last executing test programs:

1.425293883s ago: executing program 1 (id=3192):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='fd\x00')
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
socket$igmp6(0xa, 0x3, 0x2)
syz_emit_ethernet(0x5e, &(0x7f00000001c0)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x10}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "0000a0", 0x28, 0x3a, 0xff, @local, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @mcast1={0xff, 0x5}, @ipv4={'\x00', '\xff\xff', @multicast2}}}}}}}, 0x0)
sendmsg$SMC_PNETID_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f00000005c0)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0xf, 0x7ffc0001}]})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=@newlink={0x4c, 0x10, 0x437, 0x1, 0x25dfdbb8, {0x0, 0x0, 0x0, r1, 0x40c89}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @ipip={{0x9}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x8, 0x2, @remote}, @IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x2}, @IFLA_IPTUN_ENCAP_FLAGS={0x6, 0x10, 0xb}]}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x44801}, 0x0)
r2 = socket$inet(0x2, 0x2, 0x0)
sendmmsg$inet(r2, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @loopback}, 0x10, 0x0, 0x0, &(0x7f00000004c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r1, @empty, @loopback}}}], 0x20}}], 0x1, 0x4040880)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x1000005, 0x32, 0x0, 0x471ac000)
faccessat2(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1200)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000100000028"], 0x50)
r4 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0)
dup3(r4, r5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
name_to_handle_at(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000580)=ANY=[@ANYBLOB='('], &(0x7f00000001c0), 0x1200)

1.395129514s ago: executing program 1 (id=3196):
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
r3 = dup(r0)
write$P9_RLERRORu(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000800)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x101, 0x0, 0x0, 0x41100, 0x59}, 0x94)
write$binfmt_elf64(r3, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
creat(&(0x7f00000003c0)='./file0\x00', 0x36)

1.370603434s ago: executing program 1 (id=3198):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)={0x14, r1, 0x303, 0x0, 0xfffffffc}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x4c, r1, 0x8, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x6}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x800}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40014}, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001400)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
pipe2$9p(&(0x7f0000000140)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
r6 = dup(r5)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[{@msize={'msize', 0x3d, 0x1000}}], [], 0x6b}})
getsockopt$WPAN_WANTLQI(r6, 0x0, 0x3, &(0x7f0000000300), &(0x7f00000003c0)=0x4)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r7, 0x0, 0x2}, 0x18)
sendmsg$key(r2, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300030e0000002cbd7000fbdbdf2503000900800000001cdc0dca1d9f68846960e56de42944af030006000000000002004e20ac1414bb000000000000000002000100000000000000070c00000000030005000000000002004e20ac1e01010000000000000000010014"], 0x70}, 0x1, 0x7}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r8 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x74903, 0x0)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000540)='./file1\x00', 0x145402, 0x1d2)
symlinkat(&(0x7f00000000c0)='./file0\x00', r9, &(0x7f0000000100)='./file0\x00')
keyctl$chown(0x6, 0x0, 0x0, 0x0)
write$binfmt_misc(r9, &(0x7f0000000240)="93a3fee913f62d4a4ba4068053a34f772a9dbcbeb47f19b4b270d615a40dcc4b24d52c08efd739eaf2e8a4cdc3c217883acde0943f657200202e4f911bcbc855a2b4108111c3e680c6f482f95d838462cab8dcfae0adb61424cc75eceacd1e803d6db634df2564ebc2d63f1633e635836baabca13572d839cf1581c829da1eb4a351e87d004756", 0x87)
write$vga_arbiter(r8, &(0x7f0000000340)=ANY=[@ANYBLOB='decodes mem'], 0xc)
socket(0x2a, 0x3, 0x0)

1.337513445s ago: executing program 1 (id=3200):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000200)='kfree\x00', r0, 0x0, 0xfffffffffffffffc}, 0x18)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="09000000030000000800000004"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000003000000000000000000050018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kfree\x00', r3}, 0x18)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0xf, 0x0, 0x7fff8000}]})
setuid(0x0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a310000000054000000030a01020000000000000000010000000900030073797a320000000028000480080002400000000008000140000000051400030076657468315f6d6163767461700000000900010073797a31000000004c000000050a01020000000000000000010020000c00024000000000000000010900010073797a3100000000200004801400030076657468315f6d6163767461700000000800014000000005"], 0xe8}, 0x1, 0x0, 0x0, 0x895}, 0x0)

1.295376095s ago: executing program 1 (id=3204):
bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x10, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
r4 = dup(r1)
write$P9_RLERRORu(r4, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000800)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x101, 0x0, 0x0, 0x41100, 0x59}, 0x94)
write$binfmt_elf64(r4, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])
creat(&(0x7f00000003c0)='./file0\x00', 0x36)

1.239013207s ago: executing program 1 (id=3209):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='nv', 0x2)
connect$inet(r0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="34000000040601040000000000000000030000040900020073797a32000000000900020073797a310000000005000100070000002f71bfe9b0e9a6625e091b6d55f75e3c000aad05c9dc0d57d6f6c8bff20322f49c6ad2843c79804bbc5caeb9751e2537d8dfb90983f5b27b7263f24c1ba06265e6c0f304e20bcf4ea0d419bdd897abef6b9ac8dea48e08ef9e31d53043f418589cbc1d69071450ab1a2b73b6db0a804ba575b71621ba7ed3bc81e882161fd2087691caa4df28d05b01e4b14b5e3c8911a9185c0eb125ec788b84fa559b0f9bafdc6975b666a3b342ffb00537dd4d9e2099aa3520191463eb37e0750f783be98bca1f772038e5007ce0290ba82c72c7de2d057e"], 0x34}}, 0x4000000)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
syz_read_part_table(0x406a, &(0x7f0000008100)="$eJzsz0FK62AUBeDzv7y2EQJF0JEgFufSoaPsonPpGhyrmJ04FBcgOHY7biFCi6UpKIKIKN83CPdy7glJ+Fnjzx7Wm6kkeVw+7Cc5maWbz9fh/7d8b7tWVs8myWWSyfCdi/svfTsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPCb/Rts1ztpvZmWR+mu2pw3SX04TW6rjNrjkoNkdrY+qbabVZ7GSUqSl6RZTL/xHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAP+RisE124+aD6t1puna0Gm+S9H3fDw9K8vxOt35ldw4GAABAAIidZJJR5tB7I1jNProAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCxAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhR04kAEAAAAQ5m+dR/sBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFgpAAD//8MFExM=")
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb010018000000000000003000000030000000020000000000000000000005ff030000000000000200000d"], &(0x7f0000000f40)=""/4089, 0x4a, 0xff9, 0xa, 0x7fb}, 0x28)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r2, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f0000000640)=[{0x6, 0x83, 0xfc, 0xfffffffe}]}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f0000000a00)=ANY=[@ANYBLOB="180100000700002c0000000000000004850000002a00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fffe}, 0x94)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
write$binfmt_script(r3, &(0x7f0000002f80)={'#! ', './cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0xff1)

1.196385708s ago: executing program 3 (id=3213):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2b, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r2, 0x0, 0xfffffffffffffffc}, 0x18)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000002c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010026bd70000000000025000000180001801400020064756d6d7930"], 0x2c}, 0x1, 0x0, 0x0, 0x2008040}, 0x880)

1.149025459s ago: executing program 3 (id=3216):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000200)='kfree\x00', r0, 0x0, 0xfffffffffffffffc}, 0x18)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="09000000030000000800000004"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000003000000000000000000050018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kfree\x00', r3}, 0x18)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0xf, 0x0, 0x7fff8000}]})
setuid(0x0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a310000000054000000030a01020000000000000000010000000900030073797a320000000028000480080002400000000008000140000000051400030076657468315f6d6163767461700000000900010073797a31000000004c000000050a01020000000000000000010020000c00024000000000000000010900010073797a3100000000200004801400030076657468315f6d6163767461700000000800014000000005"], 0xe8}, 0x1, 0x0, 0x0, 0x895}, 0x0)

1.117437909s ago: executing program 3 (id=3219):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x3}, 0x18)
r2 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341)
ioctl$USBDEVFS_FREE_STREAMS(r2, 0x8008551d, &(0x7f0000000200)=ANY=[@ANYBLOB="eb022000010000009a"])

997.588101ms ago: executing program 3 (id=3222):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB], &(0x7f00000001c0)='GPL\x00', 0x4, 0x0, 0x0, 0x41100}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0, 0x0, 0x10001}, 0x18)
execve(0x0, 0x0, 0x0)

898.335193ms ago: executing program 3 (id=3227):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
write$selinux_attr(r1, &(0x7f0000000040)='system_u:object_r:pam_console_exec_t:s0\x00', 0x12)

864.023254ms ago: executing program 3 (id=3229):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0a000000040000000c0000000b"], 0x50)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r3)
socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_int(r3, 0x6, 0x1e, 0x0, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x9, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000006020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b70300000000ecff850000000400000018110000", @ANYRES32=r2], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='cdg', 0x3)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f00000002c0)='bbr', 0x3)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0xe}, 0x18)
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a00)=@newqdisc={0x470, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x4, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x43c, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x3, 0x2, 0x4, 0x15da, 0x6d, 0x101, 0xb0, 0x6, 0x1, 0x4, 0x9, 0x8, 0x5, 0xba000000, 0xfffffff9, 0x7d, 0x4, 0xc70b, 0x8, 0x2, 0x1fe00, 0x6, 0xc, 0x5, 0x7, 0x1, 0x10000, 0x6, 0x5a, 0x4, 0xc0, 0xfffffffd, 0x6, 0x5, 0x8, 0xb36, 0x8, 0x6, 0xffff5574, 0x7, 0x4, 0x7fffffff, 0x359, 0x0, 0xd2, 0x5, 0x3, 0x7, 0x0, 0x0, 0x6, 0xe, 0x36ad, 0xfffffffd, 0x200, 0x4, 0x1, 0x36, 0x4764, 0x6, 0x80000001, 0xffffffff, 0x17, 0x8, 0x2, 0x9, 0xe35, 0x8000, 0x3, 0x7, 0x3, 0x9, 0x80, 0x4, 0x8, 0xb9a, 0x7, 0x3, 0x0, 0x5, 0x6, 0x3, 0xb, 0xc26, 0x6, 0x2, 0x80000000, 0x4, 0x9, 0x5, 0xffffd287, 0x0, 0x5, 0x0, 0x10001, 0x5, 0x3, 0x2, 0x7, 0xfff, 0x3, 0x4, 0xa53, 0x6, 0xfffff8fe, 0x1, 0x0, 0xee5b, 0x6, 0x2d0, 0x1, 0x2, 0x4d, 0x8001, 0xffffffff, 0x219a, 0x8001, 0x0, 0xb5f, 0x40, 0x8001, 0x9, 0x7cc, 0x6, 0x39, 0xf, 0x1, 0x7, 0x5f, 0xffffd932, 0x7ff, 0x9, 0x3, 0x1, 0x1, 0xf0, 0x4, 0xff, 0x5, 0x8001, 0x9, 0x0, 0x3, 0x1, 0x101, 0x1, 0x7ff, 0xf, 0x7a, 0x10, 0x0, 0x6, 0x8, 0x8, 0x2, 0x6, 0x6, 0x0, 0x6, 0x7, 0x7fffffff, 0x9, 0x0, 0x7c63, 0x0, 0x80000001, 0x4, 0x1, 0x8000, 0x1, 0x80b2, 0x0, 0x8, 0x7, 0x495c0ff, 0x4, 0x5, 0x2, 0x400, 0x4, 0xb, 0xfffffffb, 0x2, 0x5, 0x7, 0x67f, 0x166, 0x4, 0xf0fe, 0x1e25, 0x7, 0x1, 0x7ff, 0x7fffffff, 0x3, 0x2, 0x10001, 0xd, 0xfffffff8, 0xd8, 0x1, 0x100, 0x1ff, 0x40, 0x5, 0x80000000, 0xfffffffd, 0x10, 0x9, 0x1, 0x6, 0x81, 0x9, 0x5, 0x304, 0xd, 0x9, 0x7, 0x3, 0xe, 0x1, 0xfffeffff, 0x7, 0x26e8f82f, 0x2, 0xe37, 0x7, 0x80000001, 0x6, 0x101, 0x1, 0x5, 0x80, 0x3ff, 0xfffffffe, 0x7, 0x679, 0x7, 0x7, 0xffffffa6, 0x9, 0x5, 0x3, 0x9, 0xc2, 0x5, 0xfffffffc, 0x0, 0x250, 0xfffffffd, 0xe253, 0x80000001, 0xcca, 0xd, 0x3, 0x4]}, @TCA_TBF_RATE64={0xc, 0x4, 0xec73e2f8611702aa}, @TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x0, 0x0, 0x9}, {0x2, 0x0, 0x5, 0x0, 0x0, 0x40}}}]}}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x249}]}, 0x470}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffd, 0x4)
sendmsg(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)}, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r5, 0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000005200010003000000000000000a0000000c00", @ANYRES32=r6], 0x20}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)

670.146278ms ago: executing program 4 (id=3240):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2b, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r2, 0x0, 0xfffffffffffffffc}, 0x18)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000002c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010026bd70000000000025000000180001801400020064756d6d7930"], 0x2c}, 0x1, 0x0, 0x0, 0x2008040}, 0x880)

622.040189ms ago: executing program 0 (id=3242):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b700000000000000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
syz_emit_ethernet(0xbe, &(0x7f00000014c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x3e, 0xb0, 0x1000, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e21, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "44cb6d37c6818e519c60ca92b05c8ad4ae74ea79fdb58e2b7f29fa51c12f5cbb", "ff9ce0c19fb809804c2ff3c5412218a7d847fbc93cfef70c00506d947ea54e7f53d1fdc46c7f32f5461c69dbb12ae334", "93789889a9e2835b672961b74d925e86afc527fa482ea332ce27b8a5", {"2e5da89a0ace8edabc766b388285d39f", "375c5bef000000000d4600001000"}}}}}}}, 0x0)

615.522129ms ago: executing program 4 (id=3243):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400001cb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='kfree\x00', r1, 0x0, 0x8}, 0x18)
r2 = fsopen(&(0x7f0000000000)='cgroup\x00', 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x50, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xffffffffffffff0b, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x0, 0x13, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x14048841)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b0001006272696467650000180002"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0xce56fe61a68fc369, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000380), 0xffffffffffffffff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d00)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000080)='name', &(0x7f00000000c0)='\x00\x1f\"\f\x00\x00\"\x00\x04\x00\x00', 0x0)
readv(r2, &(0x7f0000000040)=[{&(0x7f0000002300)=""/4077, 0xfed}], 0x1)

561.21858ms ago: executing program 0 (id=3244):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='fd\x00')
r1 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000180)=@raw={'raw\x00', 0x8, 0x3, 0x4a8, 0x0, 0xffffffff, 0xffffffff, 0x150, 0xffffffff, 0x3d8, 0xffffffff, 0xffffffff, 0x3d8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x128, 0x150, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x508)
syz_emit_ethernet(0x5e, &(0x7f00000001c0)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x10}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "0000a0", 0x28, 0x3a, 0xff, @local, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @mcast1={0xff, 0x5}, @ipv4={'\x00', '\xff\xff', @multicast2}}}}}}}, 0x0)
sendmsg$SMC_PNETID_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f00000005c0)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0xf, 0x7ffc0001}]})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=@newlink={0x4c, 0x10, 0x437, 0x1, 0x25dfdbb8, {0x0, 0x0, 0x0, r2, 0x40c89}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @ipip={{0x9}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x8, 0x2, @remote}, @IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x2}, @IFLA_IPTUN_ENCAP_FLAGS={0x6, 0x10, 0xb}]}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x44801}, 0x0)
r3 = socket$inet(0x2, 0x2, 0x0)
sendmmsg$inet(r3, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @loopback}, 0x10, 0x0, 0x0, &(0x7f00000004c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @empty, @loopback}}}], 0x20}}], 0x1, 0x4040880)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x1000005, 0x32, 0x0, 0x471ac000)
faccessat2(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1200)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000100000028"], 0x50)
r5 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
r6 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0)
dup3(r5, r6, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
name_to_handle_at(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000580)=ANY=[@ANYBLOB='('], &(0x7f00000001c0), 0x1200)

531.475741ms ago: executing program 4 (id=3245):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x3}, 0x18)
r2 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341)
ioctl$USBDEVFS_FREE_STREAMS(r2, 0x8008551d, &(0x7f0000000200)=ANY=[@ANYBLOB="eb022000010000009a"])

477.932771ms ago: executing program 2 (id=3246):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000007c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000800)={'batadv0\x00', <r2=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010029bd7000fddb9f250f00000008003c00ff0f000008002b000100010008000300", @ANYRES32=r2], 0x68}, 0x1, 0x0, 0x0, 0x40040}, 0x40)

477.439941ms ago: executing program 0 (id=3247):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0x7fff}, 0x18)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x8080)
ioctl$SNDRV_TIMER_IOCTL_GINFO(r1, 0xc0f85403, 0x0)

