[ 2520.533965][T25406] page_owner tracks the page as freed
[ 2520.539327][T25406] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 303, tgid 302 (syz.7.8407), ts 2513523256396, free_ts 2516257273897
[ 2520.557157][T25406]  post_alloc_hook+0x1c0/0x230
[ 2520.561976][T25406]  get_page_from_freelist+0x132b/0x38e0
[ 2520.567552][T25406]  __alloc_frozen_pages_noprof+0x261/0x23f0
[ 2520.573472][T25406]  alloc_pages_mpol+0x1fb/0x550
[ 2520.578331][T25406]  folio_alloc_mpol_noprof+0x36/0x2f0
[ 2520.583724][T25406]  shmem_alloc_folio+0x135/0x160
[ 2520.588679][T25406]  shmem_alloc_and_add_folio+0x499/0xc20
[ 2520.594335][T25406]  shmem_get_folio_gfp+0x67f/0x1600
[ 2520.599556][T25406]  shmem_fault+0x1fe/0xa30
[ 2520.603996][T25406]  __do_fault+0x10d/0x490
[ 2520.608355][T25406]  do_pte_missing+0xf50/0x3ba0
[ 2520.613142][T25406]  __handle_mm_fault+0x152a/0x2a50
[ 2520.618302][T25406]  handle_mm_fault+0x589/0xd10
[ 2520.623111][T25406]  __get_user_pages+0x551/0x34a0
[ 2520.628065][T25406]  populate_vma_page_range+0x267/0x3f0
[ 2520.633562][T25406]  __mm_populate+0x1d8/0x380
[ 2520.638188][T25406] page last free pid 303 tgid 302 stack trace:
[ 2520.644339][T25406]  free_unref_folios+0xa61/0x16b0
[ 2520.649393][T25406]  folios_put_refs+0x56f/0x740
[ 2520.654188][T25406]  shmem_undo_range+0x58f/0x1150
[ 2520.659181][T25406]  shmem_evict_inode+0x3a1/0xbe0
[ 2520.664151][T25406]  evict+0x3e6/0x920
[ 2520.668080][T25406]  iput+0x521/0x880
[ 2520.671910][T25406]  dentry_unlink_inode+0x29c/0x480
[ 2520.677120][T25406]  __dentry_kill+0x1d0/0x600
[ 2520.681840][T25406]  dput.part.0+0x4b1/0x9b0
[ 2520.686271][T25406]  dput+0x1f/0x30
[ 2520.689946][T25406]  __fput+0x51c/0xb70
[ 2520.693941][T25406]  task_work_run+0x150/0x240
[ 2520.698546][T25406]  do_exit+0x86f/0x2bf0
[ 2520.702733][T25406]  do_group_exit+0xd3/0x2a0
[ 2520.707265][T25406]  get_signal+0x2673/0x26d0
[ 2520.711818][T25406]  arch_do_signal_or_restart+0x8f/0x7d0
[ 2520.717399][T25406] 
[ 2520.719714][T25406] Memory state around the buggy address:
[ 2520.725343][T25406]  ffff8880126e4e80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2520.733481][T25406]  ffff8880126e4f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2520.741555][T25406] >ffff8880126e4f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2520.749642][T25406]                                                                 ^
[ 2520.757627][T25406]  ffff8880126e5000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2520.765785][T25406]  ffff8880126e5080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2520.773935][T25406] ==================================================================
[ 2520.811222][T25406] ==================================================================
[ 2520.819426][T25406] BUG: KASAN: use-after-free in ext4_ext_map_blocks+0x2957/0x5fe0
[ 2520.827283][T25406] Read of size 2 at addr ffff8880126e4ffe by task kworker/u8:8/25406
[ 2520.835395][T25406] 
[ 2520.837731][T25406] CPU: 1 UID: 0 PID: 25406 Comm: kworker/u8:8 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[ 2520.837792][T25406] Tainted: [B]=BAD_PAGE
[ 2520.837809][T25406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2520.837845][T25406] Workqueue: writeback wb_workfn (flush-7:9)
[ 2520.837923][T25406] Call Trace:
[ 2520.837938][T25406]  <TASK>
[ 2520.837956][T25406]  dump_stack_lvl+0x116/0x1f0
[ 2520.838020][T25406]  print_report+0xcd/0x630
[ 2520.838054][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2520.838102][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2520.838147][T25406]  ? __phys_addr+0xe8/0x180
[ 2520.838200][T25406]  ? ext4_ext_map_blocks+0x2957/0x5fe0
[ 2520.838257][T25406]  kasan_report+0xe0/0x110
[ 2520.838292][T25406]  ? ext4_ext_map_blocks+0x2957/0x5fe0
[ 2520.838348][T25406]  ext4_ext_map_blocks+0x2957/0x5fe0
[ 2520.838406][T25406]  ? ret_from_fork_asm+0x1a/0x30
[ 2520.838458][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2520.838503][T25406]  ? stack_trace_save+0x8e/0xc0
[ 2520.838553][T25406]  ? __pfx_stack_trace_save+0x10/0x10
[ 2520.838601][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2520.838638][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2520.838673][T25406]  ? __pfx_ext4_ext_map_blocks+0x10/0x10
[ 2520.838718][T25406]  ? ext4_do_writepages+0x167b/0x3cf0
[ 2520.838757][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2520.838793][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2520.838829][T25406]  ? __pfx___might_resched+0x10/0x10
[ 2520.838884][T25406]  ? __pfx_down_write+0x10/0x10
[ 2520.838947][T25406]  ? ext4_es_lookup_extent+0xc7/0xc50
[ 2520.838999][T25406]  ext4_map_blocks+0x570/0x1400
[ 2520.839033][T25406]  ? __pfx_ext4_map_blocks+0x10/0x10
[ 2520.839064][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2520.839100][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2520.839134][T25406]  ? kmem_cache_alloc_noprof+0x21e/0x3b0
[ 2520.839183][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2520.839217][T25406]  ? ext4_ext_index_trans_blocks+0x159/0x190
[ 2520.839257][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2520.839292][T25406]  ? __ext4_journal_ensure_credits+0x25e/0x2f0
[ 2520.839330][T25406]  ext4_do_writepages+0x1ffa/0x3cf0
[ 2520.839366][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2520.839416][T25406]  ? __pfx_ext4_do_writepages+0x10/0x10
[ 2520.839455][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2520.839496][T25406]  ? ext4_writepages+0x37a/0x7d0
[ 2520.839529][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2520.839564][T25406]  ext4_writepages+0x37a/0x7d0
[ 2520.839600][T25406]  ? __pfx_ext4_writepages+0x10/0x10
[ 2520.839635][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2520.839669][T25406]  ? __lock_acquire+0x62e/0x1ce0
[ 2520.839720][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2520.839754][T25406]  ? __lock_acquire+0xb97/0x1ce0
[ 2520.839798][T25406]  ? __pfx_ext4_writepages+0x10/0x10
[ 2520.839841][T25406]  do_writepages+0x27a/0x600
[ 2520.839881][T25406]  ? __pfx_do_writepages+0x10/0x10
[ 2520.839916][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2520.839950][T25406]  ? reacquire_held_locks+0xcd/0x1f0
[ 2520.840003][T25406]  ? writeback_sb_inodes+0x3b0/0xfa0
[ 2520.840056][T25406]  __writeback_single_inode+0x160/0xfb0
[ 2520.840097][T25406]  ? __pfx___writeback_single_inode+0x10/0x10
[ 2520.840140][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2520.840175][T25406]  ? do_raw_spin_unlock+0x172/0x230
