last executing test programs:

1m19.373593536s ago: executing program 5 (id=6):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8)
pipe2$watch_queue(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80)
add_key$user(0x0, &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r3 = add_key(&(0x7f0000000140)='cifs.spnego\x00', &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, r2, 0x1010000000000e1)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, r1, 0xffffffff)

1m17.848542409s ago: executing program 5 (id=9):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0)
fcntl$setlease(r2, 0x400, 0x0)
mq_open(&(0x7f0000000b40)='eth0\x00\xdd\xad4=2k\xf1\x05\x9b\x91y\xe1;F\xa2\x8df\xe9\x04\x00\x00\x00\x00\x0078z=\x8f\xd5F\xa4AR\xc7\x9f.\xdc\xdb\"A\x16\xd8\x19\xf1lZ\xc8\x93\xda\xf2\xc9\xe8h[u8\xc6\xfa\x9ep\xbe\a\xe2\xf5\xa3Y\x9f\xe1\x04gM\x99K$\r\xf1G\xee\xe1\xbd\x1e\xdf\xe1\x9c\x19\xda\xd3\x94EL\xca\x88\x85Q\x02\xd9L\x90\xeb%/\xb1\xeb\x11uP7\x1f\xd9b\xebF\xf8\x88\xf0\xac.\x94\xfc\v\xb1W\xef~+n\xb1\x9b\x02n]xr\xb3\x80\xbc>\xe8XX\xe6\x12\xf3\xc9\xd5\xf8\xd1\x8d\xcb9\xbf\xb0(<\xeb\x92\x8a\x16\xb7\x11^\xb6\xb7n\xd5\xb5\x00[\xdf\x94\x00\r\x95\x17\xa1h\xf8\x00\x00\x00\"\xa0\x05\xcc^\x90c\xc9}\xb8\ny\xf4\xe1\xb4.\xa4\a\x05\xbb}\x91\xf4C\xf5O\xf1a\x12\b\x86\xa16\xbb}C\xc9\x1d\\\xedD\x14\xb1w\x1e\xa0\xc1E\xb5\xf8\xab\xfb\xd9\x93\xb8vJ\x85p\xb5n\x1b\xe4\xd5g\xae\xe4\xeb\xca\xae\x1bs\xd4\xf0\xc0\xdag\x19R4\xd4\xd4\x04\xfc\x04Zb\xf6\xba\xf8B\xf6YU\xcd\xf2\xdb\xb5\xa2\xda\xdf\x8dD\xef`\x13\x15$\xceq\xd7j\xd7\xe3V\xf2\xa2\x95\xcf\x18T\xf1\xb0\xf3\xf8O', 0x1, 0x0, 0x0)