452.991092ms ago: executing program 2 (id=3248):
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', &(0x7f0000000500)='./bus\x00', 0x0, &(0x7f0000000240)={[{@stripe={'stripe', 0x3d, 0xff}}]}, 0x0, 0x4ed, &(0x7f0000000c00)="$eJzs3U1oHNcdAPD/riRbklV/tRTbhVrUBfcDa/VBseT20lPbg6HU0EsLriqtVVcrrdCuXEv4ILc3H1ooLS2EHHLPIedc4lNMIOSc3EMOwSFxFEgCgQ0zu2tLK62yJPKurfn9YO33Znbn/56H/3jmzVcAmTWa/JGLGImItyLiRL268wujEaO5/th6dGcu+eSiVrv2YS79XlJvfrX5u2MRsRkRgxHxu19F/Dm3O25lfWNxtlQqrjbqherSSqGyvnHp5tLsQnGhuDwxfXlmZnp8anLmwPp6759/vXf11d8cefnTfzx88O/XX0uaNdKYt70fB6ne9YE4tW1af0T84mkE64G+Rn+Get0QvpZk/X07Ii6k+X8i+tK1CWRBrVarfVE72m72Zg04tPLpPnAuPxYR9XI+PzZW34f/TgznS+VK9ac3ymvL8/V95ZMxkL9xs1QcbxwrnIyBXFKfSMtP6pMt9amIdB/4P31DaX1srlya7+6mDmhxrCX/P+mr5z+QEQ75IbvkP2SX/Ifskv+QXfvn/7+61g6g+/z/D9kl/yG75D9kl/yH7JL/kF3yHzLpt1evJp9a8/73+Vvra4vlW5fmi5XFsaW1ubG58urK2EK5vJDes7P0VcsrlcsrEz+LtduFarFSLVTWN64vldeWq9fT+/qvFwe60iugE6fO338nFxGbV2Jw80r9KQ5HGvPkKhxutVouen0PMtAbfb3eAAE9Y+gPsssxPtD6iN7W/YLBdj9ceTJeCDxf8r1uANAzF882z/8Nxfbzf/2ODeDQM/4P2WX8H7LLPj6wxyv6dthv/B94Phn/h+waafP+r29te3fXeEQcj4i3+waONt/1BRwG+fdzjf3/iyd+OPJk+g/Sy3qO5D5LTxEklb+9cO1/t2er1dWJZPpHj6dX/9+YPrltsW0PGIBeaeZpM48BgOzaenRnrvnpZtwPflm/CGF3/P7G2ORgeo5yeCu341qF3AFdu7B5NyLO7BU/13jfef1AZnirb1f8042/c/VFpO3tT9+b3p34Z7fF//62+Oe+8b8KZMP9ZPszvlf+5dOcjsf5t3P7M3JA10603/7lm9u/oVca323N//MdxvjLi39/r238uxHn9ozf7O9gGqu1/0nbLnYY/+Eff//ddvNqL9WXs1f8pqRUqC6tFCrrG5fS58gtFJcnpi/PzEyPT03OFNIx6kJzpHq3n59588F+/R9uE3+//ifTftxh/z//3ht/GN0n/o8u7L3+T+8TfygiftJh/I8n3/1Tu3lJ/Pk2/c/vEz+ZNtVh/Mp/f320WT7e4W8AgKensr6xOFsqFVcVnu/CwDO9KpuPiHhW2tN5oZkoTzHE3Wejpy2F3m2TgO6orCeH5knS97olAAAAAAAAAAAAQKe6cTlxr/sIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAYfBkAAP//FpnNsw==")
r1 = creat(&(0x7f00000000c0)='./bus\x00', 0x182)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x181242, 0x148)
r3 = memfd_create(&(0x7f0000000900)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x16\xfd\x9c\x84\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x05\x00\x00\x00\x00\x00\x00\x00_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\x97d\x00\x00\x00\x00\x00\x00\v\xf39\xc5{\x9c!\x0f/\xb8o8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04eo\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZvr\x1c`\xef~?7J\xac\x8b\xd0\xc0\xbcK\xcb\x1e8\xaa\xbd[N\xb0\xb4<\xeb\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\xf9\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8d\x18\x9dO\xfat\r\xb0S\xaeX\x93\x7f\xd3\xb9\x84Q\x9c\"\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5\r\x00\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc0p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x90\x1f\x94\x01M.\x16\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\x05\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\x9d\x00\x10\x00\x00\x00\x00\x00\x00\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x01\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1;#z\xef*\xce\x99\x04\xb9\x90\xbc\xc9#-\x8d\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xc4\xc8\xb1r0Z\x98\x87^\xc8C\x1b\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\x7f\x00\x00\x00\xd7_w\x0f\x9dF\xae\xccA-/\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xbex\xb5-\x05\x01\x11\xfa\xcf\x1dm\xb5X\xe9\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04$\xc3\xe31U\x84\x82\xf0{\x86\nl\x11\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2\x03\xe2j$F1n@\xde\n9t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x82<\x9e|\xf5\xa4\x05#\x03\xa8\x01\x00\x82ih\xf9?\x03Q\xf5\xc4\x95\x99 \xa7v~:$\x02O\xe3\xaa\x1f\x00\xebh\'\xd2q\x10\x1e\x94n\x04\xd7w\xb1\xc8G\x89\xf4\x8ct\xf9R\x85\x1b8OE\x04\x9a\xd8\x80\x10x\xbf\n0\b,r\xc6r\xf7=\xfe\xc1\x16\xe6\xee\xbb:-h\xba\x8b\x14\x9a?\x8e\x03;\xe5\x04\xd8\xa9\x9a\xd3\x05(\x7f|\xadU\xafe\x87V.i4$6U,R\x9b\n{\'\xfe1\xc4\xb09\x96{\xc0e\xa1\xe7\xa9\xb4\x1a\n\xf5\xd7zuvz\x972\xd4\xfb\x13u2\xab\x18\x01~r\xbbcW!)\xf4\x9b\x1dI\x9ex;\xb2\xe3I\xbd\x16T\xb75\xa6\a\b\x00\x8d\xc9\x12\xb1\xbd\xbc\xd9c\xe9\xe6k\xee\x06\x83\xf4\xab\x18\x038\x8f\xc9^\x0f\xab\xea&P\b\xef#\xf6\xc3\xfc\xd4\xa0\xfd\x15N\xd3\xa0\x80\x9f\bU\xa63\b\xf9\x98B\xaf\xde\xe6\x01\xddk\xa1`d\xf0\x97\xc9e\xc1\"EC\x9a?x\x89\x8d\xb3\xfaF}\x82D\xf8\f\xf1`\x90D\xd1|%(\xd8\t\xea\x00\xb5%\x7fo+?v\xee\xc6bL\x1d\xbe\x84p\x8d\xa3\xec\xf7\xe0\xfe\x8c=<\xf2\x1f@\xe66E\xa7\x9c\xd3\xb6\xf5\xe0\x14\xb8\xc4`\x85\xe3;\x8c\xf8\xf2\xd9)\x0e\xd0\xff\xa5K\xf3\xf1\xc4\x18\xf4Z\xdci\x91\x84\xe8\xb7\x10\x90\xbc\xect\x14\xdfR\xe2\x80\xf8a\x92\xb2R\xdf0\xcaQ\xdf\x87\xbdjp\x1ch3h\xcf<\x82\x97\xa5s/m\xb2\x1dd\xf7\xfc\xf5\xa9\x1d\xd34{\xcc\x1f\t,i\x16\x82\xad\x8e\xb6\x17\x0f\xaa\x85^/w\xbb~\xff\xce\x92\x90\x83\n\xe5\x14\x95\x92|\xfe-S%\x91i\xafh\x97z\x00@K\xbb\x01o\xc2\fcD\xff\xdcl\xa1\xfaR\xbc\xd0k\\\x92\x19a6Sv\x05%{\xe2\xe9\xf1\xddRB$8\xb0q9\xa1g&\x17\xe5P\xef\xb1<\xb6\xe2\xb2\xc06^\x0f4\xba\x10\xba\x00\x00\x00\x00\x00\x00\x00\x00\xef\xba\"\xb7\xc7~T\xc4Ei\xfdk\xa9\"F\xa9C\xa0\xd3\xa0\x1b\xbf\x13\xfb\x14S<\xa6D0\xad\b\xbb\xe7 V\xfcB\xad9\xb5\n5\x86\x9e\xb2=8\'g`\x8f\xa8\x027\xbd\xb5s\xe9dti\xc0\xbd\\H\xe5T\xdd\x0fP\x8b+-\x02i\x8eZU\xa8YB\xfc\xc2R7\xe9\x11\x06\x1aRd\xa93\xa1\\\xf4_s\xf7\xf5%\xbdg\x13\xaea\x04\xd8\x82\xf6\x90\xaf1\x86b\x81J\xb7E\xb0\xe2\xd6\x93S\xb3\x98\xcb\xf9\xde=\xd6T\x8d\xea\xab\xa9Z!\xd3-\xa6_\xc4\xa4\xb6+\x89\xdc]O<g\x06~\x12W\x86\x06\xba\x15#\xa7Q\xffa\x926>\xf0y\xd6\xb0\xf2\x9f\xa7\xcf\xad\x86\\\xec\xec\xd6\x9d\bT\xcd\xa2\xea\x00\x00\x00\x00\x00\x00\x00\x00\x03\xc23l\x9c\xda\xed\x98\x0fK=X\xfdY\n\x0e\x00\x00\x00\x00\x00\x004\xd8\x1e\xa7\nEJ\x9b\x1bb\x80|`\xfb\x16\xcf5F\xac\xae=r\x8c)\x97\x9e7\xd7\x01\x0e\a\x17F\xb8\x1eD\r-\x11o\xa1X\x90\x8f^\xf0S\xb2\xce\x06\xa4\x8e\xc6\x9a:\xd9\x02\x90\x8db\xee\xc7}\xb0W\xea\xcbm\x17.%\"\xec\x9d\x90\xb7[W\xce\xb9^\xa3|\xd4\xeb\xc1\xcd@\x15n/\a\x00\x00\x00O\xaf\xee\x88W\x0f00~\xf2\xe9\xcdm\xb9e|O.\xc8\x85\x1a\xe9\xcf\xe5\x1e\x86\xaa\xed|\x15i\xeb4pv\"\fd\xa4\xf4\xc0\xac\x8eO\xb8\xa8\x8e\x9c\x0f\xf9\x80\x90\xdf3[\xee\r\x88\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\a\x89L\xd7\x84%\x8cY\xfe\xed\x83!\xa0\x91\xf2\x00o30N\x16\x03\xe9\xe2-\xe9\x0e\xca\xdb\x89\x04\x12\xf1\x13\xcf\xd3\x93\x9c\x12\xbf\xb4}\x15`6-\xf1$\xabL\x14\x84\x98\x9d\xc3G\xc7lI=\xb4\x1c\"\x81\v\xaf\xf3)\xa8&\xd1\xe7\xbbk=\xe4\xbbI0P\x0e\xf3\xbb\xf0\x96\xa3}\xb6\x1e_\x97\x14W\x82@\xb4+\xd8\xec\xdf\x8b)M\x91\xb2\x8a\x14\xfb\xc5\xa4\xc5p\xf3\x99H\x02\xc8\x1e\x9f\a\xfel\xf6\xf5\x8b+\xea\xbc`\\\xf3L|\xf4\xafI\x92 \xda,\n\xaf\x96&\x86\xd5\xfeZ\xf4\xc2\xed\x7f\xc8R\x9ap\xe4P\x9f\x06\x0f\x1b\xda\xca\xd4\x81C\xb81\x8c\xdc\xfc]\xdd\xb7S(x\xdf>\v\x15wm\xfa\x8bS\xdf\xed\xe0\xab\x8d\xf0 \xfcU\x13!\x11\xfb*\x86\xe9NF\xa3/`|Fx\xb5\x06y\xe1\xe6#W\xa4\xf5\xc7\xf8\x99\aX\xd5\xd9}n\xf3L \x1b\xd8}U`\xd3\xfeb\xab\x11tz\xf3\xd9l#\xf2R_\x19\xb0\x18\x1a\xf7\xf6\f\xa9!W\xde\xf2\x8a\xd2\xc8\x82\x19T\x03\x88e\xf4\xa9\xdf\x18\xba\xdd\xdd6\xde\xbcc\xf7,\x8c\xaf', 0x2)
fcntl$dupfd(r3, 0x40a, r3)
lseek(r3, 0x3, 0x1)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r2)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xe, 0x4, 0x4, 0x9}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000400)={r5}, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000380)='kfree\x00'}, 0x18)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, &(0x7f0000001300)={0x0, 0x0, {0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct}})
fallocate(r1, 0x0, 0xbf5, 0x2000402)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xe, 0xc, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5}, 0x38)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r6, 0x0, 0x3}, 0x18)
r7 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341)
ioctl$USBDEVFS_FREE_STREAMS(r7, 0x8008551d, &(0x7f0000000200)=ANY=[@ANYBLOB="eb022000010000009a"])

406.990413ms ago: executing program 4 (id=3249):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00'}, 0x18)
memfd_secret(0x80000)

400.015863ms ago: executing program 0 (id=3250):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000380), &(0x7f00000003c0)=r2}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r3, 0x0, 0x7}, 0x18)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000300)=@o_path={0x0, r0}, 0x18)

373.696584ms ago: executing program 4 (id=3251):
bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x10, &(0x7f0000000440)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
r4 = dup(r1)
write$P9_RLERRORu(r4, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000800)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x101, 0x0, 0x0, 0x41100, 0x59}, 0x94)
write$binfmt_elf64(r4, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])
creat(&(0x7f00000003c0)='./file0\x00', 0x36)

305.923875ms ago: executing program 0 (id=3252):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
socket$igmp6(0xa, 0x3, 0x2)
syz_emit_ethernet(0x5e, &(0x7f00000001c0)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x10}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "0000a0", 0x28, 0x3a, 0xff, @local, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @mcast1={0xff, 0x5}, @ipv4={'\x00', '\xff\xff', @multicast2}}}}}}}, 0x0)
socket$packet(0x11, 0x2, 0x300)
r0 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r0, &(0x7f00000005c0)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=@newlink={0x44, 0x10, 0x437, 0x1, 0x25dfdbb8, {0x0, 0x0, 0x0, r1, 0x40c89}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipip={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x8, 0x2, @remote}, @IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x2}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x44801}, 0x0)
r2 = socket$inet(0x2, 0x2, 0x0)
sendmmsg$inet(r2, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @loopback}, 0x10, 0x0, 0x0, &(0x7f00000004c0)}}], 0x1, 0x4040880)

295.802975ms ago: executing program 4 (id=3253):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2b, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r2, 0x0, 0xfffffffffffffffc}, 0x18)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000002c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010026bd70000000000025000000180001801400020064756d6d7930"], 0x2c}, 0x1, 0x0, 0x0, 0x2008040}, 0x880)

288.380775ms ago: executing program 2 (id=3254):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_emit_ethernet(0xbe, &(0x7f00000014c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x3e, 0xb0, 0x1000, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e21, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "44cb6d37c6818e519c60ca92b05c8ad4ae74ea79fdb58e2b7f29fa51c12f5cbb", "ff9ce0c19fb809804c2ff3c5412218a7d847fbc93cfef70c00506d947ea54e7f53d1fdc46c7f32f5461c69dbb12ae334", "93789889a9e2835b672961b74d925e86afc527fa482ea332ce27b8a5", {"2e5da89a0ace8edabc766b388285d39f", "375c5bef000000000d4600001000"}}}}}}}, 0x0)

254.423306ms ago: executing program 2 (id=3255):
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r0 = perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0)
close(r0)

190.014437ms ago: executing program 2 (id=3256):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_MSFILTER(r2, 0x0, 0x30, &(0x7f0000000940)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000002000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000640101020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200"/493], 0x310)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r3, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)

36.49773ms ago: executing program 0 (id=3257):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
mprotect(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1000012)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000090000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40000000010800034000000014480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c0003801800008008000340000000020c0004260000000000000c7f14000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f00000007c0), 0xffffffffffffffff)
setsockopt$ARPT_SO_SET_REPLACE(r2, 0x0, 0x60, &(0x7f0000000840)={'filter\x00', 0x7, 0x4, 0x3e0, 0x0, 0x0, 0x1f0, 0x2f8, 0x2f8, 0x2f8, 0x4, &(0x7f00000000c0), {[{{@arp={@initdev={0xac, 0x1e, 0x1, 0x0}, @multicast2, 0xffffff00, 0x0, 0x8, 0xe, {@mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0x1c}, {[0x0, 0xff, 0xff, 0xff]}}, {@mac=@broadcast, {[0xff, 0xff, 0x0, 0xff, 0xff]}}, 0x6, 0x4dd1, 0xd89, 0x7, 0x0, 0x7b, 'gretap0\x00', 'geneve0\x00', {}, {0xff}, 0x0, 0x10}, 0xc0, 0x108}, @unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x856, 'syz1\x00', {0x3}}}}, {{@arp={@multicast1, @empty, 0xffffff00, 0xff, 0xc, 0x7, {@mac=@random="c55623b686aa", {[0xff, 0xff, 0x0, 0x0, 0xff]}}, {@empty, {[0x0, 0x0, 0xff, 0x0, 0xff, 0xff]}}, 0x10, 0x10, 0x0, 0xfffd, 0x7f, 0xcad, 'vxcan1\x00', 'vxcan1\x00', {0xff}, {0xff}, 0x0, 0x42}, 0xc0, 0xe8}, @unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x8000, 0x9}}}, {{@arp={@dev={0xac, 0x14, 0x14, 0x44}, @private=0xa010102, 0x0, 0x0, 0x9, 0xe, {@empty, {[0x0, 0x0, 0x0, 0xff, 0xff]}}, {@mac=@broadcast, {[0xff, 0xff, 0xff, 0xff, 0xff]}}, 0x6, 0x6, 0xffff, 0x6, 0x3, 0x43e7, 'virt_wifi0\x00', 'bridge_slave_0\x00', {0xff}, {0xff}, 0x0, 0x359}, 0xc0, 0x108}, @unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00', 0x1, 0x8, {0xffffffff}}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x430)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000800)={'batadv0\x00', <r4=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010029bd7000fddb9f250f00000008003c00ff0f000008002b000100010008000300", @ANYRES32=r4, @ANYBLOB="050030000100000005002a00fc0000000500"], 0x68}, 0x1, 0x0, 0x0, 0x40040}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40000000010800034000000004480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800800034000000002"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