[ 2520.840207][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2520.840244][T25406]  writeback_sb_inodes+0x60d/0xfa0
[ 2520.840291][T25406]  ? __pfx_writeback_sb_inodes+0x10/0x10
[ 2520.840355][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2520.840389][T25406]  ? rcu_is_watching+0x12/0xc0
[ 2520.840427][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2520.840461][T25406]  ? queue_io+0x3f6/0x520
[ 2520.840495][T25406]  wb_writeback+0x419/0xb70
[ 2520.840536][T25406]  ? __pfx_wb_writeback+0x10/0x10
[ 2520.840572][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2520.840612][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2520.840646][T25406]  ? mark_held_locks+0x49/0x80
[ 2520.840696][T25406]  wb_workfn+0x14d/0xbe0
[ 2520.840751][T25406]  ? try_to_wake_up+0x160/0x1870
[ 2520.840786][T25406]  ? __pfx_wb_workfn+0x10/0x10
[ 2520.840826][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2520.840867][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2520.840904][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2520.840938][T25406]  ? rcu_is_watching+0x12/0xc0
[ 2520.840980][T25406]  process_one_work+0x9cf/0x1b70
[ 2520.841019][T25406]  ? __pfx_nsim_dev_trap_report_work+0x10/0x10
[ 2520.841067][T25406]  ? __pfx_process_one_work+0x10/0x10
[ 2520.841109][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2520.841161][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2520.841195][T25406]  ? assign_work+0x1a0/0x250
[ 2520.841225][T25406]  worker_thread+0x6c8/0xf10
[ 2520.841260][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2520.841295][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2520.841330][T25406]  ? __kthread_parkme+0x19e/0x250
[ 2520.841371][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2520.841407][T25406]  ? __pfx_worker_thread+0x10/0x10
[ 2520.841439][T25406]  kthread+0x3c5/0x780
[ 2520.841467][T25406]  ? __pfx_kthread+0x10/0x10
[ 2520.841495][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2520.841530][T25406]  ? rcu_is_watching+0x12/0xc0
[ 2520.841566][T25406]  ? __pfx_kthread+0x10/0x10
[ 2520.841594][T25406]  ret_from_fork+0x5d7/0x6f0
[ 2520.841621][T25406]  ? __pfx_kthread+0x10/0x10
[ 2520.841649][T25406]  ret_from_fork_asm+0x1a/0x30
[ 2520.841694][T25406]  </TASK>
[ 2520.841704][T25406] 
[ 2521.366174][T25406] The buggy address belongs to the physical page:
[ 2521.372597][T25406] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x3e5 pfn:0x126e4
[ 2521.381530][T25406] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 2521.388641][T25406] page_type: f0(buddy)
[ 2521.392718][T25406] raw: 00fff00000000000 ffffea0001d8ce08 ffffea00012f0088 0000000000000000
[ 2521.401313][T25406] raw: 00000000000003e5 0000000000000000 00000000f0000000 0000000000000000
[ 2521.409890][T25406] page dumped because: kasan: bad access detected
[ 2521.416307][T25406] page_owner tracks the page as freed
[ 2521.421659][T25406] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 303, tgid 302 (syz.7.8407), ts 2513523256396, free_ts 2516257273897
[ 2521.439398][T25406]  post_alloc_hook+0x1c0/0x230
[ 2521.444250][T25406]  get_page_from_freelist+0x132b/0x38e0
[ 2521.449825][T25406]  __alloc_frozen_pages_noprof+0x261/0x23f0
[ 2521.455775][T25406]  alloc_pages_mpol+0x1fb/0x550
[ 2521.460632][T25406]  folio_alloc_mpol_noprof+0x36/0x2f0
[ 2521.466046][T25406]  shmem_alloc_folio+0x135/0x160
[ 2521.470999][T25406]  shmem_alloc_and_add_folio+0x499/0xc20
[ 2521.476656][T25406]  shmem_get_folio_gfp+0x67f/0x1600
[ 2521.481899][T25406]  shmem_fault+0x1fe/0xa30
[ 2521.486333][T25406]  __do_fault+0x10d/0x490
[ 2521.490684][T25406]  do_pte_missing+0xf50/0x3ba0
[ 2521.495476][T25406]  __handle_mm_fault+0x152a/0x2a50
[ 2521.500596][T25406]  handle_mm_fault+0x589/0xd10
[ 2521.505369][T25406]  __get_user_pages+0x551/0x34a0
[ 2521.510308][T25406]  populate_vma_page_range+0x267/0x3f0
[ 2521.515790][T25406]  __mm_populate+0x1d8/0x380
[ 2521.520384][T25406] page last free pid 303 tgid 302 stack trace:
[ 2521.526529][T25406]  free_unref_folios+0xa61/0x16b0
[ 2521.531569][T25406]  folios_put_refs+0x56f/0x740
[ 2521.536352][T25406]  shmem_undo_range+0x58f/0x1150
[ 2521.541332][T25406]  shmem_evict_inode+0x3a1/0xbe0
[ 2521.546310][T25406]  evict+0x3e6/0x920
[ 2521.550224][T25406]  iput+0x521/0x880
[ 2521.554064][T25406]  dentry_unlink_inode+0x29c/0x480
[ 2521.559195][T25406]  __dentry_kill+0x1d0/0x600
[ 2521.563813][T25406]  dput.part.0+0x4b1/0x9b0
[ 2521.568247][T25406]  dput+0x1f/0x30
[ 2521.571919][T25406]  __fput+0x51c/0xb70
[ 2521.575913][T25406]  task_work_run+0x150/0x240
[ 2521.580509][T25406]  do_exit+0x86f/0x2bf0
[ 2521.584682][T25406]  do_group_exit+0xd3/0x2a0
[ 2521.589297][T25406]  get_signal+0x2673/0x26d0
[ 2521.593833][T25406]  arch_do_signal_or_restart+0x8f/0x7d0
[ 2521.599402][T25406] 
[ 2521.601716][T25406] Memory state around the buggy address:
[ 2521.607346][T25406]  ffff8880126e4e80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2521.615435][T25406]  ffff8880126e4f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2521.623505][T25406] >ffff8880126e4f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2521.631566][T25406]                                                                 ^
[ 2521.639539][T25406]  ffff8880126e5000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2521.647730][T25406]  ffff8880126e5080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2521.656080][T25406] ==================================================================
[ 2521.670611][T25406] ==================================================================
[ 2521.678748][T25406] BUG: KASAN: use-after-free in ext4_ext_map_blocks+0x297b/0x5fe0
[ 2521.686695][T25406] Read of size 2 at addr ffff8880126e4ffc by task kworker/u8:8/25406
[ 2521.694789][T25406] 
[ 2521.697134][T25406] CPU: 1 UID: 0 PID: 25406 Comm: kworker/u8:8 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[ 2521.697193][T25406] Tainted: [B]=BAD_PAGE
[ 2521.697209][T25406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2521.697238][T25406] Workqueue: writeback wb_workfn (flush-7:9)
[ 2521.697293][T25406] Call Trace:
[ 2521.697304][T25406]  <TASK>
[ 2521.697316][T25406]  dump_stack_lvl+0x116/0x1f0
[ 2521.697362][T25406]  print_report+0xcd/0x630
[ 2521.697388][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2521.697425][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2521.697461][T25406]  ? __phys_addr+0xe8/0x180
[ 2521.697504][T25406]  ? ext4_ext_map_blocks+0x297b/0x5fe0
[ 2521.697547][T25406]  kasan_report+0xe0/0x110
[ 2521.697575][T25406]  ? ext4_ext_map_blocks+0x297b/0x5fe0