1m16.489826145s ago: executing program 5 (id=11):
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_mount_image$udf(&(0x7f0000000f00), &(0x7f00000000c0)='./bus\x00', 0xa00000, &(0x7f0000000680)={[{@rootdir={'rootdir', 0x3d, 0x3}}, {@anchor={'anchor', 0x3d, 0x6}}, {@undelete}, {@uid}, {@iocharset={'iocharset', 0x3d, 'koi8-u'}}, {@longad}, {@shortad}, {@uid_forget}, {@dmode={'dmode', 0x3d, 0x4}}]}, 0x1, 0xc49, &(0x7f0000001d40)="$eJzs3U9sHNd9B/DfGy3FldxWTOwqThoHm7ZIZcZy9S+mYhXuqqbZBpBlIhRzC8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBAhQIWMzsW3FJkbYskhIlfz429d2deW/2vXnrGVnQmxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQMTvvXLx1Om0zY5DD6ExAMADcXnsq6fObHf/BwAeW1d2+v9/AAAAAAAAAAAAAADgoEhRxJORYu7yWpqo3nfUL7X7bt0eHx7ZvtqRVNU8VJUvf+qnz5w996UXhs5381J75gPq77XPxGtjVy42Xp69OTc/tbAwNdkYn2lfm52cuucj7Lb+VoPVCWjcfP3W5PXrC40zz5/dtPv2wPv9TxwfuDD07MlnumXHh0dGxjaK1HvL1+67IR07zfA4HEWcjBTPfe+nqRURRez+XNQf7NhvdaTqxGDVifHhkaoj0+3WzGK5c7R7IoqIRk+lZvccbT8WUet7oH3YWTNiqWx+2eDBsntjc6351tXpqcZoa36xvdienRlNndaW/WlEEedTxHJErPbffbi+KKIWKb5zbC1dzU/9qM7DF6uJwTu3o9jHPt6Dsp2Nvojl4hEYswOsP4p4NVL87J0TcS1fZ6przRciXi3zBxFvlflSRCq/GOci3tvme8SjqRZF/Hk5/hfW0mR1PeheVy59rfGVmeuzPWW715WPeH+460rxkO4PR7bkg3HAr031KKJVXfHX0v3/ZgcAAAAAAAAAAAAAAACAvXYkivh0pHjl3/6omlcc1bz0YxeGfn/gl3vnjD/9Iccpyz4fEUvFvc3JPZwnBo6m0ZQe8lzij7N6FPHHef7ftx52YwAAAAAAAAAAAAAAAAAAAD7WivhJpHjx3RNpOXrXFG/P3GhcaV2d7qwK2137t7tm+vr6+nojdbKZcyLnUs7lnCs5V3NGkevnbOacyLmUcznnSs7VnHEo18/ZzDmRcynncs6VnKs5o5br52zmnMi5lHM550rO1ZxxQNbuBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4nBRRxC8ixbe/sZYiRUQzYiI6udL/sFsHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJT6UxHfjxSNP2je2VaLiFT923Gi/OVcNA+X+cloDpX5UjQv5mxVWWt+6yG0n93pS0X8OFL019++M+B5/Ps67+58DeKtb268+0ytk4e6Owfe73/i+LELQyOfe3qn12m7Bgxeas/cut0YHx4ZGevZXMuf/smebQP5c4u96ToRsfDGm6+3pqen5u//RfkV2EX1R+hFqn1ceupF9SJqB6IZD6fvm9Qf1gWKfVXe/9+LFL/97r93b/id+389fqnz7s4dPn7+Jxv3/xe3Huge7/+1rfXy/b+8p293/3+yZ9uL+XcjfbWI+uLNub7jEfWFN9482b7ZujF1Y2rm3KlTXx4a+vLZU32HI+rX29NTPa/25HQBAAAAAAAAAAAAAAAAPDipiN+NFK0fr6VGRNyu5msNXBh69uQzh+JQNd9q07zt18auXGy8PHtzbn5qYWFqsjE+0742Ozl1rx9Xr6Z7jQ+P7EtnPtSRfW7/kfrLs3NvzLdv/OHitvuP1i9eXVicb13bfncciSKi2btlsGrw+PBI1ejpdmumqjq67WT6j64vFfEfkeLauUb6fN6W5/9vneG/af7/0tYD7eH8/88d3Zj/94meouVnplTEzyPFb/3F0/H5qp1H465zlsv9TaQYPP/ZXC4Ol+W6beg8V6AzM7As+z+R4h9+sblsdz7kkxtlT3+kk/sIKMf/WKT4/p99N349b9v8/Iftx//o1gPt0/MfnurZdnTT8wp23XXy+J+MFC89+Xb8RrXl/z7w+R/dZ2+c6BTeeD7HPo3/r/ZsG8if+5t71XkAAAAAAAAAAIBHWF8q4m8jxQ9HaumFvO1e/v7f5NYD7dPf//pUz7bJvVmv6ENf7PqkAgAAAMAB0ZeK+EmkuLH49p051Jvnf/fM//ydjfmfw2nL3urP+X6lem7AXv75X6+B/LkTu+82AAAAAAAAAAAAAAAAAAAAHCgpFfFCXk99oprPP7njeuorkeKV/3oul0vHy3LddeAHql/rl2dnTl6cnp6tx2Lr6vRUY2yudW2qrPtUpFj768/mukW1vnp3vfnOGu8ba7HPR4qRv+uW7azF3l2b/KmNsqfLsp+IFP/595vL5qWp89rRVdkzZdm/ihRf/6ftyx7fKHu2LPvdSPGjrze6ZY+WZbvPR/3URtnnr80W+zAqAAAAAAAAAAAAAAAAAAAAfNz0pSL+NFL8983lO3P58/r/fT1vK299s2e9/y1uV+v8D1Tr/+/0+n7W/6+eK7C006cCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDjKUURb0aKuctraaW/fN9Rv9SeuXV7fHhk+2pHUlXzUFW+/KmfPnP23JdeGDrfzQ+uv9c+Ha+NXbnYeHn25tz81MLC1GRjfKZ9bXZy6p6PsNv6Ww1WJ6Bx8/Vbk9evLzTOPH920+7bA+/3P3F84MLQsyef6ZYdHx4ZGespU+u770+/S9ph++Eo4i8jxXPf+2n6YX9EEbs/Fx/y3dlvR6pODFadGB8eqToy3W7NLJY7R7snooho9FRqds/RAxiLXWlGLJXNLxs8WHZvbK4137o6PdUYbc0vthfbszOjqdPasj+NKOJ8iliOiNX+uw/XF0W8Him+c2wt/XN/xKHuefji5bGvnjqzczuKfezjPSjb2eiLWC62jln9TpkDM2YHWH8U8Y+R4mfvnIh/6Y+oRecnvhDxapk/iHgrOuOdyi/GuYj3tvke8WiqRRH/W47/hbX0Tn95PeheVy59rfGVmeuzPWW715VH/v7wIB3w+0k9ivhRdcVfS//qv2sAAAAAAAAAAAAAAACAA6SIX4sUL757IlXzg+/MKW7P3GhcaV2d7kzr6879686ZXl9fX2+kTjZzTuRcyrmccyXnas4ocv2czTLr6+sT+f1SzuWcKzlXc8ahXD9nM+dEzqWcyzlXcq7mjFqun7OZcyLnUs7lnCs5V3PGAZm7BwAAAAAAAAAAAAAAAAAAPF6K6p8U3/7GWlrv76wvPRGdXLEe6GPv/wMAAP//UG/5JA==")
r3 = openat(0xffffffffffffff9c, &(0x7f000009de80)='./file1\x00', 0x42, 0x1ff)
write(r3, &(0x7f0000000180)="7e7226ce9b4d692092ffa2b579f0ff5793012c9738a9be19ff3e69a683a0a1bbace0dc3853c661a4e1019e7a1f3af60350126cb99c5f3ace6f5616c00e0fb30b2832398fed6233b8632a001dd0a846cbb8a5d77e3208db486b055edb6ae7917f07ccf4b6811be57047aa17799359e733ec395940d1feb7a9ec2ddadb1ff61070c9c00f9db8e47f74a5271fa77b6e692e6ac97aaae883e5522f8e86c2403aec0ff8dee1cba5d40f0969470b9a2a95f6f22f9d4250809400ea8403a6540948", 0xfffffec6)