0s ago: executing program 2 (id=3258):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x4c, 0x24, 0xd0f, 0x0, 0x4, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x1c, 0x2, [@TCA_CAKE_ATM={0x8, 0x4, 0x2}, @TCA_CAKE_SPLIT_GSO={0x8}, @TCA_CAKE_FWMARK={0x8, 0x12, 0x8}]}}]}, 0x4c}}, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'lo\x00', <r4=>0x0})
sendto$packet(r3, &(0x7f0000000180)="0b0312002e0064000200475400f6a13bb1000000086086dd48", 0x19, 0x0, &(0x7f0000000140)={0x11, 0x8100, r4}, 0x14)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000900)={&(0x7f0000000140)='tlb_flush\x00', r0}, 0x18)

kernel console output (not intermixed with test programs):

ort 1(bridge_slave_0) entered blocking state
[  172.439221][ T9957] bridge0: port 1(bridge_slave_0) entered disabled state
[  172.446748][ T9957] bridge_slave_0: entered allmulticast mode
[  172.454643][ T9957] bridge_slave_0: entered promiscuous mode
[  172.461755][ T9957] bridge0: port 2(bridge_slave_1) entered blocking state
[  172.469650][ T9957] bridge0: port 2(bridge_slave_1) entered disabled state
[  172.477378][ T9957] bridge_slave_1: entered allmulticast mode
[  172.484383][ T9957] bridge_slave_1: entered promiscuous mode
[  172.497831][ T9975] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  172.509079][   T37] bridge_slave_1: left allmulticast mode
[  172.514804][   T37] bridge_slave_1: left promiscuous mode
[  172.520657][   T37] bridge0: port 2(bridge_slave_1) entered disabled state
[  172.529928][   T37] bridge_slave_0: left allmulticast mode
[  172.535711][   T37] bridge_slave_0: left promiscuous mode
[  172.541986][   T37] bridge0: port 1(bridge_slave_0) entered disabled state
[  172.643857][   T37] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  172.683562][   T37] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  172.694267][   T37] bond0 (unregistering): Released all slaves
[  172.703620][   T37] bond1 (unregistering): Released all slaves
[  172.712681][   T37] bond2 (unregistering): Released all slaves
[  172.722692][   T37] bond3 (unregistering): Released all slaves
[  172.732983][   T37] bond4 (unregistering): Released all slaves
[  172.742026][   T37] bond5 (unregistering): Released all slaves
[  172.758122][   T37] bond6 (unregistering): Released all slaves
[  172.769689][T10007] loop3: detected capacity change from 0 to 512
[  172.780212][   T37] bond7 (unregistering): Released all slaves
[  172.789667][T10007] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[  172.798480][   T37] bond8 (unregistering): Released all slaves
[  172.807864][   T37] bond9 (unregistering): Released all slaves
[  172.817143][T10007] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt.
[  172.843178][T10007] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #11: comm syz.3.2495: corrupted inode contents
[  172.855783][T10007] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #11: comm syz.3.2495: mark_inode_dirty error
[  172.869277][T10007] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.2495: invalid indirect mapped block 1 (level 1)
[  172.876098][ T9957] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  172.911451][ T6351] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  172.933019][T10007] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #11: comm syz.3.2495: corrupted inode contents
[  172.946404][T10005] loop4: detected capacity change from 0 to 32768
[  172.947733][   T29] kauditd_printk_skb: 990 callbacks suppressed
[  172.947747][   T29] audit: type=1326 audit(172.909:21141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9974 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff36fd4eec9 code=0x7ffc0000
[  172.954830][ T9957] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  172.982334][   T29] audit: type=1326 audit(172.919:21142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9974 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff36fd4eec9 code=0x7ffc0000
[  173.021069][   T37] tipc: Disabling bearer <udp:£>
[  173.026274][   T37] tipc: Left network mode
[  173.031012][ T6351] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  173.033725][T10005]  loop4: p1 p3
[  173.039777][T10007] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem
[  173.059623][ T6351] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  173.072341][T10007] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #11: comm syz.3.2495: corrupted inode contents
[  173.089187][T10007] EXT4-fs error (device loop3): ext4_truncate:4666: inode #11: comm syz.3.2495: mark_inode_dirty error
[  173.104094][ T6351] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  173.114019][ T9957] team0: Port device team_slave_0 added
[  173.124159][ T9957] team0: Port device team_slave_1 added
[  173.130781][T10007] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem
[  173.171214][T10015] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2498'.
[  173.181254][T10007] EXT4-fs (loop3): 1 truncate cleaned up
[  173.193261][T10007] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  173.224564][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  173.246535][ T9957] batman_adv: batadv0: Adding interface: batadv_slave_0
[  173.254174][ T9957] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  173.281013][ T9957] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  173.318757][   T29] audit: type=1326 audit(173.269:21143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10020 comm="syz.2.2502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9780aaeec9 code=0x7ffc0000
[  173.345572][   T29] audit: type=1326 audit(173.269:21144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10020 comm="syz.2.2502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9780aaeec9 code=0x7ffc0000
[  173.370527][   T29] audit: type=1326 audit(173.269:21145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10020 comm="syz.2.2502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9780aaeec9 code=0x7ffc0000
[  173.395730][   T29] audit: type=1326 audit(173.269:21146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10020 comm="syz.2.2502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9780aaeec9 code=0x7ffc0000
[  173.420337][   T29] audit: type=1326 audit(173.269:21147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10020 comm="syz.2.2502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9780aaeec9 code=0x7ffc0000
[  173.451250][   T29] audit: type=1326 audit(173.269:21148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10020 comm="syz.2.2502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9780aaeec9 code=0x7ffc0000
[  173.475861][   T29] audit: type=1326 audit(173.269:21149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10020 comm="syz.2.2502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9780aaeec9 code=0x7ffc0000
[  173.499746][   T29] audit: type=1326 audit(173.269:21150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10020 comm="syz.2.2502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9780aaeec9 code=0x7ffc0000
[  173.501575][ T9957] batman_adv: batadv0: Adding interface: batadv_slave_1
[  173.531323][ T9957] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  173.559565][ T9957] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  173.597979][T10030] loop3: detected capacity change from 0 to 764
[  173.610870][T10030] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  173.621537][   T37] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  173.629131][   T37] batman_adv: batadv0: Removing interface: batadv_slave_0
[  173.646420][   T37] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  173.653988][   T37] batman_adv: batadv0: Removing interface: batadv_slave_1
[  173.669842][T10035] tmpfs: Bad value for 'mpol'
[  173.675539][   T37] veth1_macvtap: left promiscuous mode
[  173.680527][T10035] loop3: detected capacity change from 0 to 1024
[  173.689022][   T37] veth0_macvtap: left promiscuous mode
[  173.689391][T10035] EXT4-fs: Ignoring removed orlov option
[  173.701243][   T37] veth1_vlan: left promiscuous mode
[  173.706937][   T37] veth0_vlan: left promiscuous mode
[  173.713890][T10035] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  173.740106][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  173.904619][   T37] team0 (unregistering): Port device team_slave_1 removed
[  173.918554][   T37] team0 (unregistering): Port device team_slave_0 removed
[  173.926969][   T12] smc: removing ib device !yz!
[  174.001879][  T175] smc: removing ib device s
z1
[  174.013333][ T2957] lo speed is unknown, defaulting to 1000
[  174.019561][ T2957] s
z1: Port: 1 Link DOWN
[  174.085316][ T9957] hsr_slave_0: entered promiscuous mode
[  174.099657][ T9957] hsr_slave_1: entered promiscuous mode
[  174.115161][ T9957] debugfs: 'hsr0' already exists in 'hsr'
[  174.121261][ T9957] Cannot create hsr debugfs directory
[  174.164680][T10054] loop4: detected capacity change from 0 to 256
[  174.215415][T10054] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 322, start 00000905)
[  174.238564][T10054] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 322, start 00000905)
[  174.290330][T10053] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 322, start 00000905)
[  174.312243][T10054] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 322, start 00000905)
[  174.333771][T10054] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 322, start 00000905)
[  174.348141][T10053] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 322, start 00000905)
[  174.369261][T10053] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 322, start 00000905)
[  174.380427][T10054] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 322, start 00000905)
[  174.392068][T10066] tmpfs: Bad value for 'mpol'
[  174.392317][T10054] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 322, start 00000905)
[  174.415713][T10066] loop2: detected capacity change from 0 to 1024
[  174.430771][T10066] EXT4-fs: Ignoring removed orlov option
[  174.438839][T10054] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 322, start 00000905)
[  174.473043][T10066] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  174.567682][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  174.616274][T10082] tmpfs: Bad value for 'mpol'
[  174.673603][T10082] loop2: detected capacity change from 0 to 1024
[  174.693567][T10082] EXT4-fs: Ignoring removed orlov option
[  174.723932][T10082] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  174.825896][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  174.857226][ T9957] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  174.876424][T10089] loop3: detected capacity change from 0 to 512
[  174.877134][ T9957] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  174.897614][T10089] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[  174.898638][ T9957] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  174.916782][ T9957] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  174.925249][T10089] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt.
[  174.954528][T10094] loop2: detected capacity change from 0 to 128
[  174.965628][T10094] EXT4-fs: Ignoring removed nobh option
[  174.980104][T10094] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  175.002895][T10089] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #11: comm syz.3.2524: corrupted inode contents
[  175.022426][T10089] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #11: comm syz.3.2524: mark_inode_dirty error
[  175.047997][T10079] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=63 sclass=netlink_route_socket pid=10079 comm=syz.0.2521
[  175.065791][T10089] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.2524: invalid indirect mapped block 1 (level 1)
[  175.087655][ T9957] 8021q: adding VLAN 0 to HW filter on device bond0
[  175.096192][T10089] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #11: comm syz.3.2524: corrupted inode contents
[  175.111876][ T3309] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  175.123226][T10089] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem
[  175.140360][ T9957] 8021q: adding VLAN 0 to HW filter on device team0
[  175.154118][T10104] loop4: detected capacity change from 0 to 1024
[  175.164088][T10089] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #11: comm syz.3.2524: corrupted inode contents
[  175.165526][  T175] bridge0: port 1(bridge_slave_0) entered blocking state
[  175.176907][T10089] EXT4-fs error (device loop3): ext4_truncate:4666: inode #11: comm syz.3.2524: mark_inode_dirty error
[  175.184215][  T175] bridge0: port 1(bridge_slave_0) entered forwarding state
[  175.197564][T10089] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem
[  175.219263][T10089] EXT4-fs (loop3): 1 truncate cleaned up
[  175.227163][T10089] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  175.227671][T10104] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  175.253684][   T37] bridge0: port 2(bridge_slave_1) entered blocking state
[  175.261403][   T37] bridge0: port 2(bridge_slave_1) entered forwarding state
[  175.271903][T10112] tmpfs: Bad value for 'mpol'
[  175.303318][ T9957] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  175.315323][ T9957] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  175.333655][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  175.352952][T10116] tmpfs: Bad value for 'mpol'
[  175.418493][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  175.418711][T10123] loop3: detected capacity change from 0 to 512
[  175.436726][T10123] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[  175.459651][ T9957] 8021q: adding VLAN 0 to HW filter on device batadv0
[  175.471212][T10127] __nla_validate_parse: 13 callbacks suppressed
[  175.471243][T10127] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2534'.
[  175.511862][T10127] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2534'.
[  175.522518][T10127] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2534'.
[  175.532617][T10127] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2534'.
[  175.547862][T10137] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2536'.
[  175.575088][ T9957] veth0_vlan: entered promiscuous mode
[  175.585813][ T9957] veth1_vlan: entered promiscuous mode
[  175.625981][ T9957] veth0_macvtap: entered promiscuous mode
[  175.634706][ T9957] veth1_macvtap: entered promiscuous mode
[  175.635110][T10147] tmpfs: Bad value for 'mpol'
[  175.647678][ T9957] batman_adv: batadv0: Interface activated: batadv_slave_0
[  175.671625][ T9957] batman_adv: batadv0: Interface activated: batadv_slave_1
[  175.690036][  T175] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  175.699993][  T175] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  175.726811][  T175] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  175.741457][  T175] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  175.798884][T10165] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2546'.
[  175.810691][T10165] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2546'.
[  175.822222][T10165] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2546'.
[  175.831721][T10165] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2546'.
[  175.877317][T10171] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2548'.
[  175.889607][T10171] loop3: detected capacity change from 0 to 128
[  175.896865][T10171] EXT4-fs: Ignoring removed nobh option
[  175.906825][T10171] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  175.936087][ T3305] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  175.996779][T10184] netem: change failed
[  176.055272][T10188] tmpfs: Bad value for 'mpol'
[  176.160755][T10198] loop3: detected capacity change from 0 to 1024
[  176.193813][T10198] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  176.337356][T10212] FAULT_INJECTION: forcing a failure.
[  176.337356][T10212] name failslab, interval 1, probability 0, space 0, times 0
[  176.350512][T10212] CPU: 1 UID: 0 PID: 10212 Comm: syz.0.2565 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  176.350540][T10212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  176.350598][T10212] Call Trace:
[  176.350604][T10212]  <TASK>
[  176.350612][T10212]  __dump_stack+0x1d/0x30
[  176.350636][T10212]  dump_stack_lvl+0xe8/0x140
[  176.350656][T10212]  dump_stack+0x15/0x1b
[  176.350673][T10212]  should_fail_ex+0x265/0x280
[  176.350774][T10212]  ? __se_sys_mount+0xef/0x2e0
[  176.350798][T10212]  should_failslab+0x8c/0xb0
[  176.350825][T10212]  __kmalloc_cache_noprof+0x4c/0x320
[  176.350853][T10212]  ? memdup_user+0x99/0xd0
[  176.350943][T10212]  __se_sys_mount+0xef/0x2e0
[  176.351010][T10212]  ? fput+0x8f/0xc0
[  176.351041][T10212]  ? ksys_write+0x192/0x1a0
[  176.351141][T10212]  __x64_sys_mount+0x67/0x80
[  176.351162][T10212]  x64_sys_call+0x2b4d/0x2ff0
[  176.351185][T10212]  do_syscall_64+0xd2/0x200
[  176.351219][T10212]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  176.351284][T10212]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  176.351368][T10212]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  176.351388][T10212] RIP: 0033:0x7ff36fd4eec9
[  176.351403][T10212] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  176.351422][T10212] RSP: 002b:00007ff36e7af038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  176.351479][T10212] RAX: ffffffffffffffda RBX: 00007ff36ffa5fa0 RCX: 00007ff36fd4eec9
[  176.351492][T10212] RDX: 0000200000000180 RSI: 0000200000000000 RDI: 0000000000000000
[  176.351505][T10212] RBP: 00007ff36e7af090 R08: 0000200000000080 R09: 0000000000000000
[  176.351518][T10212] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  176.351603][T10212] R13: 00007ff36ffa6038 R14: 00007ff36ffa5fa0 R15: 00007ffe04dafcc8
[  176.351622][T10212]  </TASK>
[  176.643522][T10221] tmpfs: Bad value for 'mpol'
[  176.877019][T10236] FAULT_INJECTION: forcing a failure.
[  176.877019][T10236] name failslab, interval 1, probability 0, space 0, times 0
[  176.890240][T10236] CPU: 0 UID: 0 PID: 10236 Comm: syz.1.2576 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  176.890277][T10236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  176.890289][T10236] Call Trace:
[  176.890298][T10236]  <TASK>
[  176.890305][T10236]  __dump_stack+0x1d/0x30
[  176.890330][T10236]  dump_stack_lvl+0xe8/0x140
[  176.890352][T10236]  dump_stack+0x15/0x1b
[  176.890371][T10236]  should_fail_ex+0x265/0x280
[  176.890396][T10236]  should_failslab+0x8c/0xb0
[  176.890419][T10236]  kmem_cache_alloc_node_noprof+0x57/0x320
[  176.890508][T10236]  ? __alloc_skb+0x101/0x320
[  176.890534][T10236]  __alloc_skb+0x101/0x320
[  176.890559][T10236]  netlink_ack+0xfd/0x500
[  176.890673][T10236]  netlink_rcv_skb+0x192/0x220
[  176.890698][T10236]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  176.890819][T10236]  nfnetlink_rcv+0x16b/0x1690
[  176.890839][T10236]  ? nlmon_xmit+0x4f/0x60
[  176.890869][T10236]  ? consume_skb+0x49/0x150
[  176.890917][T10236]  ? nlmon_xmit+0x4f/0x60
[  176.891024][T10236]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  176.891057][T10236]  ? __dev_queue_xmit+0x1200/0x2000
[  176.891086][T10236]  ? __dev_queue_xmit+0x182/0x2000
[  176.891184][T10236]  ? ref_tracker_free+0x37d/0x3e0
[  176.891216][T10236]  ? __netlink_deliver_tap+0x4dc/0x500
[  176.891360][T10236]  netlink_unicast+0x5c0/0x690
[  176.891436][T10236]  netlink_sendmsg+0x58b/0x6b0
[  176.891465][T10236]  ? __pfx_netlink_sendmsg+0x10/0x10