[ 2521.697622][T25406]  ext4_ext_map_blocks+0x297b/0x5fe0
[ 2521.697667][T25406]  ? ret_from_fork_asm+0x1a/0x30
[ 2521.697707][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2521.697742][T25406]  ? stack_trace_save+0x8e/0xc0
[ 2521.697784][T25406]  ? __pfx_stack_trace_save+0x10/0x10
[ 2521.697824][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2521.697862][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2521.697908][T25406]  ? __pfx_ext4_ext_map_blocks+0x10/0x10
[ 2521.697954][T25406]  ? ext4_do_writepages+0x167b/0x3cf0
[ 2521.697996][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2521.698033][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2521.698070][T25406]  ? __pfx___might_resched+0x10/0x10
[ 2521.698113][T25406]  ? __pfx_down_write+0x10/0x10
[ 2521.698160][T25406]  ? ext4_es_lookup_extent+0xc7/0xc50
[ 2521.698213][T25406]  ext4_map_blocks+0x570/0x1400
[ 2521.698247][T25406]  ? __pfx_ext4_map_blocks+0x10/0x10
[ 2521.698288][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2521.698337][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2521.698372][T25406]  ? kmem_cache_alloc_noprof+0x21e/0x3b0
[ 2521.698421][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2521.698457][T25406]  ? ext4_ext_index_trans_blocks+0x159/0x190
[ 2521.698499][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2521.698534][T25406]  ? __ext4_journal_ensure_credits+0x25e/0x2f0
[ 2521.698574][T25406]  ext4_do_writepages+0x1ffa/0x3cf0
[ 2521.698611][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2521.698662][T25406]  ? __pfx_ext4_do_writepages+0x10/0x10
[ 2521.698703][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2521.698744][T25406]  ? ext4_writepages+0x37a/0x7d0
[ 2521.698780][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2521.698815][T25406]  ext4_writepages+0x37a/0x7d0
[ 2521.698853][T25406]  ? __pfx_ext4_writepages+0x10/0x10
[ 2521.698889][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2521.698930][T25406]  ? __lock_acquire+0x62e/0x1ce0
[ 2521.698986][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2521.699021][T25406]  ? __lock_acquire+0xb97/0x1ce0
[ 2521.699068][T25406]  ? __pfx_ext4_writepages+0x10/0x10
[ 2521.699107][T25406]  do_writepages+0x27a/0x600
[ 2521.699149][T25406]  ? __pfx_do_writepages+0x10/0x10
[ 2521.699186][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2521.699222][T25406]  ? reacquire_held_locks+0xcd/0x1f0
[ 2521.699268][T25406]  ? writeback_sb_inodes+0x3b0/0xfa0
[ 2521.699311][T25406]  __writeback_single_inode+0x160/0xfb0
[ 2521.699352][T25406]  ? __pfx___writeback_single_inode+0x10/0x10
[ 2521.699405][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2521.699448][T25406]  ? do_raw_spin_unlock+0x172/0x230
[ 2521.699481][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2521.699519][T25406]  writeback_sb_inodes+0x60d/0xfa0
[ 2521.699566][T25406]  ? __pfx_writeback_sb_inodes+0x10/0x10
[ 2521.699630][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2521.699669][T25406]  ? rcu_is_watching+0x12/0xc0
[ 2521.699718][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2521.699754][T25406]  ? queue_io+0x3f6/0x520
[ 2521.699788][T25406]  wb_writeback+0x419/0xb70
[ 2521.699830][T25406]  ? __pfx_wb_writeback+0x10/0x10
[ 2521.699868][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2521.699916][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2521.699951][T25406]  ? mark_held_locks+0x49/0x80
[ 2521.700000][T25406]  wb_workfn+0x14d/0xbe0
[ 2521.700042][T25406]  ? try_to_wake_up+0x160/0x1870
[ 2521.700078][T25406]  ? __pfx_wb_workfn+0x10/0x10
[ 2521.700119][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2521.700157][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2521.700195][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2521.700230][T25406]  ? rcu_is_watching+0x12/0xc0
[ 2521.700270][T25406]  process_one_work+0x9cf/0x1b70
[ 2521.700309][T25406]  ? __pfx_nsim_dev_trap_report_work+0x10/0x10
[ 2521.700358][T25406]  ? __pfx_process_one_work+0x10/0x10
[ 2521.700390][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2521.700430][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2521.700468][T25406]  ? assign_work+0x1a0/0x250
[ 2521.700509][T25406]  worker_thread+0x6c8/0xf10
[ 2521.700559][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2521.700596][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2521.700631][T25406]  ? __kthread_parkme+0x19e/0x250
[ 2521.700673][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2521.700730][T25406]  ? __pfx_worker_thread+0x10/0x10
[ 2521.700763][T25406]  kthread+0x3c5/0x780
[ 2521.700791][T25406]  ? __pfx_kthread+0x10/0x10
[ 2521.700820][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2521.700856][T25406]  ? rcu_is_watching+0x12/0xc0
[ 2521.700893][T25406]  ? __pfx_kthread+0x10/0x10
[ 2521.700927][T25406]  ret_from_fork+0x5d7/0x6f0
[ 2521.700955][T25406]  ? __pfx_kthread+0x10/0x10
[ 2521.700984][T25406]  ret_from_fork_asm+0x1a/0x30
[ 2521.701030][T25406]  </TASK>
[ 2521.701040][T25406] 
[ 2522.225489][T25406] The buggy address belongs to the physical page:
[ 2522.231933][T25406] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x3e5 pfn:0x126e4
[ 2522.241163][T25406] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 2522.248313][T25406] page_type: f0(buddy)
[ 2522.252391][T25406] raw: 00fff00000000000 ffffea0001d8ce08 ffffea00012f0088 0000000000000000
[ 2522.260988][T25406] raw: 00000000000003e5 0000000000000000 00000000f0000000 0000000000000000
[ 2522.269597][T25406] page dumped because: kasan: bad access detected
[ 2522.276119][T25406] page_owner tracks the page as freed
[ 2522.281498][T25406] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 303, tgid 302 (syz.7.8407), ts 2513523256396, free_ts 2516257273897
[ 2522.299238][T25406]  post_alloc_hook+0x1c0/0x230
[ 2522.304039][T25406]  get_page_from_freelist+0x132b/0x38e0
[ 2522.309618][T25406]  __alloc_frozen_pages_noprof+0x261/0x23f0
[ 2522.315557][T25406]  alloc_pages_mpol+0x1fb/0x550
[ 2522.320436][T25406]  folio_alloc_mpol_noprof+0x36/0x2f0
[ 2522.325823][T25406]  shmem_alloc_folio+0x135/0x160
[ 2522.330780][T25406]  shmem_alloc_and_add_folio+0x499/0xc20
[ 2522.336696][T25406]  shmem_get_folio_gfp+0x67f/0x1600
[ 2522.341925][T25406]  shmem_fault+0x1fe/0xa30
[ 2522.346366][T25406]  __do_fault+0x10d/0x490
[ 2522.350723][T25406]  do_pte_missing+0xf50/0x3ba0
[ 2522.355512][T25406]  __handle_mm_fault+0x152a/0x2a50
[ 2522.360738][T25406]  handle_mm_fault+0x589/0xd10
[ 2522.365523][T25406]  __get_user_pages+0x551/0x34a0