1m1.788024094s ago: executing program 5 (id=29):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000040)={0x4, <r5=>r3, 0x1})
ioctl$DMA_BUF_IOCTL_SYNC(r5, 0x40086200, &(0x7f0000000080)=0x7)

58.730823789s ago: executing program 5 (id=35):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/vmstat\x00', 0x0, 0x0)
r3 = syz_io_uring_setup(0x49a, &(0x7f00000003c0)={0x0, 0x79ad, 0x3180, 0x7ffd, 0x32c, 0x0, r2}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000040)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd=r2, 0x6, 0x0, 0x0, 0x2, 0x1})
io_uring_enter(r3, 0xfd0, 0x4c1, 0x43, 0x0, 0x0)

42.718248333s ago: executing program 32 (id=35):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/vmstat\x00', 0x0, 0x0)
r3 = syz_io_uring_setup(0x49a, &(0x7f00000003c0)={0x0, 0x79ad, 0x3180, 0x7ffd, 0x32c, 0x0, r2}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000040)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd=r2, 0x6, 0x0, 0x0, 0x2, 0x1})
io_uring_enter(r3, 0xfd0, 0x4c1, 0x43, 0x0, 0x0)

25.536052534s ago: executing program 1 (id=84):
socket$inet_smc(0x2b, 0x1, 0x0)
userfaultfd(0x801)
socket$inet(0x2, 0x3, 0x5)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$can_bcm(0x1d, 0x2, 0x2)
socket(0x10, 0x3, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
r0 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x0, 0x3, @remote, 0x1}, 0x1c)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[@ANYRES64=r3], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

23.207358743s ago: executing program 1 (id=88):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020100008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r4}, 0x10)
io_setup(0x2, &(0x7f00000002c0))