[  176.891533][T10236]  __sock_sendmsg+0x145/0x180
[  176.891568][T10236]  ____sys_sendmsg+0x31e/0x4e0
[  176.891684][T10236]  ___sys_sendmsg+0x17b/0x1d0
[  176.891727][T10236]  __x64_sys_sendmsg+0xd4/0x160
[  176.891759][T10236]  x64_sys_call+0x191e/0x2ff0
[  176.891785][T10236]  do_syscall_64+0xd2/0x200
[  176.891853][T10236]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  176.891937][T10236]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  176.891969][T10236]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  176.892077][T10236] RIP: 0033:0x7fb1695aeec9
[  176.892122][T10236] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  176.892142][T10236] RSP: 002b:00007fb16800f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  176.892163][T10236] RAX: ffffffffffffffda RBX: 00007fb169805fa0 RCX: 00007fb1695aeec9
[  176.892176][T10236] RDX: 0000000000000080 RSI: 00002000000002c0 RDI: 0000000000000003
[  176.892189][T10236] RBP: 00007fb16800f090 R08: 0000000000000000 R09: 0000000000000000
[  176.892203][T10236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  176.892295][T10236] R13: 00007fb169806038 R14: 00007fb169805fa0 R15: 00007fff364cb9f8
[  176.892317][T10236]  </TASK>
[  177.228300][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.246704][T10246] tmpfs: Bad value for 'mpol'
[  177.350664][T10258] loop4: detected capacity change from 0 to 1024
[  177.397283][T10258] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  177.397869][T10261] vhci_hcd: invalid port number 96
[  177.416188][T10261] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  177.660203][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.695788][T10298] FAULT_INJECTION: forcing a failure.
[  177.695788][T10298] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  177.709726][T10298] CPU: 1 UID: 0 PID: 10298 Comm: syz.4.2604 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  177.709786][T10298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  177.709798][T10298] Call Trace:
[  177.709804][T10298]  <TASK>
[  177.709812][T10298]  __dump_stack+0x1d/0x30
[  177.709833][T10298]  dump_stack_lvl+0xe8/0x140
[  177.709851][T10298]  dump_stack+0x15/0x1b
[  177.709928][T10298]  should_fail_ex+0x265/0x280
[  177.709951][T10298]  should_fail+0xb/0x20
[  177.709970][T10298]  should_fail_usercopy+0x1a/0x20
[  177.709992][T10298]  _copy_to_user+0x20/0xa0
[  177.710020][T10298]  simple_read_from_buffer+0xb5/0x130
[  177.710053][T10298]  proc_fail_nth_read+0x10e/0x150
[  177.710151][T10298]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  177.710215][T10298]  vfs_read+0x1a5/0x770
[  177.710234][T10298]  ? __rcu_read_unlock+0x4f/0x70
[  177.710255][T10298]  ? __fget_files+0x184/0x1c0
[  177.710280][T10298]  ksys_read+0xda/0x1a0
[  177.710302][T10298]  __x64_sys_read+0x40/0x50
[  177.710326][T10298]  x64_sys_call+0x27bc/0x2ff0
[  177.710347][T10298]  do_syscall_64+0xd2/0x200
[  177.710410][T10298]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  177.710433][T10298]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  177.710459][T10298]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  177.710479][T10298] RIP: 0033:0x7f9d7ccdd8dc
[  177.710497][T10298] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  177.710546][T10298] RSP: 002b:00007f9d7b73f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  177.710566][T10298] RAX: ffffffffffffffda RBX: 00007f9d7cf35fa0 RCX: 00007f9d7ccdd8dc
[  177.710578][T10298] RDX: 000000000000000f RSI: 00007f9d7b73f0a0 RDI: 0000000000000005
[  177.710591][T10298] RBP: 00007f9d7b73f090 R08: 0000000000000000 R09: 0000000000000000
[  177.710605][T10298] R10: 000000000000004e R11: 0000000000000246 R12: 0000000000000001
[  177.710697][T10298] R13: 00007f9d7cf36038 R14: 00007f9d7cf35fa0 R15: 00007fffcd8e5678
[  177.710718][T10298]  </TASK>
[  178.008134][   T29] kauditd_printk_skb: 602 callbacks suppressed
[  178.008153][   T29] audit: type=1326 audit(177.969:21753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10314 comm="syz.1.2609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1695aeec9 code=0x7ffc0000
[  178.030505][T10318] FAULT_INJECTION: forcing a failure.
[  178.030505][T10318] name failslab, interval 1, probability 0, space 0, times 0
[  178.051758][T10318] CPU: 1 UID: 0 PID: 10318 Comm: syz.2.2614 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  178.051786][T10318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  178.051844][T10318] Call Trace:
[  178.051850][T10318]  <TASK>
[  178.051858][T10318]  __dump_stack+0x1d/0x30
[  178.051882][T10318]  dump_stack_lvl+0xe8/0x140
[  178.051903][T10318]  dump_stack+0x15/0x1b
[  178.052005][T10318]  should_fail_ex+0x265/0x280
[  178.052031][T10318]  should_failslab+0x8c/0xb0
[  178.052058][T10318]  kmem_cache_alloc_lru_noprof+0x55/0x310
[  178.052089][T10318]  ? shmem_alloc_inode+0x34/0x50
[  178.052114][T10318]  ? __pfx_shmem_alloc_inode+0x10/0x10
[  178.052160][T10318]  shmem_alloc_inode+0x34/0x50
[  178.052235][T10318]  alloc_inode+0x40/0x170
[  178.052260][T10318]  new_inode+0x1d/0xe0
[  178.052336][T10318]  shmem_get_inode+0x244/0x750
[  178.052361][T10318]  __shmem_file_setup+0x113/0x210
[  178.052463][T10318]  shmem_file_setup+0x3b/0x50
[  178.052482][T10318]  __se_sys_memfd_create+0x2c3/0x590
[  178.052508][T10318]  __x64_sys_memfd_create+0x31/0x40
[  178.052593][T10318]  x64_sys_call+0x2abe/0x2ff0
[  178.052616][T10318]  do_syscall_64+0xd2/0x200
[  178.052721][T10318]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  178.052788][T10318]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  178.052843][T10318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  178.052866][T10318] RIP: 0033:0x7f9780aaeec9
[  178.052901][T10318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  178.052921][T10318] RSP: 002b:00007f977f516e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  178.052950][T10318] RAX: ffffffffffffffda RBX: 0000000000000433 RCX: 00007f9780aaeec9
[  178.052964][T10318] RDX: 00007f977f516ef0 RSI: 0000000000000000 RDI: 00007f9780b32960
[  178.053045][T10318] RBP: 0000200000000d80 R08: 00007f977f516bb7 R09: 00007f977f516e40
[  178.053058][T10318] R10: 000000000000000a R11: 0000000000000202 R12: 00002000000001c0
[  178.053072][T10318] R13: 00007f977f516ef0 R14: 00007f977f516eb0 R15: 0000200000000580
[  178.053092][T10318]  </TASK>
[  178.283094][   T29] audit: type=1326 audit(178.009:21754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10314 comm="syz.1.2609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1695aeec9 code=0x7ffc0000
[  178.308850][   T29] audit: type=1326 audit(178.009:21755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10314 comm="syz.1.2609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb1695aeec9 code=0x7ffc0000
[  178.333078][   T29] audit: type=1326 audit(178.009:21756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10314 comm="syz.1.2609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1695aeec9 code=0x7ffc0000
[  178.357430][   T29] audit: type=1326 audit(178.009:21757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10314 comm="syz.1.2609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1695aeec9 code=0x7ffc0000
[  178.380990][   T29] audit: type=1326 audit(178.009:21758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10314 comm="syz.1.2609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb1695aeec9 code=0x7ffc0000
[  178.405257][   T29] audit: type=1326 audit(178.009:21759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10314 comm="syz.1.2609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1695aeec9 code=0x7ffc0000
[  178.405258][T10329] FAULT_INJECTION: forcing a failure.
[  178.405258][T10329] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  178.405318][T10329] CPU: 0 UID: 0 PID: 10329 Comm: syz.1.2617 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  178.405342][T10329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  178.405423][T10329] Call Trace:
[  178.405429][T10329]  <TASK>
[  178.405437][T10329]  __dump_stack+0x1d/0x30
[  178.405459][T10329]  dump_stack_lvl+0xe8/0x140
[  178.405479][T10329]  dump_stack+0x15/0x1b
[  178.405496][T10329]  should_fail_ex+0x265/0x280
[  178.405529][T10329]  should_fail+0xb/0x20
[  178.405590][T10329]  should_fail_usercopy+0x1a/0x20
[  178.405616][T10329]  _copy_from_user+0x1c/0xb0
[  178.405645][T10329]  memdup_user+0x5e/0xd0
[  178.405685][T10329]  proc_pid_attr_write+0x15e/0x220
[  178.405712][T10329]  vfs_writev+0x406/0x8b0
[  178.405809][T10329]  ? __pfx_proc_pid_attr_write+0x10/0x10
[  178.405868][T10329]  ? mutex_lock+0xd/0x30
[  178.405911][T10329]  do_writev+0xe7/0x210
[  178.405940][T10329]  __x64_sys_writev+0x45/0x50
[  178.405964][T10329]  x64_sys_call+0x1e9a/0x2ff0
[  178.406023][T10329]  do_syscall_64+0xd2/0x200
[  178.406053][T10329]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  178.406077][T10329]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  178.406142][T10329]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  178.406172][T10329] RIP: 0033:0x7fb1695aeec9
[  178.406188][T10329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  178.406206][T10329] RSP: 002b:00007fb16800f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  178.406236][T10329] RAX: ffffffffffffffda RBX: 00007fb169805fa0 RCX: 00007fb1695aeec9
[  178.406249][T10329] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003
[  178.406262][T10329] RBP: 00007fb16800f090 R08: 0000000000000000 R09: 0000000000000000
[  178.406275][T10329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  178.406287][T10329] R13: 00007fb169806038 R14: 00007fb169805fa0 R15: 00007fff364cb9f8
[  178.406354][T10329]  </TASK>
[  178.644981][   T29] audit: type=1326 audit(178.009:21760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10314 comm="syz.1.2609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1695aeec9 code=0x7ffc0000
[  178.668898][   T29] audit: type=1326 audit(178.009:21761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10314 comm="syz.1.2609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb1695aeec9 code=0x7ffc0000
[  178.693320][   T29] audit: type=1326 audit(178.019:21762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10314 comm="syz.1.2609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1695aeec9 code=0x7ffc0000
[  178.719033][T10316] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  178.774295][T10316] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  178.848183][T10316] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  178.935273][T10316] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  179.026512][ T6351] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  179.042604][ T6351] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  179.077578][ T6351] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  179.098678][ T6351] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  179.122469][T10401] FAULT_INJECTION: forcing a failure.
[  179.122469][T10401] name failslab, interval 1, probability 0, space 0, times 0
[  179.135890][T10401] CPU: 0 UID: 0 PID: 10401 Comm: syz.4.2652 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  179.135918][T10401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  179.135964][T10401] Call Trace:
[  179.135972][T10401]  <TASK>
[  179.135981][T10401]  __dump_stack+0x1d/0x30
[  179.136004][T10401]  dump_stack_lvl+0xe8/0x140
[  179.136025][T10401]  dump_stack+0x15/0x1b
[  179.136044][T10401]  should_fail_ex+0x265/0x280
[  179.136072][T10401]  should_failslab+0x8c/0xb0
[  179.136160][T10401]  kmem_cache_alloc_node_noprof+0x57/0x320
[  179.136196][T10401]  ? __alloc_skb+0x101/0x320
[  179.136220][T10401]  __alloc_skb+0x101/0x320
[  179.136241][T10401]  netlink_alloc_large_skb+0xba/0xf0
[  179.136347][T10401]  netlink_sendmsg+0x3cf/0x6b0
[  179.136371][T10401]  ? __pfx_netlink_sendmsg+0x10/0x10
[  179.136395][T10401]  __sock_sendmsg+0x145/0x180
[  179.136433][T10401]  ____sys_sendmsg+0x31e/0x4e0
[  179.136581][T10401]  ___sys_sendmsg+0x17b/0x1d0
[  179.136696][T10401]  __x64_sys_sendmsg+0xd4/0x160
[  179.136785][T10401]  x64_sys_call+0x191e/0x2ff0
[  179.136844][T10401]  do_syscall_64+0xd2/0x200
[  179.136965][T10401]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  179.136987][T10401]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  179.137014][T10401]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.137037][T10401] RIP: 0033:0x7f9d7ccdeec9
[  179.137054][T10401] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  179.137104][T10401] RSP: 002b:00007f9d7b73f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  179.137123][T10401] RAX: ffffffffffffffda RBX: 00007f9d7cf35fa0 RCX: 00007f9d7ccdeec9
[  179.137136][T10401] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000003
[  179.137150][T10401] RBP: 00007f9d7b73f090 R08: 0000000000000000 R09: 0000000000000000
[  179.137164][T10401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  179.137255][T10401] R13: 00007f9d7cf36038 R14: 00007f9d7cf35fa0 R15: 00007fffcd8e5678
[  179.137273][T10401]  </TASK>
[  179.219465][T10415] tipc: Enabled bearer <udp:s>, priority 10
[  179.536709][T10429] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  179.604801][T10436] tmpfs: Bad value for 'mpol'
[  179.629735][T10436] loop2: detected capacity change from 0 to 1024
[  179.639491][T10436] EXT4-fs: Ignoring removed orlov option
[  179.654472][T10436] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  179.671854][T10448] netlink: 'syz.4.2670': attribute type 1 has an invalid length.
[  179.710386][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  179.741932][T10450] vlan2: entered allmulticast mode
[  179.790285][T10457] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  179.945934][T10476] tmpfs: Bad value for 'mpol'
[  179.956279][T10476] loop4: detected capacity change from 0 to 1024
[  179.964324][T10476] EXT4-fs: Ignoring removed orlov option
[  179.972466][T10476] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  179.999260][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  180.299170][T10429] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  180.372130][T10429] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  180.434574][T10429] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  180.489376][ T6351] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  180.522452][ T6351] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  180.556450][ T6351] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  180.566352][T10513] __nla_validate_parse: 49 callbacks suppressed
[  180.566461][T10513] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2699'.
[  180.578156][ T6351] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  180.591624][T10513] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2699'.
[  180.601416][T10513] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2699'.
[  181.006472][T10544] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.083670][T10544] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.163477][T10544] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.201830][T10555] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2716'.
[  181.281440][T10555] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2716'.
[  181.291252][T10555] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2716'.
[  181.307066][T10544] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.379643][ T6350] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  181.399161][ T6350] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  181.419763][ T6350] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  181.448886][ T6350] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  181.586395][T10578] loop3: detected capacity change from 0 to 1024
[  181.611195][T10578] EXT4-fs: Ignoring removed orlov option
[  181.642644][T10578] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  181.663496][T10584] tmpfs: Bad value for 'mpol'
[  181.684737][T10584] loop2: detected capacity change from 0 to 1024
[  181.698985][T10584] EXT4-fs: Ignoring removed orlov option
[  181.713516][T10588] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2731'.
[  181.724875][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  181.743384][T10584] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  181.760078][T10594] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.794404][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  181.832730][T10594] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.902861][T10594] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.959169][T10594] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.977387][T10619] netlink: 'syz.4.2743': attribute type 4 has an invalid length.
[  181.992665][T10629] FAULT_INJECTION: forcing a failure.
[  181.992665][T10629] name failslab, interval 1, probability 0, space 0, times 0
[  182.006020][T10629] CPU: 1 UID: 0 PID: 10629 Comm: syz.2.2747 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  182.006054][T10629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  182.006067][T10629] Call Trace:
[  182.006074][T10629]  <TASK>
[  182.006081][T10629]  __dump_stack+0x1d/0x30
[  182.006130][T10629]  dump_stack_lvl+0xe8/0x140
[  182.006152][T10629]  dump_stack+0x15/0x1b
[  182.006170][T10629]  should_fail_ex+0x265/0x280
[  182.006219][T10629]  should_failslab+0x8c/0xb0
[  182.006298][T10629]  kmem_cache_alloc_node_noprof+0x57/0x320
[  182.006330][T10629]  ? __alloc_skb+0x101/0x320
[  182.006354][T10629]  __alloc_skb+0x101/0x320
[  182.006444][T10629]  netlink_alloc_large_skb+0xba/0xf0
[  182.006534][T10629]  netlink_sendmsg+0x3cf/0x6b0
[  182.006563][T10629]  ? __pfx_netlink_sendmsg+0x10/0x10
[  182.006590][T10629]  __sock_sendmsg+0x145/0x180
[  182.006650][T10629]  ____sys_sendmsg+0x31e/0x4e0
[  182.006815][T10629]  ___sys_sendmsg+0x17b/0x1d0
[  182.006863][T10629]  __x64_sys_sendmsg+0xd4/0x160
[  182.006894][T10629]  x64_sys_call+0x191e/0x2ff0
[  182.006966][T10629]  do_syscall_64+0xd2/0x200
[  182.006997][T10629]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  182.007023][T10629]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  182.007056][T10629]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.007131][T10629] RIP: 0033:0x7f9780aaeec9
[  182.007147][T10629] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  182.007168][T10629] RSP: 002b:00007f977f517038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  182.007258][T10629] RAX: ffffffffffffffda RBX: 00007f9780d05fa0 RCX: 00007f9780aaeec9
[  182.007290][T10629] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000006
[  182.007303][T10629] RBP: 00007f977f517090 R08: 0000000000000000 R09: 0000000000000000
[  182.007315][T10629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  182.007327][T10629] R13: 00007f9780d06038 R14: 00007f9780d05fa0 R15: 00007ffe62f6b168
[  182.007439][T10629]  </TASK>
[  182.231720][T10634] loop2: detected capacity change from 0 to 1024
[  182.265185][T10634] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  182.287943][T10634] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2749'.
[  182.299312][T10634] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2749'.
[  182.394233][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  182.447441][T10660] ieee802154 phy0 wpan0: encryption failed: -22
[  182.656643][T10666] loop4: detected capacity change from 0 to 2048
[  182.792986][T10666] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  182.820900][T10666] FAULT_INJECTION: forcing a failure.