[ 2522.370473][T25406]  populate_vma_page_range+0x267/0x3f0
[ 2522.375948][T25406]  __mm_populate+0x1d8/0x380
[ 2522.380550][T25406] page last free pid 303 tgid 302 stack trace:
[ 2522.386696][T25406]  free_unref_folios+0xa61/0x16b0
[ 2522.391744][T25406]  folios_put_refs+0x56f/0x740
[ 2522.396539][T25406]  shmem_undo_range+0x58f/0x1150
[ 2522.401512][T25406]  shmem_evict_inode+0x3a1/0xbe0
[ 2522.406478][T25406]  evict+0x3e6/0x920
[ 2522.410382][T25406]  iput+0x521/0x880
[ 2522.414202][T25406]  dentry_unlink_inode+0x29c/0x480
[ 2522.419327][T25406]  __dentry_kill+0x1d0/0x600
[ 2522.423965][T25406]  dput.part.0+0x4b1/0x9b0
[ 2522.428423][T25406]  dput+0x1f/0x30
[ 2522.432091][T25406]  __fput+0x51c/0xb70
[ 2522.436092][T25406]  task_work_run+0x150/0x240
[ 2522.440746][T25406]  do_exit+0x86f/0x2bf0
[ 2522.445053][T25406]  do_group_exit+0xd3/0x2a0
[ 2522.449605][T25406]  get_signal+0x2673/0x26d0
[ 2522.454135][T25406]  arch_do_signal_or_restart+0x8f/0x7d0
[ 2522.459717][T25406] 
[ 2522.462036][T25406] Memory state around the buggy address:
[ 2522.467660][T25406]  ffff8880126e4e80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2522.475815][T25406]  ffff8880126e4f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2522.483890][T25406] >ffff8880126e4f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2522.491951][T25406]                                                                 ^
[ 2522.499930][T25406]  ffff8880126e5000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2522.507998][T25406]  ffff8880126e5080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2522.516058][T25406] ==================================================================
[ 2522.529176][T25406] ==================================================================
[ 2522.537259][T25406] BUG: KASAN: use-after-free in ext4_ext_map_blocks+0x2985/0x5fe0
[ 2522.545101][T25406] Read of size 2 at addr ffff8880126e4ffc by task kworker/u8:8/25406
[ 2522.553184][T25406] 
[ 2522.555540][T25406] CPU: 1 UID: 0 PID: 25406 Comm: kworker/u8:8 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[ 2522.555595][T25406] Tainted: [B]=BAD_PAGE
[ 2522.555610][T25406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2522.555638][T25406] Workqueue: writeback wb_workfn (flush-7:9)
[ 2522.555702][T25406] Call Trace:
[ 2522.555715][T25406]  <TASK>
[ 2522.555731][T25406]  dump_stack_lvl+0x116/0x1f0
[ 2522.555785][T25406]  print_report+0xcd/0x630
[ 2522.555819][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2522.555872][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2522.555918][T25406]  ? __phys_addr+0xe8/0x180
[ 2522.555972][T25406]  ? ext4_ext_map_blocks+0x2985/0x5fe0
[ 2522.556027][T25406]  kasan_report+0xe0/0x110
[ 2522.556062][T25406]  ? ext4_ext_map_blocks+0x2985/0x5fe0
[ 2522.556121][T25406]  ext4_ext_map_blocks+0x2985/0x5fe0
[ 2522.556184][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2522.556229][T25406]  ? stack_trace_save+0x8e/0xc0
[ 2522.556283][T25406]  ? __pfx_stack_trace_save+0x10/0x10
[ 2522.556333][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2522.556381][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2522.556428][T25406]  ? __pfx_ext4_ext_map_blocks+0x10/0x10
[ 2522.556485][T25406]  ? ext4_do_writepages+0x167b/0x3cf0
[ 2522.556536][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2522.556584][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2522.556631][T25406]  ? __pfx___might_resched+0x10/0x10
[ 2522.556688][T25406]  ? __pfx_down_write+0x10/0x10
[ 2522.556754][T25406]  ? ext4_es_lookup_extent+0xc7/0xc50
[ 2522.556827][T25406]  ext4_map_blocks+0x570/0x1400
[ 2522.556882][T25406]  ? __pfx_ext4_map_blocks+0x10/0x10
[ 2522.556924][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2522.556970][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2522.557016][T25406]  ? kmem_cache_alloc_noprof+0x21e/0x3b0
[ 2522.557079][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2522.557124][T25406]  ? ext4_ext_index_trans_blocks+0x159/0x190
[ 2522.557177][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2522.557222][T25406]  ? __ext4_journal_ensure_credits+0x25e/0x2f0
[ 2522.557272][T25406]  ext4_do_writepages+0x1ffa/0x3cf0
[ 2522.557319][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2522.557381][T25406]  ? __pfx_ext4_do_writepages+0x10/0x10
[ 2522.557433][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2522.557485][T25406]  ? ext4_writepages+0x37a/0x7d0
[ 2522.557530][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2522.557574][T25406]  ext4_writepages+0x37a/0x7d0
[ 2522.557621][T25406]  ? __pfx_ext4_writepages+0x10/0x10
[ 2522.557667][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2522.557712][T25406]  ? __lock_acquire+0x62e/0x1ce0
[ 2522.557784][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2522.557828][T25406]  ? __lock_acquire+0xb97/0x1ce0
[ 2522.557893][T25406]  ? __pfx_ext4_writepages+0x10/0x10
[ 2522.557941][T25406]  do_writepages+0x27a/0x600
[ 2522.557995][T25406]  ? __pfx_do_writepages+0x10/0x10
[ 2522.558042][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2522.558086][T25406]  ? reacquire_held_locks+0xcd/0x1f0
[ 2522.558144][T25406]  ? writeback_sb_inodes+0x3b0/0xfa0
[ 2522.558198][T25406]  __writeback_single_inode+0x160/0xfb0
[ 2522.558249][T25406]  ? __pfx___writeback_single_inode+0x10/0x10
[ 2522.558299][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2522.558345][T25406]  ? do_raw_spin_unlock+0x172/0x230
[ 2522.558386][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2522.558434][T25406]  writeback_sb_inodes+0x60d/0xfa0
[ 2522.558493][T25406]  ? __pfx_writeback_sb_inodes+0x10/0x10
[ 2522.558573][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2522.558617][T25406]  ? rcu_is_watching+0x12/0xc0
[ 2522.558666][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2522.558711][T25406]  ? queue_io+0x3f6/0x520
[ 2522.558754][T25406]  wb_writeback+0x419/0xb70
[ 2522.558806][T25406]  ? __pfx_wb_writeback+0x10/0x10
[ 2522.558858][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2522.558909][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2522.558953][T25406]  ? mark_held_locks+0x49/0x80
[ 2522.559014][T25406]  wb_workfn+0x14d/0xbe0
[ 2522.559066][T25406]  ? try_to_wake_up+0x160/0x1870
[ 2522.559111][T25406]  ? __pfx_wb_workfn+0x10/0x10
[ 2522.559164][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2522.559210][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2522.559258][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2522.559303][T25406]  ? rcu_is_watching+0x12/0xc0