21.534355769s ago: executing program 1 (id=90):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x8cf6, 0x0, 0x0, 0x41100}, 0x94)
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x20000, 0x0)
syz_open_pts(r0, 0x101)
openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x511000, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4)
sched_setaffinity(0x0, 0xffffffffffffff9d, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r2 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f00000002c0)={0x2, @pix={0x4, 0x2, 0x50565559, 0x4, 0xfffffffb, 0x4, 0x6, 0x4, 0x0, 0x4, 0x1, 0x7}})

20.393509757s ago: executing program 3 (id=91):
r0 = socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r4 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)

18.665094979s ago: executing program 3 (id=93):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x40000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
write(0xffffffffffffffff, 0x0, 0x0)
socket$inet6(0xa, 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
timer_settime(0x0, 0x1, 0x0, &(0x7f0000000380))
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @empty}, 0x10)
sendto$inet(r1, &(0x7f0000000000), 0xfffffffffffffd74, 0x40004, 0x0, 0x0)

18.370427755s ago: executing program 1 (id=94):
socket$l2tp(0x2, 0x2, 0x73)
r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
fcntl$setsig(r0, 0xa, 0x13)
fcntl$setlease(r0, 0x400, 0x0)
timer_create(0x7, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000280))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = getpid()
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
close(r3)
fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2})
ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=<r4=>0x0)
fcntl$setown(r0, 0x8, r4)
timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)

15.158241265s ago: executing program 4 (id=99):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
syz_io_uring_submit(0x0, 0x0, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x3, 0x0, 0x0, 0x2})
io_uring_enter(0xffffffffffffffff, 0x7a98, 0x0, 0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r4, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x3000c041)
socket$kcm(0x10, 0x2, 0x4)

14.409023586s ago: executing program 3 (id=101):
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, 0x0, 0x0)
pselect6(0x0, 0x0, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mkdir(0x0, 0x0)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$int_in(r1, 0x5452, 0x0)
read$FUSE(r1, &(0x7f0000001c80)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_ATTR(r1, &(0x7f0000000300)={0x78, 0x0, r2, {0x2, 0x5, 0x0, {0x2, 0x80000000, 0x80, 0xffffffff, 0x200, 0x2, 0x0, 0x83c, 0x4, 0xc000, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x78)