[  182.820900][T10666] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  182.834382][T10666] CPU: 1 UID: 0 PID: 10666 Comm: syz.4.2761 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  182.834450][T10666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  182.834465][T10666] Call Trace:
[  182.834472][T10666]  <TASK>
[  182.834481][T10666]  __dump_stack+0x1d/0x30
[  182.834506][T10666]  dump_stack_lvl+0xe8/0x140
[  182.834569][T10666]  dump_stack+0x15/0x1b
[  182.834585][T10666]  should_fail_ex+0x265/0x280
[  182.834615][T10666]  should_fail+0xb/0x20
[  182.834640][T10666]  should_fail_usercopy+0x1a/0x20
[  182.834669][T10666]  _copy_to_user+0x20/0xa0
[  182.834697][T10666]  rng_dev_read+0x3ef/0x740
[  182.834748][T10666]  ? __pfx_rng_dev_read+0x10/0x10
[  182.834768][T10666]  vfs_readv+0x3f8/0x690
[  182.834807][T10666]  __x64_sys_preadv+0xfd/0x1c0
[  182.834832][T10666]  x64_sys_call+0x282a/0x2ff0
[  182.834901][T10666]  do_syscall_64+0xd2/0x200
[  182.834938][T10666]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  182.835032][T10666]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  182.835077][T10666]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.835103][T10666] RIP: 0033:0x7f9d7ccdeec9
[  182.835121][T10666] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  182.835166][T10666] RSP: 002b:00007f9d7b73f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  182.835267][T10666] RAX: ffffffffffffffda RBX: 00007f9d7cf35fa0 RCX: 00007f9d7ccdeec9
[  182.835283][T10666] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000005
[  182.835297][T10666] RBP: 00007f9d7b73f090 R08: 0000000000000000 R09: 0000000000000000
[  182.835379][T10666] R10: 0000000002000000 R11: 0000000000000246 R12: 0000000000000001
[  182.835391][T10666] R13: 00007f9d7cf36038 R14: 00007f9d7cf35fa0 R15: 00007fffcd8e5678
[  182.835412][T10666]  </TASK>
[  183.051194][   T29] kauditd_printk_skb: 887 callbacks suppressed
[  183.051276][   T29] audit: type=1400 audit(183.009:22650): avc:  denied  { map } for  pid=10665 comm="syz.4.2761" path="/559/file1/file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  183.094425][   T29] audit: type=1400 audit(183.009:22651): avc:  denied  { execute } for  pid=10665 comm="syz.4.2761" path="/559/file1/file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  183.163137][T10692] FAULT_INJECTION: forcing a failure.
[  183.163137][T10692] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  183.176509][T10692] CPU: 1 UID: 0 PID: 10692 Comm: syz.2.2770 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  183.176538][T10692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  183.176553][T10692] Call Trace:
[  183.176560][T10692]  <TASK>
[  183.176569][T10692]  __dump_stack+0x1d/0x30
[  183.176628][T10692]  dump_stack_lvl+0xe8/0x140
[  183.176646][T10692]  dump_stack+0x15/0x1b
[  183.176661][T10692]  should_fail_ex+0x265/0x280
[  183.176758][T10692]  should_fail+0xb/0x20
[  183.176783][T10692]  should_fail_usercopy+0x1a/0x20
[  183.176859][T10692]  _copy_from_user+0x1c/0xb0
[  183.176890][T10692]  ___sys_sendmsg+0xc1/0x1d0
[  183.176967][T10692]  __x64_sys_sendmsg+0xd4/0x160
[  183.176994][T10692]  x64_sys_call+0x191e/0x2ff0
[  183.177013][T10692]  do_syscall_64+0xd2/0x200
[  183.177114][T10692]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  183.177149][T10692]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  183.177185][T10692]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  183.177248][T10692] RIP: 0033:0x7f9780aaeec9
[  183.177309][T10692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  183.177381][T10692] RSP: 002b:00007f977f517038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  183.177401][T10692] RAX: ffffffffffffffda RBX: 00007f9780d05fa0 RCX: 00007f9780aaeec9
[  183.177417][T10692] RDX: 0000000000000000 RSI: 0000200000001ac0 RDI: 0000000000000003
[  183.177431][T10692] RBP: 00007f977f517090 R08: 0000000000000000 R09: 0000000000000000
[  183.177443][T10692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  183.177465][T10692] R13: 00007f9780d06038 R14: 00007f9780d05fa0 R15: 00007ffe62f6b168
[  183.177487][T10692]  </TASK>
[  183.385762][T10665] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  183.406540][T10665] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  183.419211][T10665] EXT4-fs (loop4): This should not happen!! Data will be lost
[  183.419211][T10665] 
[  183.429543][T10665] EXT4-fs (loop4): Total free blocks count 0
[  183.436277][T10665] EXT4-fs (loop4): Free/Dirty block details
[  183.442573][T10665] EXT4-fs (loop4): free_blocks=2415919504
[  183.448527][T10665] EXT4-fs (loop4): dirty_blocks=64
[  183.454055][T10665] EXT4-fs (loop4): Block reservation details
[  183.460513][T10665] EXT4-fs (loop4): i_reserved_data_blocks=4
[  183.466761][   T29] audit: type=1326 audit(183.369:22652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10693 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9780aaeec9 code=0x7ffc0000
[  183.489662][   T29] audit: type=1326 audit(183.369:22653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10693 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9780aaeec9 code=0x7ffc0000
[  183.512916][   T29] audit: type=1326 audit(183.369:22654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10693 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9780aaeec9 code=0x7ffc0000
[  183.535860][   T29] audit: type=1326 audit(183.369:22655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10693 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9780aaeec9 code=0x7ffc0000
[  183.562859][   T29] audit: type=1326 audit(183.369:22656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10693 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9780aaeec9 code=0x7ffc0000
[  183.586270][   T29] audit: type=1326 audit(183.369:22657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10693 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9780ab0de7 code=0x7ffc0000
[  183.609537][   T29] audit: type=1326 audit(183.369:22658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10693 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f9780ab0d5c code=0x7ffc0000
[  183.632225][   T29] audit: type=1326 audit(183.369:22659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10693 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f9780ab0c94 code=0x7ffc0000
[  183.702251][T10694] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.758651][ T6350] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2 with error 28
[  183.783468][T10694] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.823523][T10700] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2774'.
[  183.835685][T10700] loop4: detected capacity change from 0 to 128
[  183.842302][T10700] EXT4-fs: Ignoring removed nobh option
[  183.850531][T10700] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  183.864091][T10694] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.894572][ T3312] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  183.922826][T10694] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.982205][ T6351] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  184.001528][ T6350] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  184.014413][ T6350] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  184.032409][ T6350] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  184.337881][T10732] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  184.344560][T10732] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  184.352166][T10732] vhci_hcd vhci_hcd.0: Device attached
[  184.362867][T10732] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  184.374375][T10732] vhci_hcd vhci_hcd.0: pdev(4) rhport(2) sockfd(11)
[  184.381190][T10732] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  184.388895][T10732] vhci_hcd vhci_hcd.0: Device attached
[  184.561033][ T3392] vhci_hcd: vhci_device speed not set
[  184.573286][T10749] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  184.621052][ T3392] usb 9-1: new low-speed USB device number 3 using vhci_hcd
[  184.717992][ T6350] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  184.742350][ T6350] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  184.756067][T10749] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  184.769640][ T6350] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  184.779628][ T6350] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  184.834454][T10749] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  184.880428][T10766] FAULT_INJECTION: forcing a failure.
[  184.880428][T10766] name failslab, interval 1, probability 0, space 0, times 0
[  184.893578][T10766] CPU: 1 UID: 0 PID: 10766 Comm: syz.0.2799 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  184.893599][T10766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  184.893674][T10766] Call Trace:
[  184.893679][T10766]  <TASK>
[  184.893685][T10766]  __dump_stack+0x1d/0x30
[  184.893700][T10766]  dump_stack_lvl+0xe8/0x140
[  184.893713][T10766]  dump_stack+0x15/0x1b
[  184.893724][T10766]  should_fail_ex+0x265/0x280
[  184.893781][T10766]  ? assoc_array_insert+0x2e0/0x1990
[  184.893847][T10766]  should_failslab+0x8c/0xb0
[  184.893864][T10766]  __kmalloc_cache_noprof+0x4c/0x320
[  184.893884][T10766]  assoc_array_insert+0x2e0/0x1990
[  184.894031][T10766]  ? keyring_compare_object+0xda/0x100
[  184.894046][T10766]  ? assoc_array_delete+0x6e2/0x950
[  184.894132][T10766]  __key_link_begin+0x8a/0x140
[  184.894146][T10766]  key_move+0x160/0x550
[  184.894159][T10766]  ? __pfx_lookup_user_key_possessed+0x10/0x10
[  184.894178][T10766]  ? __pfx_keyring_search_iterator+0x10/0x10
[  184.894200][T10766]  keyctl_keyring_move+0xd6/0x110
[  184.894261][T10766]  __se_sys_keyctl+0x5f7/0xb80
[  184.894277][T10766]  ? __rcu_read_unlock+0x4f/0x70
[  184.894368][T10766]  ? __fget_files+0x184/0x1c0
[  184.894385][T10766]  ? fput+0x8f/0xc0
[  184.894419][T10766]  __x64_sys_keyctl+0x67/0x80
[  184.894436][T10766]  x64_sys_call+0x2f6d/0x2ff0
[  184.894455][T10766]  do_syscall_64+0xd2/0x200
[  184.894475][T10766]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  184.894501][T10766]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  184.894520][T10766]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.894534][T10766] RIP: 0033:0x7ff36fd4eec9
[  184.894579][T10766] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  184.894592][T10766] RSP: 002b:00007ff36e7af038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[  184.894620][T10766] RAX: ffffffffffffffda RBX: 00007ff36ffa5fa0 RCX: 00007ff36fd4eec9
[  184.894635][T10766] RDX: ffffffffffffffff RSI: 00000000143ad7c3 RDI: 000000000000001e
[  184.894650][T10766] RBP: 00007ff36e7af090 R08: 0000000000000000 R09: 0000000000000000
[  184.894662][T10766] R10: 0000000007ca89be R11: 0000000000000246 R12: 0000000000000001
[  184.894671][T10766] R13: 00007ff36ffa6038 R14: 00007ff36ffa5fa0 R15: 00007ffe04dafcc8
[  184.894683][T10766]  </TASK>
[  185.143691][T10734] vhci_hcd: connection reset by peer
[  185.149348][ T6351] vhci_hcd: stop threads
[  185.149423][T10738] vhci_hcd: connection closed
[  185.153917][ T6351] vhci_hcd: release socket
[  185.163451][ T6351] vhci_hcd: disconnect device
[  185.172008][T10749] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.182169][ T6351] vhci_hcd: stop threads
[  185.186677][ T6351] vhci_hcd: release socket
[  185.191827][ T6351] vhci_hcd: disconnect device
[  185.218519][ T3443] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  185.227030][ T3443] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  185.254906][ T3443] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  185.274434][ T3443] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  185.393803][T10790] FAULT_INJECTION: forcing a failure.
[  185.393803][T10790] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  185.407802][T10790] CPU: 1 UID: 0 PID: 10790 Comm: syz.3.2806 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  185.407836][T10790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  185.407903][T10790] Call Trace:
[  185.407913][T10790]  <TASK>
[  185.407922][T10790]  __dump_stack+0x1d/0x30
[  185.407948][T10790]  dump_stack_lvl+0xe8/0x140
[  185.407970][T10790]  dump_stack+0x15/0x1b
[  185.407986][T10790]  should_fail_ex+0x265/0x280
[  185.408025][T10790]  should_fail+0xb/0x20
[  185.408047][T10790]  should_fail_usercopy+0x1a/0x20
[  185.408123][T10790]  strncpy_from_user+0x25/0x230
[  185.408151][T10790]  ? kmem_cache_alloc_noprof+0x186/0x310
[  185.408179][T10790]  ? getname_flags+0x80/0x3b0
[  185.408221][T10790]  getname_flags+0xae/0x3b0
[  185.408329][T10790]  user_path_at+0x28/0x130
[  185.408359][T10790]  do_sys_truncate+0x5c/0x130
[  185.408465][T10790]  __x64_sys_truncate+0x31/0x40
[  185.408491][T10790]  x64_sys_call+0x1a2f/0x2ff0
[  185.408570][T10790]  do_syscall_64+0xd2/0x200
[  185.408608][T10790]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  185.408632][T10790]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  185.408664][T10790]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  185.408758][T10790] RIP: 0033:0x7f287380eec9
[  185.408773][T10790] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  185.408798][T10790] RSP: 002b:00007f287224e038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
[  185.408816][T10790] RAX: ffffffffffffffda RBX: 00007f2873a66090 RCX: 00007f287380eec9
[  185.408832][T10790] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000040
[  185.408897][T10790] RBP: 00007f287224e090 R08: 0000000000000000 R09: 0000000000000000
[  185.408912][T10790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  185.408926][T10790] R13: 00007f2873a66128 R14: 00007f2873a66090 R15: 00007ffcc0728fe8
[  185.408946][T10790]  </TASK>
[  185.466451][T10773] chnl_net:caif_netlink_parms(): no params data found
[  185.647538][T10773] bridge0: port 1(bridge_slave_0) entered blocking state
[  185.654716][T10773] bridge0: port 1(bridge_slave_0) entered disabled state
[  185.662431][T10773] bridge_slave_0: entered allmulticast mode
[  185.669120][T10773] bridge_slave_0: entered promiscuous mode
[  185.676480][T10773] bridge0: port 2(bridge_slave_1) entered blocking state
[  185.683937][T10773] bridge0: port 2(bridge_slave_1) entered disabled state
[  185.691953][T10773] bridge_slave_1: entered allmulticast mode
[  185.698475][T10773] bridge_slave_1: entered promiscuous mode
[  185.723515][T10773] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  185.743108][T10773] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  185.756731][T10798] loop4: detected capacity change from 0 to 1024
[  185.773945][T10773] team0: Port device team_slave_0 added
[  185.780436][T10798] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  185.781421][T10773] team0: Port device team_slave_1 added
[  185.801671][T10798] __nla_validate_parse: 4 callbacks suppressed
[  185.801685][T10798] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2807'.
[  185.823947][T10773] batman_adv: batadv0: Adding interface: batadv_slave_0
[  185.824113][T10798] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2807'.
[  185.831354][T10773] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  185.831386][T10773] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  185.834231][T10773] batman_adv: batadv0: Adding interface: batadv_slave_1
[  185.885478][T10773] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  185.911940][T10773] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  185.942323][T10773] hsr_slave_0: entered promiscuous mode
[  185.948825][T10773] hsr_slave_1: entered promiscuous mode
[  185.955056][T10773] debugfs: 'hsr0' already exists in 'hsr'
[  185.960808][T10773] Cannot create hsr debugfs directory
[  185.981977][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  186.040355][T10773] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.082788][T10773] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.145485][T10814] loop2: detected capacity change from 0 to 512
[  186.152790][T10814] journal_path: Non-blockdev passed as './bus'
[  186.159313][T10814] EXT4-fs: error: could not find journal device path
[  186.167436][T10816] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.182964][T10773] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.228209][T10822] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2816'.
[  186.237643][T10822] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2816'.
[  186.254565][T10773] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.268001][T10816] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.352536][T10816] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.402766][T10816] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.417373][T10830] loop2: detected capacity change from 0 to 512
[  186.425097][T10830] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities
[  186.478445][  T175] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  186.490545][  T175] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  186.502351][  T175] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  186.517403][ T6351] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  186.539013][T10773] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  186.548733][T10773] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  186.558369][T10773] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  186.568191][T10773] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  186.622896][T10773] 8021q: adding VLAN 0 to HW filter on device bond0
[  186.645577][T10852] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2827'.
[  186.648281][T10773] 8021q: adding VLAN 0 to HW filter on device team0
[  186.665443][  T175] bridge0: port 1(bridge_slave_0) entered blocking state
[  186.673170][  T175] bridge0: port 1(bridge_slave_0) entered forwarding state
[  186.682739][T10852] loop2: detected capacity change from 0 to 128
[  186.688585][  T175] bridge0: port 2(bridge_slave_1) entered blocking state
[  186.689348][T10852] EXT4-fs: Ignoring removed nobh option
[  186.696591][  T175] bridge0: port 2(bridge_slave_1) entered forwarding state
[  186.714743][T10852] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  186.733261][ T6351] bridge_slave_1: left allmulticast mode
[  186.739285][ T6351] bridge_slave_1: left promiscuous mode
[  186.745120][ T6351] bridge0: port 2(bridge_slave_1) entered disabled state
[  186.754476][ T6351] bridge_slave_0: left allmulticast mode
[  186.760774][ T6351] bridge_slave_0: left promiscuous mode
[  186.766871][ T6351] bridge0: port 1(bridge_slave_0) entered disabled state
[  186.791924][ T3309] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  186.812474][T10861] loop2: detected capacity change from 0 to 512
[  186.831812][T10861] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities
[  186.844988][T10863] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2832'.
[  186.896338][T10866] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2832'.
[  186.905563][T10866] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2832'.
[  186.918519][ T6351] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  186.928915][ T6351] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  186.936908][T10868] loop2: detected capacity change from 0 to 1024
[  186.945967][ T6351] bond0 (unregistering): Released all slaves
[  186.953087][T10868] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  186.955392][ T6351] bond1 (unregistering): Released all slaves