[ 2522.559352][T25406]  process_one_work+0x9cf/0x1b70
[ 2522.559400][T25406]  ? __pfx_nsim_dev_trap_report_work+0x10/0x10
[ 2522.559462][T25406]  ? __pfx_process_one_work+0x10/0x10
[ 2522.559504][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2522.559554][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2522.559599][T25406]  ? assign_work+0x1a0/0x250
[ 2522.559635][T25406]  worker_thread+0x6c8/0xf10
[ 2522.559679][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2522.559725][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2522.559770][T25406]  ? __kthread_parkme+0x19e/0x250
[ 2522.559824][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2522.559874][T25406]  ? __pfx_worker_thread+0x10/0x10
[ 2522.559915][T25406]  kthread+0x3c5/0x780
[ 2522.559950][T25406]  ? __pfx_kthread+0x10/0x10
[ 2522.559987][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2522.560031][T25406]  ? rcu_is_watching+0x12/0xc0
[ 2522.560078][T25406]  ? __pfx_kthread+0x10/0x10
[ 2522.560114][T25406]  ret_from_fork+0x5d7/0x6f0
[ 2522.560148][T25406]  ? __pfx_kthread+0x10/0x10
[ 2522.560184][T25406]  ret_from_fork_asm+0x1a/0x30
[ 2522.560241][T25406]  </TASK>
[ 2522.560255][T25406] 
[ 2523.079738][T25406] The buggy address belongs to the physical page:
[ 2523.086231][T25406] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x3e5 pfn:0x126e4
[ 2523.095171][T25406] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 2523.102287][T25406] page_type: f0(buddy)
[ 2523.106361][T25406] raw: 00fff00000000000 ffffea0001d8ce08 ffffea00012f0088 0000000000000000
[ 2523.114949][T25406] raw: 00000000000003e5 0000000000000000 00000000f0000000 0000000000000000
[ 2523.123526][T25406] page dumped because: kasan: bad access detected
[ 2523.129934][T25406] page_owner tracks the page as freed
[ 2523.135335][T25406] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 303, tgid 302 (syz.7.8407), ts 2513523256396, free_ts 2516257273897
[ 2523.153081][T25406]  post_alloc_hook+0x1c0/0x230
[ 2523.157902][T25406]  get_page_from_freelist+0x132b/0x38e0
[ 2523.163481][T25406]  __alloc_frozen_pages_noprof+0x261/0x23f0
[ 2523.169425][T25406]  alloc_pages_mpol+0x1fb/0x550
[ 2523.174285][T25406]  folio_alloc_mpol_noprof+0x36/0x2f0
[ 2523.179670][T25406]  shmem_alloc_folio+0x135/0x160
[ 2523.184623][T25406]  shmem_alloc_and_add_folio+0x499/0xc20
[ 2523.190276][T25406]  shmem_get_folio_gfp+0x67f/0x1600
[ 2523.195500][T25406]  shmem_fault+0x1fe/0xa30
[ 2523.199946][T25406]  __do_fault+0x10d/0x490
[ 2523.204300][T25406]  do_pte_missing+0xf50/0x3ba0
[ 2523.209084][T25406]  __handle_mm_fault+0x152a/0x2a50
[ 2523.214221][T25406]  handle_mm_fault+0x589/0xd10
[ 2523.219009][T25406]  __get_user_pages+0x551/0x34a0
[ 2523.223964][T25406]  populate_vma_page_range+0x267/0x3f0
[ 2523.229440][T25406]  __mm_populate+0x1d8/0x380
[ 2523.234048][T25406] page last free pid 303 tgid 302 stack trace:
[ 2523.240193][T25406]  free_unref_folios+0xa61/0x16b0
[ 2523.245252][T25406]  folios_put_refs+0x56f/0x740
[ 2523.250048][T25406]  shmem_undo_range+0x58f/0x1150
[ 2523.255017][T25406]  shmem_evict_inode+0x3a1/0xbe0
[ 2523.259981][T25406]  evict+0x3e6/0x920
[ 2523.263890][T25406]  iput+0x521/0x880
[ 2523.267713][T25406]  dentry_unlink_inode+0x29c/0x480
[ 2523.272835][T25406]  __dentry_kill+0x1d0/0x600
[ 2523.277441][T25406]  dput.part.0+0x4b1/0x9b0
[ 2523.281872][T25406]  dput+0x1f/0x30
[ 2523.285516][T25406]  __fput+0x51c/0xb70
[ 2523.289505][T25406]  task_work_run+0x150/0x240
[ 2523.294110][T25406]  do_exit+0x86f/0x2bf0
[ 2523.298287][T25406]  do_group_exit+0xd3/0x2a0
[ 2523.302842][T25406]  get_signal+0x2673/0x26d0
[ 2523.307359][T25406]  arch_do_signal_or_restart+0x8f/0x7d0
[ 2523.312952][T25406] 
[ 2523.315268][T25406] Memory state around the buggy address:
[ 2523.320899][T25406]  ffff8880126e4e80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2523.328983][T25406]  ffff8880126e4f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2523.337050][T25406] >ffff8880126e4f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2523.345136][T25406]                                                                 ^
[ 2523.353307][T25406]  ffff8880126e5000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2523.361794][T25406]  ffff8880126e5080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2523.369884][T25406] ==================================================================
[ 2523.384836][T25406] ==================================================================
[ 2523.392947][T25406] BUG: KASAN: use-after-free in ext4_ext_map_blocks+0x5119/0x5fe0
[ 2523.400896][T25406] Read of size 4 at addr ffff8880126e4ff8 by task kworker/u8:8/25406
[ 2523.408954][T25406] 
[ 2523.411362][T25406] CPU: 0 UID: 0 PID: 25406 Comm: kworker/u8:8 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[ 2523.411405][T25406] Tainted: [B]=BAD_PAGE
[ 2523.411417][T25406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2523.411438][T25406] Workqueue: writeback wb_workfn (flush-7:9)
[ 2523.411489][T25406] Call Trace:
[ 2523.411500][T25406]  <TASK>
[ 2523.411512][T25406]  dump_stack_lvl+0x116/0x1f0
[ 2523.411554][T25406]  print_report+0xcd/0x630
[ 2523.411580][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2523.411616][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2523.411651][T25406]  ? __phys_addr+0xe8/0x180
[ 2523.411691][T25406]  ? ext4_ext_map_blocks+0x5119/0x5fe0
[ 2523.411732][T25406]  kasan_report+0xe0/0x110
[ 2523.411760][T25406]  ? ext4_ext_map_blocks+0x5119/0x5fe0
[ 2523.411805][T25406]  ext4_ext_map_blocks+0x5119/0x5fe0
[ 2523.411854][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2523.411889][T25406]  ? stack_trace_save+0x8e/0xc0
[ 2523.411929][T25406]  ? __pfx_stack_trace_save+0x10/0x10
[ 2523.411969][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2523.412008][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2523.412044][T25406]  ? __pfx_ext4_ext_map_blocks+0x10/0x10
[ 2523.412117][T25406]  ? ext4_do_writepages+0x167b/0x3cf0
[ 2523.412159][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2523.412196][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2523.412232][T25406]  ? __pfx___might_resched+0x10/0x10
[ 2523.412277][T25406]  ? __pfx_down_write+0x10/0x10
[ 2523.412324][T25406]  ? ext4_es_lookup_extent+0xc7/0xc50
[ 2523.412375][T25406]  ext4_map_blocks+0x570/0x1400
[ 2523.412408][T25406]  ? __pfx_ext4_map_blocks+0x10/0x10
[ 2523.412440][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2523.412475][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2523.412510][T25406]  ? kmem_cache_alloc_noprof+0x21e/0x3b0
[ 2523.412557][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2523.412592][T25406]  ? ext4_ext_index_trans_blocks+0x159/0x190
[ 2523.412633][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2523.412668][T25406]  ? __ext4_journal_ensure_credits+0x25e/0x2f0
[ 2523.412706][T25406]  ext4_do_writepages+0x1ffa/0x3cf0
[ 2523.412742][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2523.412792][T25406]  ? __pfx_ext4_do_writepages+0x10/0x10
[ 2523.412832][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2523.412874][T25406]  ? ext4_writepages+0x37a/0x7d0
[ 2523.412908][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2523.412947][T25406]  ext4_writepages+0x37a/0x7d0
[ 2523.412984][T25406]  ? __pfx_ext4_writepages+0x10/0x10
[ 2523.413020][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2523.413054][T25406]  ? __lock_acquire+0x62e/0x1ce0
[ 2523.413111][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2523.413146][T25406]  ? __lock_acquire+0xb97/0x1ce0
[ 2523.413213][T25406]  ? __pfx_ext4_writepages+0x10/0x10
[ 2523.413256][T25406]  do_writepages+0x27a/0x600
[ 2523.413296][T25406]  ? __pfx_do_writepages+0x10/0x10
[ 2523.413332][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2523.413367][T25406]  ? reacquire_held_locks+0xcd/0x1f0
[ 2523.413413][T25406]  ? writeback_sb_inodes+0x3b0/0xfa0
[ 2523.413453][T25406]  __writeback_single_inode+0x160/0xfb0
[ 2523.413494][T25406]  ? __pfx___writeback_single_inode+0x10/0x10
[ 2523.413533][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2523.413568][T25406]  ? do_raw_spin_unlock+0x172/0x230
[ 2523.413599][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2523.413637][T25406]  writeback_sb_inodes+0x60d/0xfa0
[ 2523.413684][T25406]  ? __pfx_writeback_sb_inodes+0x10/0x10
[ 2523.413748][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2523.413783][T25406]  ? rcu_is_watching+0x12/0xc0
[ 2523.413819][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2523.413855][T25406]  ? queue_io+0x3f6/0x520
[ 2523.413889][T25406]  wb_writeback+0x419/0xb70
[ 2523.413931][T25406]  ? __pfx_wb_writeback+0x10/0x10
[ 2523.413967][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2523.414008][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2523.414044][T25406]  ? mark_held_locks+0x49/0x80
[ 2523.414091][T25406]  wb_workfn+0x14d/0xbe0
[ 2523.414137][T25406]  ? try_to_wake_up+0x160/0x1870
[ 2523.414173][T25406]  ? __pfx_wb_workfn+0x10/0x10
[ 2523.414213][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2523.414250][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2523.414306][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2523.414349][T25406]  ? rcu_is_watching+0x12/0xc0
[ 2523.414389][T25406]  process_one_work+0x9cf/0x1b70
[ 2523.414428][T25406]  ? __pfx_nsim_dev_trap_report_work+0x10/0x10
[ 2523.414478][T25406]  ? __pfx_process_one_work+0x10/0x10
[ 2523.414511][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2523.414551][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2523.414586][T25406]  ? assign_work+0x1a0/0x250
[ 2523.414615][T25406]  worker_thread+0x6c8/0xf10
[ 2523.414651][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2523.414687][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2523.414722][T25406]  ? __kthread_parkme+0x19e/0x250
[ 2523.414765][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2523.414801][T25406]  ? __pfx_worker_thread+0x10/0x10
[ 2523.414834][T25406]  kthread+0x3c5/0x780
[ 2523.414863][T25406]  ? __pfx_kthread+0x10/0x10
[ 2523.414892][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2523.414928][T25406]  ? rcu_is_watching+0x12/0xc0
[ 2523.414964][T25406]  ? __pfx_kthread+0x10/0x10
[ 2523.414994][T25406]  ret_from_fork+0x5d7/0x6f0
[ 2523.415021][T25406]  ? __pfx_kthread+0x10/0x10
[ 2523.415049][T25406]  ret_from_fork_asm+0x1a/0x30
[ 2523.415094][T25406]  </TASK>
[ 2523.415110][T25406] 
[ 2523.935687][T25406] The buggy address belongs to the physical page:
[ 2523.942105][T25406] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x3e5 pfn:0x126e4
[ 2523.951054][T25406] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 2523.958175][T25406] page_type: f0(buddy)
[ 2523.962367][T25406] raw: 00fff00000000000 ffffea0001d8ce08 ffffea00012f0088 0000000000000000
[ 2523.970963][T25406] raw: 00000000000003e5 0000000000000000 00000000f0000000 0000000000000000
[ 2523.979541][T25406] page dumped because: kasan: bad access detected
[ 2523.986163][T25406] page_owner tracks the page as freed
[ 2523.991541][T25406] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 303, tgid 302 (syz.7.8407), ts 2513523256396, free_ts 2516257273897
[ 2524.009357][T25406]  post_alloc_hook+0x1c0/0x230
[ 2524.014185][T25406]  get_page_from_freelist+0x132b/0x38e0
[ 2524.019782][T25406]  __alloc_frozen_pages_noprof+0x261/0x23f0
[ 2524.025728][T25406]  alloc_pages_mpol+0x1fb/0x550
[ 2524.030582][T25406]  folio_alloc_mpol_noprof+0x36/0x2f0
[ 2524.035984][T25406]  shmem_alloc_folio+0x135/0x160
[ 2524.040949][T25406]  shmem_alloc_and_add_folio+0x499/0xc20
[ 2524.046591][T25406]  shmem_get_folio_gfp+0x67f/0x1600
[ 2524.051832][T25406]  shmem_fault+0x1fe/0xa30
[ 2524.056317][T25406]  __do_fault+0x10d/0x490
[ 2524.060675][T25406]  do_pte_missing+0xf50/0x3ba0
[ 2524.065490][T25406]  __handle_mm_fault+0x152a/0x2a50
[ 2524.070613][T25406]  handle_mm_fault+0x589/0xd10
[ 2524.075404][T25406]  __get_user_pages+0x551/0x34a0
[ 2524.080348][T25406]  populate_vma_page_range+0x267/0x3f0
[ 2524.085988][T25406]  __mm_populate+0x1d8/0x380
[ 2524.090602][T25406] page last free pid 303 tgid 302 stack trace:
[ 2524.096752][T25406]  free_unref_folios+0xa61/0x16b0
[ 2524.101805][T25406]  folios_put_refs+0x56f/0x740
[ 2524.106614][T25406]  shmem_undo_range+0x58f/0x1150
[ 2524.111647][T25406]  shmem_evict_inode+0x3a1/0xbe0
[ 2524.116628][T25406]  evict+0x3e6/0x920
[ 2524.120545][T25406]  iput+0x521/0x880
[ 2524.124382][T25406]  dentry_unlink_inode+0x29c/0x480
[ 2524.129504][T25406]  __dentry_kill+0x1d0/0x600
[ 2524.134212][T25406]  dput.part.0+0x4b1/0x9b0
[ 2524.138645][T25406]  dput+0x1f/0x30
[ 2524.142286][T25406]  __fput+0x51c/0xb70
[ 2524.146286][T25406]  task_work_run+0x150/0x240
[ 2524.150908][T25406]  do_exit+0x86f/0x2bf0
[ 2524.155196][T25406]  do_group_exit+0xd3/0x2a0
[ 2524.159735][T25406]  get_signal+0x2673/0x26d0
[ 2524.164281][T25406]  arch_do_signal_or_restart+0x8f/0x7d0
[ 2524.169839][T25406] 
[ 2524.172161][T25406] Memory state around the buggy address:
[ 2524.177788][T25406]  ffff8880126e4e80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2524.185880][T25406]  ffff8880126e4f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2524.193940][T25406] >ffff8880126e4f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2524.202000][T25406]                                                                 ^
[ 2524.210026][T25406]  ffff8880126e5000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2524.218095][T25406]  ffff8880126e5080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2524.226152][T25406] ==================================================================
[ 2524.238480][T25406] ==================================================================
[ 2524.246553][T25406] BUG: KASAN: use-after-free in ext4_ext_map_blocks+0x5151/0x5fe0
[ 2524.254493][T25406] Read of size 2 at addr ffff8880126e4ffe by task kworker/u8:8/25406
[ 2524.262649][T25406] 
[ 2524.264975][T25406] CPU: 0 UID: 0 PID: 25406 Comm: kworker/u8:8 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[ 2524.265028][T25406] Tainted: [B]=BAD_PAGE
[ 2524.265041][T25406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2524.265067][T25406] Workqueue: writeback wb_workfn (flush-7:9)
[ 2524.265131][T25406] Call Trace:
[ 2524.265144][T25406]  <TASK>
[ 2524.265159][T25406]  dump_stack_lvl+0x116/0x1f0
[ 2524.265211][T25406]  print_report+0xcd/0x630
[ 2524.265243][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2524.265287][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2524.265330][T25406]  ? __phys_addr+0xe8/0x180
[ 2524.265380][T25406]  ? ext4_ext_map_blocks+0x5151/0x5fe0
[ 2524.265432][T25406]  kasan_report+0xe0/0x110
[ 2524.265466][T25406]  ? ext4_ext_map_blocks+0x5151/0x5fe0
[ 2524.265521][T25406]  ext4_ext_map_blocks+0x5151/0x5fe0
[ 2524.265580][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2524.265622][T25406]  ? stack_trace_save+0x8e/0xc0
[ 2524.265672][T25406]  ? __pfx_stack_trace_save+0x10/0x10
[ 2524.265720][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2524.265766][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2524.265809][T25406]  ? __pfx_ext4_ext_map_blocks+0x10/0x10
[ 2524.265867][T25406]  ? ext4_do_writepages+0x167b/0x3cf0
[ 2524.265915][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2524.265959][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2524.266003][T25406]  ? __pfx___might_resched+0x10/0x10
[ 2524.266055][T25406]  ? __pfx_down_write+0x10/0x10
[ 2524.266109][T25406]  ? ext4_es_lookup_extent+0xc7/0xc50
[ 2524.266171][T25406]  ext4_map_blocks+0x570/0x1400
[ 2524.266212][T25406]  ? __pfx_ext4_map_blocks+0x10/0x10
[ 2524.266250][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2524.266292][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2524.266334][T25406]  ? kmem_cache_alloc_noprof+0x21e/0x3b0
[ 2524.266393][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2524.266436][T25406]  ? ext4_ext_index_trans_blocks+0x159/0x190
[ 2524.266486][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2524.266528][T25406]  ? __ext4_journal_ensure_credits+0x25e/0x2f0
[ 2524.266575][T25406]  ext4_do_writepages+0x1ffa/0x3cf0
[ 2524.266619][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2524.266682][T25406]  ? __pfx_ext4_do_writepages+0x10/0x10
[ 2524.266731][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2524.266780][T25406]  ? ext4_writepages+0x37a/0x7d0
[ 2524.266822][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2524.266870][T25406]  ext4_writepages+0x37a/0x7d0
[ 2524.266914][T25406]  ? __pfx_ext4_writepages+0x10/0x10
[ 2524.266957][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2524.267000][T25406]  ? __lock_acquire+0x62e/0x1ce0
[ 2524.267066][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2524.267109][T25406]  ? __lock_acquire+0xb97/0x1ce0
[ 2524.267165][T25406]  ? __pfx_ext4_writepages+0x10/0x10
[ 2524.267210][T25406]  do_writepages+0x27a/0x600
[ 2524.267259][T25406]  ? __pfx_do_writepages+0x10/0x10
[ 2524.267303][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2524.267346][T25406]  ? reacquire_held_locks+0xcd/0x1f0
[ 2524.267401][T25406]  ? writeback_sb_inodes+0x3b0/0xfa0
[ 2524.267450][T25406]  __writeback_single_inode+0x160/0xfb0
[ 2524.267500][T25406]  ? __pfx___writeback_single_inode+0x10/0x10
[ 2524.267547][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2524.267590][T25406]  ? do_raw_spin_unlock+0x172/0x230
[ 2524.267628][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2524.267673][T25406]  writeback_sb_inodes+0x60d/0xfa0
[ 2524.267729][T25406]  ? __pfx_writeback_sb_inodes+0x10/0x10
[ 2524.267805][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2524.267847][T25406]  ? rcu_is_watching+0x12/0xc0
[ 2524.267897][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2524.267939][T25406]  ? queue_io+0x3f6/0x520
[ 2524.267980][T25406]  wb_writeback+0x419/0xb70
[ 2524.268031][T25406]  ? __pfx_wb_writeback+0x10/0x10
[ 2524.268075][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2524.268123][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2524.268166][T25406]  ? mark_held_locks+0x49/0x80
[ 2524.268224][T25406]  wb_workfn+0x14d/0xbe0
[ 2524.268273][T25406]  ? try_to_wake_up+0x160/0x1870
[ 2524.268316][T25406]  ? __pfx_wb_workfn+0x10/0x10
[ 2524.268365][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2524.268409][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2524.268455][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2524.268497][T25406]  ? rcu_is_watching+0x12/0xc0
[ 2524.268544][T25406]  process_one_work+0x9cf/0x1b70
[ 2524.268590][T25406]  ? __pfx_nsim_dev_trap_report_work+0x10/0x10
[ 2524.268649][T25406]  ? __pfx_process_one_work+0x10/0x10
[ 2524.268689][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2524.268736][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2524.268779][T25406]  ? assign_work+0x1a0/0x250
[ 2524.268814][T25406]  worker_thread+0x6c8/0xf10
[ 2524.268861][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2524.268904][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2524.268947][T25406]  ? __kthread_parkme+0x19e/0x250
[ 2524.268999][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2524.269043][T25406]  ? __pfx_worker_thread+0x10/0x10
[ 2524.269082][T25406]  kthread+0x3c5/0x780
[ 2524.269115][T25406]  ? __pfx_kthread+0x10/0x10
[ 2524.269151][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2524.269193][T25406]  ? rcu_is_watching+0x12/0xc0
[ 2524.269237][T25406]  ? __pfx_kthread+0x10/0x10
[ 2524.269272][T25406]  ret_from_fork+0x5d7/0x6f0
[ 2524.269305][T25406]  ? __pfx_kthread+0x10/0x10