[  186.971217][T10868] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2834'.
[  186.975279][ T6351] bond2 (unregistering): Released all slaves
[  186.990149][ T6351] bond3 (unregistering): Released all slaves
[  186.999101][ T6351] bond4 (unregistering): Released all slaves
[  187.008441][ T6351] bond5 (unregistering): Released all slaves
[  187.017319][ T6351] bond6 (unregistering): Released all slaves
[  187.026622][ T6351] bond7 (unregistering): Released all slaves
[  187.041745][T10773] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  187.053854][T10773] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  187.099333][  T175] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  187.109495][  T175] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  187.123167][ T6351] tipc: Disabling bearer <udp:£>
[  187.128427][ T6351] tipc: Left network mode
[  187.201390][  T175] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  187.210368][  T175] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  187.273635][T10773] 8021q: adding VLAN 0 to HW filter on device batadv0
[  187.352928][ T6351] hsr_slave_0: left promiscuous mode
[  187.359168][ T6351] hsr_slave_1: left promiscuous mode
[  187.366503][ T6351] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  187.374502][ T6351] batman_adv: batadv0: Removing interface: batadv_slave_0
[  187.384425][ T6351] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  187.392101][ T6351] batman_adv: batadv0: Removing interface: batadv_slave_1
[  187.427622][T10890] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2839'.
[  187.441878][ T6351] team0: left promiscuous mode
[  187.447659][ T6351] team_slave_0: left promiscuous mode
[  187.454063][ T6351] team_slave_1: left promiscuous mode
[  187.462851][ T6351] veth1_macvtap: left promiscuous mode
[  187.468564][ T6351] veth0_macvtap: left promiscuous mode
[  187.475455][ T6351] veth1_vlan: left promiscuous mode
[  187.482211][ T6351] veth0_vlan: left promiscuous mode
[  187.587713][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  187.598324][ T6351] team0 (unregistering): Port device team_slave_1 removed
[  187.609960][ T6351] team0 (unregistering): Port device team_slave_0 removed
[  187.618388][   T12] smc: removing ib device syz!
[  187.703735][T10773] veth0_vlan: entered promiscuous mode
[  187.735778][T10773] veth1_vlan: entered promiscuous mode
[  187.811059][T10773] veth0_macvtap: entered promiscuous mode
[  187.855937][T10908] SELinux: security_context_str_to_sid (root) failed with errno=-22
[  187.865861][T10773] veth1_macvtap: entered promiscuous mode
[  187.895729][T10773] batman_adv: batadv0: Interface activated: batadv_slave_0
[  187.927076][T10773] batman_adv: batadv0: Interface activated: batadv_slave_1
[  187.957499][  T175] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  188.001636][  T175] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  188.010673][  T175] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  188.023980][  T175] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  188.089616][   T29] kauditd_printk_skb: 915 callbacks suppressed
[  188.089633][   T29] audit: type=1400 audit(188.049:23575): avc:  denied  { unlink } for  pid=3309 comm="syz-executor" name="file0" dev="tmpfs" ino=3085 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  188.130603][   T29] audit: type=1400 audit(188.089:23576): avc:  denied  { mounton } for  pid=10916 comm="syz.0.2850" path="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=dir permissive=1
[  188.155396][T10921] loop2: detected capacity change from 0 to 128
[  188.162422][T10921] EXT4-fs: Ignoring removed nobh option
[  188.174860][T10921] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  188.203359][   T29] audit: type=1400 audit(188.159:23577): avc:  denied  { unmount } for  pid=10773 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  188.227470][ T3309] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  188.285496][   T29] audit: type=1326 audit(188.249:23578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10937 comm="syz.1.2856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1695aeec9 code=0x7ffc0000
[  188.309747][   T29] audit: type=1326 audit(188.249:23579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10937 comm="syz.1.2856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1695aeec9 code=0x7ffc0000
[  188.341075][   T29] audit: type=1326 audit(188.299:23580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10937 comm="syz.1.2856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7fb1695aeec9 code=0x7ffc0000
[  188.366000][   T29] audit: type=1326 audit(188.299:23581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10937 comm="syz.1.2856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1695aeec9 code=0x7ffc0000
[  188.390613][   T29] audit: type=1326 audit(188.299:23582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10937 comm="syz.1.2856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1695aeec9 code=0x7ffc0000
[  188.419149][T10949] 9pnet_fd: Insufficient options for proto=fd
[  188.453556][T10952] lo speed is unknown, defaulting to 1000
[  188.474615][T10952] lo speed is unknown, defaulting to 1000
[  188.480887][T10952] lo speed is unknown, defaulting to 1000
[  188.487447][T10952] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  188.500445][T10952] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  188.514319][T10952] lo speed is unknown, defaulting to 1000
[  188.521349][T10952] lo speed is unknown, defaulting to 1000
[  188.521801][T10952] lo speed is unknown, defaulting to 1000
[  188.528561][T10952] lo speed is unknown, defaulting to 1000
[  188.533082][T10952] lo speed is unknown, defaulting to 1000
[  188.603773][   T29] audit: type=1400 audit(188.569:23583): avc:  denied  { write } for  pid=10968 comm="syz.2.2872" name="ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  188.643671][   T29] audit: type=1326 audit(188.609:23584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10975 comm="syz.4.2873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d7ccdeec9 code=0x7ffc0000
[  188.736347][T10988] loop2: detected capacity change from 0 to 2048
[  188.826275][T11009] FAULT_INJECTION: forcing a failure.
[  188.826275][T11009] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  188.840077][T11009] CPU: 1 UID: 0 PID: 11009 Comm: syz.1.2887 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  188.840108][T11009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  188.840123][T11009] Call Trace:
[  188.840131][T11009]  <TASK>
[  188.840140][T11009]  __dump_stack+0x1d/0x30
[  188.840165][T11009]  dump_stack_lvl+0xe8/0x140
[  188.840238][T11009]  dump_stack+0x15/0x1b
[  188.840337][T11009]  should_fail_ex+0x265/0x280
[  188.840362][T11009]  should_fail_alloc_page+0xf2/0x100
[  188.840454][T11009]  __alloc_frozen_pages_noprof+0xff/0x360
[  188.840494][T11009]  alloc_pages_mpol+0xb3/0x250
[  188.840533][T11009]  alloc_pages_noprof+0x90/0x130
[  188.840597][T11009]  __pmd_alloc+0x47/0x470
[  188.840621][T11009]  handle_mm_fault+0x19d4/0x2c20
[  188.840642][T11009]  ? __rcu_read_unlock+0x4f/0x70
[  188.840716][T11009]  do_user_addr_fault+0x3fe/0x1090
[  188.840762][T11009]  ? avc_has_perm_noaudit+0x1b1/0x200
[  188.840793][T11009]  exc_page_fault+0x62/0xa0
[  188.840823][T11009]  asm_exc_page_fault+0x26/0x30
[  188.840884][T11009] RIP: 0010:rep_movs_alternative+0x30/0x90
[  188.840911][T11009] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 cd f6 01 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08
[  188.840931][T11009] RSP: 0018:ffffc90002a17dc8 EFLAGS: 00050246
[  188.840953][T11009] RAX: ffff88811a430aa0 RBX: 0000000000000008 RCX: 0000000000000008
[  188.841036][T11009] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffc90002a17e08
[  188.841051][T11009] RBP: 0000000000004b52 R08: 0000000000000d9a R09: 0000000000000000
[  188.841064][T11009] R10: 0001c90002a17e08 R11: 0001c90002a17e0f R12: 0000000000004b52
[  188.841078][T11009] R13: ffff88814135f800 R14: ffffc90002a17e08 R15: 0000200000000000
[  188.841099][T11009]  _copy_from_user+0x6f/0xb0
[  188.841134][T11009]  vt_ioctl+0x10bd/0x1880
[  188.841183][T11009]  ? tty_jobctrl_ioctl+0x29e/0x810
[  188.841215][T11009]  tty_ioctl+0x7de/0xb80
[  188.841236][T11009]  ? __pfx_tty_ioctl+0x10/0x10
[  188.841256][T11009]  __se_sys_ioctl+0xce/0x140
[  188.841276][T11009]  __x64_sys_ioctl+0x43/0x50
[  188.841343][T11009]  x64_sys_call+0x1816/0x2ff0
[  188.841367][T11009]  do_syscall_64+0xd2/0x200
[  188.841476][T11009]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  188.841499][T11009]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  188.841525][T11009]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  188.841558][T11009] RIP: 0033:0x7fb1695aeec9
[  188.841575][T11009] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  188.841595][T11009] RSP: 002b:00007fb16800f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  188.841615][T11009] RAX: ffffffffffffffda RBX: 00007fb169805fa0 RCX: 00007fb1695aeec9
[  188.841628][T11009] RDX: 0000200000000000 RSI: 0000000000004b52 RDI: 0000000000000003
[  188.841668][T11009] RBP: 00007fb16800f090 R08: 0000000000000000 R09: 0000000000000000
[  188.841682][T11009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  188.841695][T11009] R13: 00007fb169806038 R14: 00007fb169805fa0 R15: 00007fff364cb9f8
[  188.841712][T11009]  </TASK>
[  189.204754][T11010] loop2: detected capacity change from 0 to 128
[  189.222377][T11010] EXT4-fs: Ignoring removed nobh option
[  189.257796][T11025] loop4: detected capacity change from 0 to 512
[  189.281942][T11025] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities
[  189.313113][T11033] FAULT_INJECTION: forcing a failure.
[  189.313113][T11033] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  189.326867][T11033] CPU: 1 UID: 0 PID: 11033 Comm: syz.4.2897 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  189.326974][T11033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  189.326996][T11033] Call Trace:
[  189.327004][T11033]  <TASK>
[  189.327069][T11033]  __dump_stack+0x1d/0x30
[  189.327094][T11033]  dump_stack_lvl+0xe8/0x140
[  189.327112][T11033]  dump_stack+0x15/0x1b
[  189.327127][T11033]  should_fail_ex+0x265/0x280
[  189.327149][T11033]  should_fail+0xb/0x20
[  189.327191][T11033]  should_fail_usercopy+0x1a/0x20
[  189.327221][T11033]  _copy_from_iter+0xd2/0xe80
[  189.327253][T11033]  ? alloc_pages_mpol+0x201/0x250
[  189.327322][T11033]  copy_page_from_iter+0x178/0x2a0
[  189.327357][T11033]  tun_get_user+0x679/0x2680
[  189.327384][T11033]  ? ref_tracker_alloc+0x1f2/0x2f0
[  189.327428][T11033]  tun_chr_write_iter+0x15e/0x210
[  189.327450][T11033]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  189.327472][T11033]  vfs_write+0x527/0x960
[  189.327563][T11033]  ksys_write+0xda/0x1a0
[  189.327708][T11033]  __x64_sys_write+0x40/0x50
[  189.327733][T11033]  x64_sys_call+0x27fe/0x2ff0
[  189.327757][T11033]  do_syscall_64+0xd2/0x200
[  189.327789][T11033]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  189.327826][T11033]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  189.327924][T11033]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  189.327947][T11033] RIP: 0033:0x7f9d7ccdd97f
[  189.327993][T11033] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  189.328069][T11033] RSP: 002b:00007f9d7b73f000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  189.328090][T11033] RAX: ffffffffffffffda RBX: 00007f9d7cf35fa0 RCX: 00007f9d7ccdd97f
[  189.328103][T11033] RDX: 000000000000004a RSI: 0000200000000000 RDI: 00000000000000c8
[  189.328115][T11033] RBP: 00007f9d7b73f090 R08: 0000000000000000 R09: 0000000000000000
[  189.328159][T11033] R10: 000000000000004a R11: 0000000000000293 R12: 0000000000000001
[  189.328172][T11033] R13: 00007f9d7cf36038 R14: 00007f9d7cf35fa0 R15: 00007fffcd8e5678
[  189.328255][T11033]  </TASK>
[  189.594682][T11041] loop2: detected capacity change from 0 to 512
[  189.618292][T11041] journal_path: Non-blockdev passed as './bus'
[  189.625066][T11041] EXT4-fs: error: could not find journal device path
[  189.677610][T11050] loop4: detected capacity change from 0 to 2048
[  189.685277][T11048] loop2: detected capacity change from 0 to 512
[  189.692266][ T3392] usb 9-1: enqueue for inactive port 0
[  189.697953][ T3392] usb 9-1: enqueue for inactive port 0
[  189.704312][T11048] journal_path: Non-blockdev passed as './bus'
[  189.710795][T11048] EXT4-fs: error: could not find journal device path
[  189.756203][T11054] loop2: detected capacity change from 0 to 512
[  189.764081][T11054] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities
[  189.781008][ T3392] vhci_hcd: vhci_device speed not set
[  189.912929][T11076] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5123 sclass=netlink_route_socket pid=11076 comm=syz.4.2915
[  189.951136][T11078] loop3: detected capacity change from 0 to 512
[  189.980523][T11078] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[  189.989931][T11082] FAULT_INJECTION: forcing a failure.
[  189.989931][T11082] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  190.003427][T11082] CPU: 0 UID: 0 PID: 11082 Comm: syz.4.2920 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  190.003461][T11082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  190.003474][T11082] Call Trace:
[  190.003481][T11082]  <TASK>
[  190.003490][T11082]  __dump_stack+0x1d/0x30
[  190.003513][T11082]  dump_stack_lvl+0xe8/0x140
[  190.003550][T11082]  dump_stack+0x15/0x1b
[  190.003569][T11082]  should_fail_ex+0x265/0x280
[  190.003595][T11082]  should_fail+0xb/0x20
[  190.003617][T11082]  should_fail_usercopy+0x1a/0x20
[  190.003721][T11082]  _copy_from_user+0x1c/0xb0
[  190.003939][T11082]  tipc_setsockopt+0x388/0x620
[  190.003963][T11082]  ? __pfx_tipc_setsockopt+0x10/0x10
[  190.004059][T11082]  __sys_setsockopt+0x184/0x200
[  190.004087][T11082]  __x64_sys_setsockopt+0x64/0x80
[  190.004114][T11082]  x64_sys_call+0x20ec/0x2ff0
[  190.004136][T11082]  do_syscall_64+0xd2/0x200
[  190.004168][T11082]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  190.004248][T11082]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  190.004338][T11082]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  190.004367][T11082] RIP: 0033:0x7f9d7ccdeec9
[  190.004386][T11082] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  190.004471][T11082] RSP: 002b:00007f9d7b73f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  190.004494][T11082] RAX: ffffffffffffffda RBX: 00007f9d7cf35fa0 RCX: 00007f9d7ccdeec9
[  190.004508][T11082] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000006
[  190.004522][T11082] RBP: 00007f9d7b73f090 R08: 0000000000000010 R09: 0000000000000000
[  190.004535][T11082] R10: 0000200000000380 R11: 0000000000000246 R12: 0000000000000001
[  190.004573][T11082] R13: 00007f9d7cf36038 R14: 00007f9d7cf35fa0 R15: 00007fffcd8e5678
[  190.004594][T11082]  </TASK>
[  190.370025][T11097] loop3: detected capacity change from 0 to 128
[  190.499594][T11090] lo speed is unknown, defaulting to 1000
[  190.724308][T11120] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode active-backup(1)
[  190.781828][T11122] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11122 comm=syz.2.2930
[  190.792059][T11090] chnl_net:caif_netlink_parms(): no params data found
[  190.826072][T11122] lo speed is unknown, defaulting to 1000
[  190.849624][T11122] lo speed is unknown, defaulting to 1000
[  190.896316][T11122] lo speed is unknown, defaulting to 1000
[  190.896643][T11090] bridge0: port 1(bridge_slave_0) entered blocking state
[  190.909479][T11090] bridge0: port 1(bridge_slave_0) entered disabled state
[  190.916850][T11090] bridge_slave_0: entered allmulticast mode
[  190.923631][T11090] bridge_slave_0: entered promiscuous mode
[  190.930912][T11090] bridge0: port 2(bridge_slave_1) entered blocking state
[  190.938641][T11090] bridge0: port 2(bridge_slave_1) entered disabled state
[  190.944580][T11122] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  190.946093][T11090] bridge_slave_1: entered allmulticast mode
[  190.960296][T11090] bridge_slave_1: entered promiscuous mode
[  190.988848][T11090] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  191.011258][T11122] lo speed is unknown, defaulting to 1000
[  191.015946][T11090] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  191.030798][T11122] lo speed is unknown, defaulting to 1000
[  191.037337][T11122] lo speed is unknown, defaulting to 1000
[  191.062893][T11090] team0: Port device team_slave_0 added
[  191.075002][T11090] team0: Port device team_slave_1 added
[  191.086169][T11122] lo speed is unknown, defaulting to 1000
[  191.086236][T11141] __nla_validate_parse: 8 callbacks suppressed
[  191.086250][T11141] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2931'.
[  191.101326][T11122] lo speed is unknown, defaulting to 1000
[  191.110463][T11141] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2931'.
[  191.127960][T11122] lo speed is unknown, defaulting to 1000
[  191.148393][T11090] batman_adv: batadv0: Adding interface: batadv_slave_0
[  191.155713][T11090] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  191.182258][T11090] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  191.193796][T11090] batman_adv: batadv0: Adding interface: batadv_slave_1
[  191.201093][T11090] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  191.229555][T11090] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  191.260419][T11090] hsr_slave_0: entered promiscuous mode
[  191.267089][T11090] hsr_slave_1: entered promiscuous mode
[  191.274323][T11090] debugfs: 'hsr0' already exists in 'hsr'
[  191.280494][T11090] Cannot create hsr debugfs directory
[  191.323508][ T6351] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  191.374362][ T6351] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  191.432310][ T6351] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  191.483062][ T6351] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  191.572134][ T6351] bridge_slave_1: left allmulticast mode
[  191.578529][ T6351] bridge_slave_1: left promiscuous mode
[  191.584527][ T6351] bridge0: port 2(bridge_slave_1) entered disabled state
[  191.602849][ T6351] bridge_slave_0: left promiscuous mode
[  191.603707][T11152] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2940'.
[  191.608868][ T6351] bridge0: port 1(bridge_slave_0) entered disabled state
[  191.720297][T11169] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2947'.
[  191.754798][ T6351] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  191.770400][ T6351] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  191.782940][ T6351] bond0 (unregistering): Released all slaves
[  191.798040][ T6351] bond1 (unregistering): Released all slaves
[  191.807241][ T6351] bond2 (unregistering): Released all slaves
[  191.815476][ T6351] bond3 (unregistering): Released all slaves
[  191.824418][ T6351] bond4 (unregistering): Released all slaves
[  191.833337][ T6351] bond5 (unregistering): Released all slaves
[  191.842819][ T6351] bond6 (unregistering): Released all slaves
[  191.852270][ T6351] bond7 (unregistering): Released all slaves
[  191.861406][ T6351] bond8 (unregistering): Released all slaves
[  191.870791][ T6351] bond9 (unregistering): Released all slaves
[  191.879088][ T6351] bond10 (unregistering): Released all slaves