[ 2524.269339][T25406]  ret_from_fork_asm+0x1a/0x30
[ 2524.269393][T25406]  </TASK>
[ 2524.269405][T25406] 
[ 2524.789543][T25406] The buggy address belongs to the physical page:
[ 2524.795973][T25406] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x3e5 pfn:0x126e4
[ 2524.805001][T25406] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 2524.812122][T25406] page_type: f0(buddy)
[ 2524.816192][T25406] raw: 00fff00000000000 ffffea0001d8ce08 ffffea00012f0088 0000000000000000
[ 2524.824783][T25406] raw: 00000000000003e5 0000000000000000 00000000f0000000 0000000000000000
[ 2524.833361][T25406] page dumped because: kasan: bad access detected
[ 2524.839800][T25406] page_owner tracks the page as freed
[ 2524.845252][T25406] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 303, tgid 302 (syz.7.8407), ts 2513523256396, free_ts 2516257273897
[ 2524.863208][T25406]  post_alloc_hook+0x1c0/0x230
[ 2524.868025][T25406]  get_page_from_freelist+0x132b/0x38e0
[ 2524.873633][T25406]  __alloc_frozen_pages_noprof+0x261/0x23f0
[ 2524.879561][T25406]  alloc_pages_mpol+0x1fb/0x550
[ 2524.884423][T25406]  folio_alloc_mpol_noprof+0x36/0x2f0
[ 2524.889810][T25406]  shmem_alloc_folio+0x135/0x160
[ 2524.894805][T25406]  shmem_alloc_and_add_folio+0x499/0xc20
[ 2524.900471][T25406]  shmem_get_folio_gfp+0x67f/0x1600
[ 2524.905709][T25406]  shmem_fault+0x1fe/0xa30
[ 2524.910153][T25406]  __do_fault+0x10d/0x490
[ 2524.914512][T25406]  do_pte_missing+0xf50/0x3ba0
[ 2524.919391][T25406]  __handle_mm_fault+0x152a/0x2a50
[ 2524.924764][T25406]  handle_mm_fault+0x589/0xd10
[ 2524.929578][T25406]  __get_user_pages+0x551/0x34a0
[ 2524.934533][T25406]  populate_vma_page_range+0x267/0x3f0
[ 2524.940012][T25406]  __mm_populate+0x1d8/0x380
[ 2524.944621][T25406] page last free pid 303 tgid 302 stack trace:
[ 2524.950773][T25406]  free_unref_folios+0xa61/0x16b0
[ 2524.955824][T25406]  folios_put_refs+0x56f/0x740
[ 2524.960678][T25406]  shmem_undo_range+0x58f/0x1150
[ 2524.965745][T25406]  shmem_evict_inode+0x3a1/0xbe0
[ 2524.970712][T25406]  evict+0x3e6/0x920
[ 2524.974625][T25406]  iput+0x521/0x880
[ 2524.978736][T25406]  dentry_unlink_inode+0x29c/0x480
[ 2524.983885][T25406]  __dentry_kill+0x1d0/0x600
[ 2524.988526][T25406]  dput.part.0+0x4b1/0x9b0
[ 2524.993176][T25406]  dput+0x1f/0x30
[ 2524.996916][T25406]  __fput+0x51c/0xb70
[ 2525.000912][T25406]  task_work_run+0x150/0x240
[ 2525.005509][T25406]  do_exit+0x86f/0x2bf0
[ 2525.009729][T25406]  do_group_exit+0xd3/0x2a0
[ 2525.014257][T25406]  get_signal+0x2673/0x26d0
[ 2525.018797][T25406]  arch_do_signal_or_restart+0x8f/0x7d0
[ 2525.024365][T25406] 
[ 2525.026687][T25406] Memory state around the buggy address:
[ 2525.032449][T25406]  ffff8880126e4e80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2525.040532][T25406]  ffff8880126e4f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2525.048688][T25406] >ffff8880126e4f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2525.056776][T25406]                                                                 ^
[ 2525.064750][T25406]  ffff8880126e5000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2525.072823][T25406]  ffff8880126e5080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2525.080897][T25406] ==================================================================
[ 2525.099565][T25406] ==================================================================
[ 2525.107927][T25406] BUG: KASAN: use-after-free in ext4_ext_search_right+0x8eb/0xba0
[ 2525.115854][T25406] Read of size 2 at addr ffff8880126e4ffc by task kworker/u8:8/25406
[ 2525.123941][T25406] 
[ 2525.126275][T25406] CPU: 1 UID: 0 PID: 25406 Comm: kworker/u8:8 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[ 2525.126318][T25406] Tainted: [B]=BAD_PAGE
[ 2525.126330][T25406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2525.126352][T25406] Workqueue: writeback wb_workfn (flush-7:9)
[ 2525.126407][T25406] Call Trace:
[ 2525.126422][T25406]  <TASK>
[ 2525.126438][T25406]  dump_stack_lvl+0x116/0x1f0
[ 2525.126490][T25406]  print_report+0xcd/0x630
[ 2525.126516][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2525.126553][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2525.126587][T25406]  ? __phys_addr+0xe8/0x180
[ 2525.126632][T25406]  ? ext4_ext_search_right+0x8eb/0xba0
[ 2525.126685][T25406]  kasan_report+0xe0/0x110
[ 2525.126724][T25406]  ? ext4_ext_search_right+0x8eb/0xba0
[ 2525.126794][T25406]  ext4_ext_search_right+0x8eb/0xba0
[ 2525.126856][T25406]  ? ext4_ext_map_blocks+0x5151/0x5fe0
[ 2525.126929][T25406]  ext4_ext_map_blocks+0x134b/0x5fe0
[ 2525.127008][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2525.127065][T25406]  ? stack_trace_save+0x8e/0xc0
[ 2525.127141][T25406]  ? __pfx_stack_trace_save+0x10/0x10
[ 2525.127201][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2525.127242][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2525.127277][T25406]  ? __pfx_ext4_ext_map_blocks+0x10/0x10
[ 2525.127321][T25406]  ? ext4_do_writepages+0x167b/0x3cf0
[ 2525.127360][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2525.127397][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2525.127433][T25406]  ? __pfx___might_resched+0x10/0x10
[ 2525.127476][T25406]  ? __pfx_down_write+0x10/0x10
[ 2525.127535][T25406]  ? ext4_es_lookup_extent+0xc7/0xc50
[ 2525.127601][T25406]  ext4_map_blocks+0x570/0x1400
[ 2525.127635][T25406]  ? __pfx_ext4_map_blocks+0x10/0x10
[ 2525.127666][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2525.127701][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2525.127735][T25406]  ? kmem_cache_alloc_noprof+0x21e/0x3b0
[ 2525.127784][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2525.127818][T25406]  ? ext4_ext_index_trans_blocks+0x159/0x190
[ 2525.127859][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2525.127895][T25406]  ? __ext4_journal_ensure_credits+0x25e/0x2f0
[ 2525.127934][T25406]  ext4_do_writepages+0x1ffa/0x3cf0
[ 2525.127970][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2525.128021][T25406]  ? __pfx_ext4_do_writepages+0x10/0x10
[ 2525.128062][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2525.128102][T25406]  ? ext4_writepages+0x37a/0x7d0
[ 2525.128144][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2525.128178][T25406]  ext4_writepages+0x37a/0x7d0
[ 2525.128215][T25406]  ? __pfx_ext4_writepages+0x10/0x10
[ 2525.128250][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2525.128285][T25406]  ? __lock_acquire+0x62e/0x1ce0
[ 2525.128338][T25406]  ? srso_alias_return_thunk+0x5/0xfbef5