[  191.931569][ T6351] tipc: Disabling bearer <udp:£>
[  191.936897][ T6351] tipc: Left network mode
[  191.946919][ T6351] hsr_slave_0: left promiscuous mode
[  191.964166][ T6351] hsr_slave_1: left promiscuous mode
[  191.973786][ T6351] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  191.981377][ T6351] batman_adv: batadv0: Removing interface: batadv_slave_0
[  191.994674][ T6351] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  192.002477][ T6351] batman_adv: batadv0: Removing interface: batadv_slave_1
[  192.023577][ T6351] veth1_macvtap: left promiscuous mode
[  192.029308][ T6351] veth0_macvtap: left promiscuous mode
[  192.040610][ T6351] veth1_vlan: left promiscuous mode
[  192.046447][ T6351] veth0_vlan: left promiscuous mode
[  192.147476][ T6351] team0 (unregistering): Port device team_slave_1 removed
[  192.150454][T11213] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2963'.
[  192.164307][ T6351] team0 (unregistering): Port device team_slave_0 removed
[  192.196003][T11188] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.270465][T11188] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.316285][T11228] loop2: detected capacity change from 0 to 1024
[  192.334168][T11228] EXT4-fs mount: 4 callbacks suppressed
[  192.334186][T11228] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  192.362801][T11188] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.394405][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  192.434628][T11188] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.471039][T11246] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2974'.
[  192.490013][T11090] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  192.501255][T11090] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  192.519063][T11246] loop2: detected capacity change from 0 to 128
[  192.522446][T11090] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  192.530359][T11246] EXT4-fs: Ignoring removed nobh option
[  192.540877][T11090] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  192.552791][T11246] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  192.586485][  T175] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  192.601719][ T3309] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  192.623468][ T3443] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  192.634038][T11268] loop2: detected capacity change from 0 to 512
[  192.642032][ T6351] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  192.667801][T11268] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  192.669283][ T6351] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  192.700183][T11090] 8021q: adding VLAN 0 to HW filter on device bond0
[  192.723369][T11090] 8021q: adding VLAN 0 to HW filter on device team0
[  192.737788][ T3443] bridge0: port 1(bridge_slave_0) entered blocking state
[  192.745009][ T3443] bridge0: port 1(bridge_slave_0) entered forwarding state
[  192.754606][ T3443] bridge0: port 2(bridge_slave_1) entered blocking state
[  192.761779][ T3443] bridge0: port 2(bridge_slave_1) entered forwarding state
[  192.832575][T11290] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2994'.
[  192.841772][T11290] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2994'.
[  192.855693][T11090] 8021q: adding VLAN 0 to HW filter on device batadv0
[  193.042592][T11090] veth0_vlan: entered promiscuous mode
[  193.052002][T11090] veth1_vlan: entered promiscuous mode
[  193.084511][T11090] veth0_macvtap: entered promiscuous mode
[  193.096598][T11090] veth1_macvtap: entered promiscuous mode
[  193.108263][T11090] batman_adv: batadv0: Interface activated: batadv_slave_0
[  193.120080][T11090] batman_adv: batadv0: Interface activated: batadv_slave_1
[  193.155736][ T3445] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  193.174144][   T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  193.191839][   T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  193.204612][   T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  193.252049][   T29] kauditd_printk_skb: 441 callbacks suppressed
[  193.252067][   T29] audit: type=1326 audit(193.219:24023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11325 comm="syz.4.3002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b792deec9 code=0x7ffc0000
[  193.290362][T11326] loop4: detected capacity change from 0 to 1024
[  193.341000][   T29] audit: type=1326 audit(193.249:24024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11325 comm="syz.4.3002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f8b792deec9 code=0x7ffc0000
[  193.365332][   T29] audit: type=1326 audit(193.249:24025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11325 comm="syz.4.3002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f8b792def03 code=0x7ffc0000
[  193.388998][   T29] audit: type=1326 audit(193.249:24026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11325 comm="syz.4.3002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f8b792dd97f code=0x7ffc0000
[  193.411985][   T29] audit: type=1326 audit(193.249:24027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11325 comm="syz.4.3002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f8b792def57 code=0x7ffc0000
[  193.435671][   T29] audit: type=1326 audit(193.249:24028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11325 comm="syz.4.3002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8b792dd710 code=0x7ffc0000
[  193.459354][   T29] audit: type=1326 audit(193.249:24029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11325 comm="syz.4.3002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8b792deacb code=0x7ffc0000
[  193.483085][   T29] audit: type=1326 audit(193.279:24030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11325 comm="syz.4.3002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f8b792ddb2a code=0x7ffc0000
[  193.493712][T11326] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  193.506669][   T29] audit: type=1326 audit(193.279:24031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11325 comm="syz.4.3002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f8b792ddb2a code=0x7ffc0000
[  193.506700][   T29] audit: type=1326 audit(193.279:24032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11325 comm="syz.4.3002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f8b792dd617 code=0x7ffc0000
[  193.593602][T11326] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3002'.
[  193.654858][T11303] syz.1.2998 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[  193.669588][T11303] CPU: 0 UID: 0 PID: 11303 Comm: syz.1.2998 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  193.669616][T11303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  193.669637][T11303] Call Trace:
[  193.669645][T11303]  <TASK>
[  193.669654][T11303]  __dump_stack+0x1d/0x30
[  193.669685][T11303]  dump_stack_lvl+0xe8/0x140
[  193.669707][T11303]  dump_stack+0x15/0x1b
[  193.669727][T11303]  dump_header+0x81/0x220
[  193.669757][T11303]  oom_kill_process+0x342/0x400
[  193.669862][T11303]  out_of_memory+0x979/0xb80
[  193.669893][T11303]  try_charge_memcg+0x5e6/0x9e0
[  193.669957][T11303]  obj_cgroup_charge_pages+0xa6/0x150
[  193.669992][T11303]  __memcg_kmem_charge_page+0x9f/0x170
[  193.670075][T11303]  __alloc_frozen_pages_noprof+0x188/0x360
[  193.670108][T11303]  alloc_pages_mpol+0xb3/0x250
[  193.670137][T11303]  alloc_pages_noprof+0x90/0x130
[  193.670233][T11303]  __vmalloc_node_range_noprof+0x6f2/0xe00
[  193.670299][T11303]  __kvmalloc_node_noprof+0x30f/0x4e0
[  193.670398][T11303]  ? ip_set_alloc+0x1f/0x30
[  193.670416][T11303]  ? ip_set_alloc+0x1f/0x30
[  193.670434][T11303]  ? __kmalloc_cache_noprof+0x189/0x320
[  193.670460][T11303]  ip_set_alloc+0x1f/0x30
[  193.670516][T11303]  hash_netiface_create+0x282/0x740
[  193.670538][T11303]  ? __pfx_hash_netiface_create+0x10/0x10
[  193.670558][T11303]  ip_set_create+0x3cc/0x960
[  193.670580][T11303]  ? save_fpregs_to_fpstate+0x100/0x160
[  193.670682][T11303]  nfnetlink_rcv_msg+0x4c6/0x590
[  193.670718][T11303]  netlink_rcv_skb+0x120/0x220
[  193.670820][T11303]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  193.670842][T11303]  nfnetlink_rcv+0x16b/0x1690
[  193.670923][T11303]  ? nlmon_xmit+0x4f/0x60
[  193.670962][T11303]  ? consume_skb+0x49/0x150
[  193.670989][T11303]  ? nlmon_xmit+0x4f/0x60
[  193.671021][T11303]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  193.671106][T11303]  ? __dev_queue_xmit+0x1200/0x2000
[  193.671275][T11303]  ? __dev_queue_xmit+0x182/0x2000
[  193.671299][T11303]  ? ref_tracker_free+0x37d/0x3e0
[  193.671380][T11303]  ? __netlink_deliver_tap+0x4dc/0x500
[  193.671442][T11303]  netlink_unicast+0x5c0/0x690
[  193.671463][T11303]  netlink_sendmsg+0x58b/0x6b0
[  193.671488][T11303]  ? __pfx_netlink_sendmsg+0x10/0x10
[  193.671511][T11303]  __sock_sendmsg+0x145/0x180
[  193.671590][T11303]  ____sys_sendmsg+0x31e/0x4e0
[  193.671697][T11303]  ___sys_sendmsg+0x17b/0x1d0
[  193.671731][T11303]  __x64_sys_sendmsg+0xd4/0x160
[  193.671757][T11303]  x64_sys_call+0x191e/0x2ff0
[  193.671791][T11303]  do_syscall_64+0xd2/0x200
[  193.671820][T11303]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  193.671843][T11303]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  193.671897][T11303]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  193.671976][T11303] RIP: 0033:0x7fb1695aeec9
[  193.671992][T11303] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  193.672009][T11303] RSP: 002b:00007fb16800f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  193.672029][T11303] RAX: ffffffffffffffda RBX: 00007fb169805fa0 RCX: 00007fb1695aeec9
[  193.672113][T11303] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000003
[  193.672125][T11303] RBP: 00007fb169631f91 R08: 0000000000000000 R09: 0000000000000000
[  193.672136][T11303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  193.672147][T11303] R13: 00007fb169806038 R14: 00007fb169805fa0 R15: 00007fff364cb9f8
[  193.672164][T11303]  </TASK>
[  194.012210][T11303] memory: usage 307036kB, limit 307200kB, failcnt 11929
[  194.019401][T11303] memory+swap: usage 323556kB, limit 9007199254740988kB, failcnt 0
[  194.028513][T11303] kmem: usage 306972kB, limit 9007199254740988kB, failcnt 0
[  194.036133][T11303] Memory cgroup stats for /syz1:
[  194.062065][T11303] cache 4096
[  194.070697][T11303] rss 36864
[  194.073886][T11303] shmem 0
[  194.076831][T11303] mapped_file 4096
[  194.080812][T11303] dirty 0
[  194.083887][T11303] writeback 0
[  194.087273][T11303] workingset_refault_anon 678
[  194.092146][T11303] workingset_refault_file 3127
[  194.097012][T11303] swap 16908288
[  194.100568][T11303] swapcached 65536
[  194.104524][T11303] pgpgin 243358
[  194.107987][T11303] pgpgout 243340
[  194.111849][T11303] pgfault 285869
[  194.115754][T11303] pgmajfault 386
[  194.119308][T11303] inactive_anon 16384
[  194.124138][T11303] active_anon 36864
[  194.128132][T11303] inactive_file 4096
[  194.132428][T11303] active_file 0
[  194.135924][T11303] unevictable 0
[  194.139524][T11303] hierarchical_memory_limit 314572800
[  194.144958][T11303] hierarchical_memsw_limit 9223372036854771712
[  194.151677][T11303] total_cache 4096
[  194.155517][T11303] total_rss 36864
[  194.159470][T11303] total_shmem 0
[  194.163113][T11303] total_mapped_file 4096
[  194.167365][T11303] total_dirty 0
[  194.170834][T11303] total_writeback 0
[  194.174781][T11303] total_workingset_refault_anon 678
[  194.180713][T11303] total_workingset_refault_file 3127
[  194.186135][T11303] total_swap 16908288
[  194.190222][T11303] total_swapcached 65536
[  194.194675][T11303] total_pgpgin 243358
[  194.198892][T11303] total_pgpgout 243340
[  194.203126][T11303] total_pgfault 285869
[  194.207308][T11303] total_pgmajfault 386
[  194.211427][T11303] total_inactive_anon 16384
[  194.216212][T11303] total_active_anon 36864
[  194.220617][T11303] total_inactive_file 4096
[  194.225381][T11303] total_active_file 0
[  194.229783][T11303] total_unevictable 0
[  194.234043][T11303] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.2998,pid=11302,uid=0
[  194.249185][T11303] Memory cgroup out of memory: Killed process 11302 (syz.1.2998) total-vm:94088kB, anon-rss:1264kB, file-rss:22248kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000
[  194.270642][T11331] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  194.270715][T11090] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  194.311275][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  194.332699][T11331] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  194.372980][T11331] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  194.430934][T11340] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3007'.
[  194.441302][T11331] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  194.540060][T11337] lo speed is unknown, defaulting to 1000
[  194.552623][T11337] lo speed is unknown, defaulting to 1000
[  194.588884][   T12] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  194.599184][   T12] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  194.650862][T11362] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  194.684091][   T12] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  194.694257][   T12] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  194.709096][T11337] chnl_net:caif_netlink_parms(): no params data found
[  194.747554][T11337] bridge0: port 1(bridge_slave_0) entered blocking state
[  194.755662][T11337] bridge0: port 1(bridge_slave_0) entered disabled state
[  194.763287][T11337] bridge_slave_0: entered allmulticast mode
[  194.769860][T11337] bridge_slave_0: entered promiscuous mode
[  194.776811][T11337] bridge0: port 2(bridge_slave_1) entered blocking state
[  194.784666][T11337] bridge0: port 2(bridge_slave_1) entered disabled state
[  194.792587][T11337] bridge_slave_1: entered allmulticast mode
[  194.799473][T11337] bridge_slave_1: entered promiscuous mode
[  194.824696][T11337] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  194.834802][   T12] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  194.845038][   T12] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  194.862304][T11337] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  194.895141][T11337] team0: Port device team_slave_0 added
[  194.906476][   T12] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  194.916478][   T12] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  194.945515][T11337] team0: Port device team_slave_1 added
[  194.969887][T11337] batman_adv: batadv0: Adding interface: batadv_slave_0
[  194.977384][T11337] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  195.005057][T11337] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  195.023169][T11337] batman_adv: batadv0: Adding interface: batadv_slave_1
[  195.030558][T11337] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  195.058065][T11337] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  195.088212][T11337] hsr_slave_0: entered promiscuous mode
[  195.094907][T11337] hsr_slave_1: entered promiscuous mode
[  195.101229][T11337] debugfs: 'hsr0' already exists in 'hsr'
[  195.107815][T11337] Cannot create hsr debugfs directory
[  195.170698][   T12] bridge_slave_1: left allmulticast mode
[  195.176645][   T12] bridge_slave_1: left promiscuous mode
[  195.182905][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  195.191395][   T12] bridge_slave_0: left allmulticast mode
[  195.197145][   T12] bridge_slave_0: left promiscuous mode
[  195.202933][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  195.333548][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  195.343966][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  195.354101][   T12] bond0 (unregistering): Released all slaves
[  195.363599][   T12] bond1 (unregistering): Released all slaves
[  195.372557][   T12] bond2 (unregistering): Released all slaves
[  195.381086][   T12] bond3 (unregistering): Released all slaves
[  195.389636][   T12] bond4 (unregistering): Released all slaves
[  195.398315][   T12] bond5 (unregistering): Released all slaves
[  195.407435][   T12] bond6 (unregistering): Released all slaves
[  195.416130][   T12] bond7 (unregistering): Released all slaves
[  195.424606][   T12] bond8 (unregistering): Released all slaves
[  195.433584][   T12] bond9 (unregistering): Released all slaves
[  195.482903][T11399] lo speed is unknown, defaulting to 1000
[  195.499271][   T12] tipc: Disabling bearer <udp:£>
[  195.504696][   T12] tipc: Disabling bearer <udp:s>
[  195.509862][   T12] tipc: Left network mode
[  195.514594][T11399] lo speed is unknown, defaulting to 1000
[  195.537839][   T12] hsr_slave_0: left promiscuous mode
[  195.544238][   T12] hsr_slave_1: left promiscuous mode
[  195.550625][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  195.559147][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  195.567442][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  195.575728][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  195.587674][   T12] veth1_macvtap: left promiscuous mode
[  195.593452][   T12] veth0_macvtap: left promiscuous mode
[  195.599709][   T12] veth1_vlan: left promiscuous mode
[  195.605156][   T12] veth0_vlan: left promiscuous mode
[  195.679366][   T12] team0 (unregistering): Port device team_slave_1 removed
[  195.690824][   T12] team0 (unregistering): Port device team_slave_0 removed
[  195.730944][ T3399] lo speed is unknown, defaulting to 1000
[  195.737178][ T3399] infiniband syz2: ib_query_port failed (-19)
[  196.022671][T11337] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  196.032496][T11337] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  196.041964][T11337] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  196.051568][T11337] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  196.100348][T11337] 8021q: adding VLAN 0 to HW filter on device bond0
[  196.113947][T11337] 8021q: adding VLAN 0 to HW filter on device team0
[  196.123844][ T3443] bridge0: port 1(bridge_slave_0) entered blocking state
[  196.131364][ T3443] bridge0: port 1(bridge_slave_0) entered forwarding state
[  196.144030][ T6351] bridge0: port 2(bridge_slave_1) entered blocking state
[  196.149908][   T12] IPVS: stop unused estimator thread 0...
[  196.151159][ T6351] bridge0: port 2(bridge_slave_1) entered forwarding state
[  196.160305][T11337] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  196.175012][T11337] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  196.290528][T11337] 8021q: adding VLAN 0 to HW filter on device batadv0
[  196.417222][T11337] veth0_vlan: entered promiscuous mode
[  196.433055][T11337] veth1_vlan: entered promiscuous mode
[  196.448996][T11337] veth0_macvtap: entered promiscuous mode
[  196.462628][T11337] veth1_macvtap: entered promiscuous mode
[  196.470510][T11470] __nla_validate_parse: 3 callbacks suppressed
[  196.470527][T11470] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3048'.
[  196.480175][T11337] batman_adv: batadv0: Interface activated: batadv_slave_0
[  196.486843][T11470] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3048'.
[  196.498992][T11337] batman_adv: batadv0: Interface activated: batadv_slave_1
[  196.514061][ T3445] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  196.528531][ T3445] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  196.538188][ T3445] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  196.562985][ T3445] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  196.623488][T11481] loop2: detected capacity change from 0 to 1024
[  196.634789][T11481] EXT4-fs: Ignoring removed orlov option
[  196.642663][T11485] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3053'.
[  196.676212][T11481] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  196.736265][T11337] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  196.903617][T11500] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3059'.
[  196.913907][T11500] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3059'.
[  196.923231][T11500] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3059'.
[  197.045569][T11362] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.442807][T11362] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.467582][   T12] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  197.483969][   T12] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  197.499514][T11362] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.531214][ T6351] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  197.539858][T11524] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3071'.
[  197.553077][ T3443] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  197.621991][T11524] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3071'.
[  197.631207][T11524] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3071'.
[  197.646534][   T12] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  197.658233][T11530] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3074'.
[  197.671619][   T12] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  197.693761][   T12] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  197.703913][   T12] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  197.810912][T11548] loop3: detected capacity change from 0 to 1024
[  197.889216][T11548] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  198.314878][T11566] loop2: detected capacity change from 0 to 128
[  198.322327][T11566] EXT4-fs: Ignoring removed nobh option
[  198.351948][   T29] kauditd_printk_skb: 955 callbacks suppressed
[  198.351964][   T29] audit: type=1326 audit(198.319:24988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11570 comm="syz.1.3092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1695aeec9 code=0x7ffc0000
[  198.398964][T11566] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  198.471938][   T29] audit: type=1326 audit(198.349:24989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11570 comm="syz.1.3092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7fb1695aeec9 code=0x7ffc0000
[  198.495808][   T29] audit: type=1326 audit(198.349:24990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11570 comm="syz.1.3092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1695aeec9 code=0x7ffc0000
[  198.520887][   T29] audit: type=1326 audit(198.389:24991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11574 comm="syz.0.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c1e7beec9 code=0x7ffc0000
[  198.545380][   T29] audit: type=1326 audit(198.389:24992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11574 comm="syz.0.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c1e7beec9 code=0x7ffc0000
[  198.570809][   T29] audit: type=1326 audit(198.389:24993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11574 comm="syz.0.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8c1e7beec9 code=0x7ffc0000
[  198.595625][   T29] audit: type=1326 audit(198.389:24994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11574 comm="syz.0.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c1e7beec9 code=0x7ffc0000
[  198.620739][   T29] audit: type=1326 audit(198.389:24995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11574 comm="syz.0.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c1e7beec9 code=0x7ffc0000
[  198.644940][   T29] audit: type=1326 audit(198.389:24996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11574 comm="syz.0.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f8c1e7beec9 code=0x7ffc0000
[  198.669286][   T29] audit: type=1326 audit(198.389:24997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11574 comm="syz.0.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c1e7beec9 code=0x7ffc0000
[  198.696916][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  198.707723][T11337] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  198.766079][T11594] loop4: detected capacity change from 0 to 1024
[  198.780203][T11599] loop2: detected capacity change from 0 to 128
[  198.791832][T11599] EXT4-fs: Ignoring removed nobh option
[  198.810546][T11594] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  198.827214][T11599] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  198.912299][   T12] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  198.922056][T11337] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  198.931611][   T12] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  198.940519][   T12] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  198.952133][   T12] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  199.203775][T11641] loop3: detected capacity change from 0 to 128
[  199.210537][T11641] EXT4-fs: Ignoring removed nobh option
[  199.219848][T11641] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  199.256800][ T3305] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  199.371115][T11654] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  199.423551][T11090] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  199.437789][T11654] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  199.473163][T11654] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  199.499751][T11668] loop4: detected capacity change from 0 to 128
[  199.506668][T11668] EXT4-fs: Ignoring removed nobh option
[  199.525474][T11654] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  199.538899][T11668] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  199.576875][T11090] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  199.594435][ T6350] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  199.620184][ T6350] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  199.638383][ T6350] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  199.650542][ T6350] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  199.753255][T11703] FAULT_INJECTION: forcing a failure.
[  199.753255][T11703] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  199.766954][T11703] CPU: 1 UID: 0 PID: 11703 Comm: syz.3.3149 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  199.767002][T11703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  199.767022][T11703] Call Trace:
[  199.767028][T11703]  <TASK>
[  199.767036][T11703]  __dump_stack+0x1d/0x30
[  199.767133][T11703]  dump_stack_lvl+0xe8/0x140
[  199.767152][T11703]  dump_stack+0x15/0x1b
[  199.767225][T11703]  should_fail_ex+0x265/0x280
[  199.767247][T11703]  ? __pfx_ppp_ioctl+0x10/0x10
[  199.767267][T11703]  should_fail+0xb/0x20
[  199.767364][T11703]  should_fail_usercopy+0x1a/0x20
[  199.767388][T11703]  _copy_from_user+0x1c/0xb0
[  199.767418][T11703]  ppp_get_filter+0x3e/0x160
[  199.767439][T11703]  ppp_ioctl+0xb93/0x11c0
[  199.767524][T11703]  ? __fget_files+0x184/0x1c0
[  199.767548][T11703]  ? __pfx_ppp_ioctl+0x10/0x10
[  199.767608][T11703]  __se_sys_ioctl+0xce/0x140
[  199.767667][T11703]  __x64_sys_ioctl+0x43/0x50
[  199.767683][T11703]  x64_sys_call+0x1816/0x2ff0
[  199.767707][T11703]  do_syscall_64+0xd2/0x200
[  199.767742][T11703]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  199.767769][T11703]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  199.767839][T11703]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.767861][T11703] RIP: 0033:0x7f287380eec9
[  199.767875][T11703] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  199.767903][T11703] RSP: 002b:00007f287226f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  199.767925][T11703] RAX: ffffffffffffffda RBX: 00007f2873a65fa0 RCX: 00007f287380eec9
[  199.767940][T11703] RDX: 00002000000003c0 RSI: 0000000040107446 RDI: 0000000000000005
[  199.767955][T11703] RBP: 00007f287226f090 R08: 0000000000000000 R09: 0000000000000000
[  199.767969][T11703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  199.767981][T11703] R13: 00007f2873a66038 R14: 00007f2873a65fa0 R15: 00007ffcc0728fe8
[  199.767998][T11703]  </TASK>
[  200.000841][T11713] netlink: 'syz.4.3154': attribute type 21 has an invalid length.
[  200.130553][T11738] loop4: detected capacity change from 0 to 512
[  200.141672][T11738] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  200.151403][T11738] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[  200.165326][T11738] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002]
[  200.177727][T11738] System zones: 0-2, 18-18, 34-34
[  200.184805][T11738] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.3154: iget: bad i_size value: 360287970189639680
[  200.211730][T11738] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.3154: couldn't read orphan inode 15 (err -117)
[  200.228001][T11738] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  200.540192][T11801] loop3: detected capacity change from 0 to 128
[  200.547566][T11801] EXT4-fs: Ignoring removed nobh option
[  200.558492][T11801] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  200.650775][ T3305] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  200.710504][ T6350] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  200.720461][ T6350] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  200.733710][ T6350] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  200.753322][ T6350] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  200.813901][T11847] loop2: detected capacity change from 0 to 128
[  200.824201][T11847] EXT4-fs: Ignoring removed nobh option
[  200.853252][T11090] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  200.864036][T11847] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  200.966793][T11337] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  201.039173][   T12] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  201.064648][   T12] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  201.109027][   T12] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  201.309826][   T12] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  201.499197][T11915] loop2: detected capacity change from 0 to 512
[  201.529752][T11915] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities
[  201.595677][T11838] syz.1.3209 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[  201.606976][T11838] CPU: 0 UID: 0 PID: 11838 Comm: syz.1.3209 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  201.607053][T11838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  201.607067][T11838] Call Trace:
[  201.607074][T11838]  <TASK>
[  201.607082][T11838]  __dump_stack+0x1d/0x30
[  201.607107][T11838]  dump_stack_lvl+0xe8/0x140
[  201.607186][T11838]  dump_stack+0x15/0x1b
[  201.607205][T11838]  dump_header+0x81/0x220
[  201.607239][T11838]  oom_kill_process+0x342/0x400
[  201.607361][T11838]  out_of_memory+0x979/0xb80
[  201.607429][T11838]  try_charge_memcg+0x5e6/0x9e0
[  201.607459][T11838]  charge_memcg+0x51/0xc0
[  201.607523][T11838]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  201.607649][T11838]  __read_swap_cache_async+0x1df/0x350
[  201.607685][T11838]  swap_cluster_readahead+0x277/0x3e0
[  201.607784][T11838]  swapin_readahead+0xde/0x6f0
[  201.607831][T11838]  ? __filemap_get_folio+0x4f7/0x6b0
[  201.607857][T11838]  ? swap_cache_get_folio+0x77/0x200
[  201.607891][T11838]  do_swap_page+0x301/0x2430
[  201.607919][T11838]  ? css_rstat_updated+0xb7/0x240
[  201.607955][T11838]  ? __pfx_default_wake_function+0x10/0x10
[  201.608050][T11838]  handle_mm_fault+0x9a5/0x2c20
[  201.608086][T11838]  do_user_addr_fault+0x636/0x1090
[  201.608122][T11838]  ? fpregs_restore_userregs+0xad/0x1d0
[  201.608185][T11838]  ? switch_fpu_return+0xe/0x20
[  201.608210][T11838]  ? fpregs_assert_state_consistent+0xb4/0xe0
[  201.608244][T11838]  exc_page_fault+0x62/0xa0
[  201.608276][T11838]  asm_exc_page_fault+0x26/0x30
[  201.608375][T11838] RIP: 0033:0x7fb1694857cc
[  201.608395][T11838] Code: 66 0f 1f 44 00 00 69 3d e6 fe ea 00 e8 03 00 00 48 8d 1d e7 07 38 00 e8 62 96 12 00 eb 0c 48 81 c3 f0 00 00 00 48 39 eb 74 24 <80> 7b 20 00 74 ee 8b 43 0c 85 c0 74 e7 48 89 df 48 81 c3 f0 00 00
[  201.608415][T11838] RSP: 002b:00007fff364cbb60 EFLAGS: 00010202
[  201.608435][T11838] RAX: 0000000000000000 RBX: 00007fb169805fa0 RCX: 0000000000000000
[  201.608451][T11838] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00005555829eb808
[  201.608465][T11838] RBP: 00007fb169807da0 R08: 0000000000000000 R09: 7fffffffffffffff
[  201.608520][T11838] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000031354
[  201.608533][T11838] R13: 00007fb169806180 R14: ffffffffffffffff R15: 00007fff364cbc70
[  201.608551][T11838]  </TASK>
[  201.608567][T11838] memory: usage 307200kB, limit 307200kB, failcnt 14033
[  201.842637][T11838] memory+swap: usage 323776kB, limit 9007199254740988kB, failcnt 0
[  201.850719][T11838] kmem: usage 307188kB, limit 9007199254740988kB, failcnt 0
[  201.858476][T11838] Memory cgroup stats for /syz1:
[  201.858968][T11838] cache 0
[  201.867904][T11838] rss 4096
[  201.871197][T11838] shmem 0
[  201.874242][T11838] mapped_file 0
[  201.877791][T11838] dirty 0
[  201.880736][T11838] writeback 8192
[  201.885038][T11838] workingset_refault_anon 740
[  201.889837][T11838] workingset_refault_file 3322
[  201.894721][T11838] swap 16973824
[  201.898213][T11838] swapcached 12288
[  201.901982][T11838] pgpgin 250950
[  201.905727][T11838] pgpgout 250947
[  201.909559][T11838] pgfault 298516
[  201.913844][T11838] pgmajfault 420
[  201.917496][T11838] inactive_anon 12288
[  201.921721][T11838] active_anon 0
[  201.925418][T11838] inactive_file 0
[  201.929188][T11838] active_file 0
[  201.929187][T11930] __nla_validate_parse: 45 callbacks suppressed
[  201.929204][T11930] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3257'.
[  201.933033][T11838] unevictable 0
[  201.944798][T11930] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3257'.
[  201.949197][T11838] hierarchical_memory_limit 314572800
[  201.952692][T11930] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3257'.
[  201.962008][T11838] hierarchical_memsw_limit 9223372036854771712
[  201.983205][T11838] total_cache 0
[  201.987105][T11838] total_rss 4096
[  201.990820][T11838] total_shmem 0
[  201.994561][T11838] total_mapped_file 0
[  201.998869][T11838] total_dirty 0
[  202.002553][T11838] total_writeback 8192
[  202.006630][T11838] total_workingset_refault_anon 740
[  202.012139][T11838] total_workingset_refault_file 3322
[  202.017564][T11838] total_swap 16973824
[  202.022156][T11838] total_swapcached 12288
[  202.026604][T11838] total_pgpgin 250950
[  202.030670][T11838] total_pgpgout 250947
[  202.034931][T11838] total_pgfault 298516
[  202.039210][T11838] total_pgmajfault 420
[  202.043375][T11838] total_inactive_anon 12288
[  202.047973][T11838] total_active_anon 0
[  202.052106][T11838] total_inactive_file 0
[  202.056451][T11838] total_active_file 0
[  202.060565][T11838] total_unevictable 0
[  202.064967][T11838] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.3209,pid=11838,uid=0
[  202.080325][T11838] Memory cgroup out of memory: Killed process 11838 (syz.1.3209) total-vm:94088kB, anon-rss:1268kB, file-rss:22248kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000
[  202.098137][T11839] ==================================================================
[  202.098176][T11839] BUG: KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64
[  202.098218][T11839] 
[  202.098223][T11839] read-write to 0xffffffff868099c0 of 8 bytes by interrupt on cpu 1:
[  202.098243][T11839]  tick_do_update_jiffies64+0x113/0x1c0
[  202.098274][T11839]  tick_nohz_handler+0x7f/0x2d0
[  202.098300][T11839]  __hrtimer_run_queues+0x20f/0x5a0
[  202.098322][T11839]  hrtimer_interrupt+0x21a/0x460
[  202.098343][T11839]  __sysvec_apic_timer_interrupt+0x5c/0x1d0
[  202.098375][T11839]  sysvec_apic_timer_interrupt+0x6f/0x80
[  202.098404][T11839]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  202.098430][T11839]  console_flush_all+0x55b/0x730
[  202.098453][T11839]  console_unlock+0xa1/0x330
[  202.176405][T11839]  vprintk_emit+0x388/0x650
[  202.181617][T11839]  vprintk_default+0x26/0x30
[  202.186236][T11839]  vprintk+0x1d/0x30
[  202.190294][T11839]  _printk+0x79/0xa0
[  202.194305][T11839]  __oom_kill_process+0x45e/0x8d0
[  202.199435][T11839]  oom_kill_process+0xf6/0x400
[  202.204570][T11839]  out_of_memory+0x979/0xb80
[  202.209181][T11839]  try_charge_memcg+0x5e6/0x9e0
[  202.214212][T11839]  charge_memcg+0x51/0xc0
[  202.218980][T11839]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  202.224963][T11839]  __read_swap_cache_async+0x1df/0x350
[  202.230870][T11839]  swap_cluster_readahead+0x277/0x3e0
[  202.236688][T11839]  swapin_readahead+0xde/0x6f0
[  202.241554][T11839]  do_swap_page+0x301/0x2430
[  202.246413][T11839]  handle_mm_fault+0x9a5/0x2c20
[  202.251546][T11839]  do_user_addr_fault+0x636/0x1090
[  202.256992][T11839]  exc_page_fault+0x62/0xa0
[  202.261611][T11839]  asm_exc_page_fault+0x26/0x30
[  202.266940][T11839] 
[  202.269287][T11839] read to 0xffffffff868099c0 of 8 bytes by task 11839 on cpu 0:
[  202.277420][T11839]  mem_cgroup_flush_stats_ratelimited+0x29/0x70
[  202.283881][T11839]  count_shadow_nodes+0x6a/0x230
[  202.289015][T11839]  do_shrink_slab+0x60/0x680
[  202.293716][T11839]  shrink_slab+0x448/0x760
[  202.298220][T11839]  shrink_node+0x6c3/0x2120
[  202.302995][T11839]  do_try_to_free_pages+0x3f6/0xcd0
[  202.308753][T11839]  try_to_free_mem_cgroup_pages+0x1ab/0x410
[  202.314845][T11839]  try_charge_memcg+0x358/0x9e0
[  202.320077][T11839]  obj_cgroup_charge_pages+0xa6/0x150
[  202.325822][T11839]  __memcg_kmem_charge_page+0x9f/0x170
[  202.332094][T11839]  __alloc_frozen_pages_noprof+0x188/0x360
[  202.338461][T11839]  alloc_pages_mpol+0xb3/0x250
[  202.343430][T11839]  alloc_pages_noprof+0x90/0x130
[  202.348576][T11839]  __vmalloc_node_range_noprof+0x6f2/0xe00
[  202.354709][T11839]  __kvmalloc_node_noprof+0x30f/0x4e0
[  202.360235][T11839]  ip_set_alloc+0x1f/0x30
[  202.364588][T11839]  hash_netiface_create+0x282/0x740
[  202.370154][T11839]  ip_set_create+0x3cc/0x960
[  202.374755][T11839]  nfnetlink_rcv_msg+0x4c6/0x590
[  202.379871][T11839]  netlink_rcv_skb+0x120/0x220
[  202.384641][T11839]  nfnetlink_rcv+0x16b/0x1690
[  202.389325][T11839]  netlink_unicast+0x5c0/0x690
[  202.394211][T11839]  netlink_sendmsg+0x58b/0x6b0
[  202.399157][T11839]  __sock_sendmsg+0x145/0x180
[  202.403848][T11839]  ____sys_sendmsg+0x31e/0x4e0
[  202.408639][T11839]  ___sys_sendmsg+0x17b/0x1d0
[  202.413654][T11839]  __x64_sys_sendmsg+0xd4/0x160
[  202.418774][T11839]  x64_sys_call+0x191e/0x2ff0
[  202.423539][T11839]  do_syscall_64+0xd2/0x200
[  202.428417][T11839]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.434954][T11839] 
[  202.437388][T11839] value changed: 0x00000000ffffd97f -> 0x00000000ffffd981
[  202.445051][T11839] 
[  202.447480][T11839] Reported by Kernel Concurrency Sanitizer on:
[  202.453814][T11839] CPU: 0 UID: 0 PID: 11839 Comm: syz.1.3209 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  202.463905][T11839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  202.474855][T11839] ==================================================================