14.259621525s ago: executing program 1 (id=102):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x10001, 0x7ffd, 0x27b6, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x20004}, 0x50)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
r2 = accept4$packet(0xffffffffffffffff, &(0x7f0000000440)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000480)=0x14, 0x80800)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f00000004c0)=@req3={0x81, 0x6, 0xb0e5, 0x7, 0x7f, 0xfb99, 0x60}, 0x1c)
sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000000c0)={0xa, 0x4e21, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}, 0x4}, 0x1c, &(0x7f0000000100)=[{&(0x7f0000000180)="6d91d39f02ce830b97549efca99474c99a0a715bf9255a7631955d851aecef5d2b67e69df4ce8f9c79fc7211070d5b5bfc31294031c02a35ee4592638b668e401d234bee3a4d790ade925aa01a101d1ebbe4e97a6455e7767149ea7c9eb69961f8898a9111217fc12128e350cb351b203417bec06fd8569f715c3d4f270966e8f2e71052467b6e471323d028b8b9654e3298bf7e51672e962496970b6ca84177e6e629b17c9e4758dbc388d8e33337d969d1517dfd0c3f0635b9f79fb963694a33871625392bd5e7ea7e86571b96ff", 0xcf}, {&(0x7f0000000580)="90b16d711b733ba497372078b5a0346be903f9d41fb8fb8015922746c84950c50b1eecf139d89455f694a909e024f165f6db49c42be7dcc550619b844f04df9c8be241f7aff26868d66a6f1baf8b65ec3afc5d3b416ca0470613525bad9e841feb648089726b85c0a4a358be3e93e397587e7f6c94158c0c85f904d0a55c9fb5eabc3ec3f5884b7c1d6065a3f5a3dac83ea19fcfac59fe3b73dd1cf2a68779ac1184ca4e8b44bd650f6bc2ee1edaf2b6b026b99156db5c9a2f4ac53edd15b1d11a5c4d04c040c673c55e4393f6dcfce44f05c68d938f08fb9f60a069a3af918c6a98e34e894874feaa19c393578f06956414a9930c83317db83c06fb7df0f66d7bbe43a2e33bbf0bb1fcd498b4567e3cce2279c54669dc658ad32ae22d27e6156c5121db643d74621696dd2f4cca7a3ee78ece94dd6cc79d4e9ad82a719e281f541cf806330652d25aac89e5a94f586063b6e04d638e48d6ebb929369e26163579f3c9d71d066b4ba85a61824b4fa11c57dbeb98d610a3b0f61a278d9a77dbcdbb0e7b5fade5bdb65d3e8c62a013ed7355ec8ac2cf8dddea79c7f4da6c8fad4c2437c6fa45ddee5bc18dc90b4fd2ee5f4a05525aeb0541307616791d491a0c1cf6e1e6e3c74521effdbbb0547efb38fcc054a9c70e9ed32114df6f60b1b1c1e55eb45aad0304d8f3783e1739cb9c391c1e7bb96310ab70584e764edfb48ca6c556d3edff327edf6fcddf466ce46fd806c0c23ab2eaf75f90336ab639e6e7ee3ebb2089a75c6b007371f77b6b5a140e10c7e8ef69344001fc3bfaca1408b69bccbce49b0e9a1225bf3d07fe4275a4253f458e47ceed1d85d92a754389e3d010e912d128fbc19e33df0d0c31ded7d292003972c7e88f198681ded0a12acb9b15ac3b43cd24716b669944a02308b18cddd1a804d3a74689ab0d18f9c2db677faf785596e43ab437f5b354e8e3a466d17ce84882720766e524f56f14e976aad4f1dac4ca8fc4c671c5e5d4ced4b7b12cb2649a764e7bf95351a6e9028b56b01eb022b9ff189e4f5a1bf181798364038c7aff86fd83060602404cd09430bdc044484aa0e9c945a7ce107fc310646cbaa74257eb0f6544db8f180fb9921e24819541f2630ec6faf3b06a24ee76fdac16e3cb3d4381ad1d376566a0d411611f1beba078a8aa3779b1a93eac16ff8e21a30f4b00e16577a792cb90defc44037b326b12a1fd88312b09ac2837d5ff0ef8df610dde0c8b976f649d04beb238ee5f06bee8fe515a4d2b26047c9d17bbffeef546dafc3b0ad7ab903909b4341dca94a6daac32eea00b06ad985c05baa1de6b2bbfe0132f35e447c8fc0ee16c7d1f81ca7d07f5db1159900ed131cd50d19634c64bf049b6af6365d56921bbfffc5b6f2f8cf96d7216d5fb60b60aafe475652c699e92060f44c1e72b2d4594b87654eff4b1d89e374df7c9e4f55d02da9aa0808fafa49350f243b44ae8fe87953d2dad87c6c33938d2f32c89fc7f16ca69e69d1fb99202470cd5d599c7d17e045ed7af5ed7c82af19e2eb0221059dedeeb4b2dbc5508bff4620d472421018c2265df42ae4ad5a2d4ce64aa25713a5dbe42b0e7eb0a71d363383b1b23683c5ca18c39f4dfcda0c8fe9632f3da651176b52ea4497315ceafe741c3826c2700b897e1cf08a4911296e1d61872bdb6f846bc325f3f39cc19f1c0356ef8243372877bfd2bc13c3ba9f2e45731a6e6fbdc1bed9e5cf6545d7d4068a3fae9a995520f9df1fc62d0dbf82c8d83d3d4d03b03665b23040dfb0d5da27246be1c850cc422a9a751ccac1817e89df37e751f21e1997c9b1bbac1709a2020aa555eae08eacd16c3114b54818a685ddfb709250fced3556af5deda3a2b5eb0874dec80dba3681956bf97bcd0dc4b025fab2530b4b853f887c2db3bd9d64f2875a435b2635c2a730fa90c72059fa8a8bda7b51535a1c59c86d299eaf1a1c1b139133f3a3e80f4efdc67327d2dfdd5e12a322ecb8e8d2bd39e384fd7ab0be349abb469584005e687174ec035148e775a1ebb752baad316b725037317f092f4fc587eab3d4e94f48abfae92ab4c6e177af16178a54c6a478689f50a23491ab57e7bc69543ebba8e54dcfd63b53c5ccf9bb6cf20ed26326acb9ddff1a8abd83436642e640dd9ef378426b8abe7a73f4b427d4c6cb5e1117ec488137c8c8c2b461e813b47722d024e179b1ce537c86676327a3a632fe0d63a9eadf8d89745cb4018c1458c7347cbcecfb1d9246ad4a89d758582aea28a8b87dd7f8228354ed6ec8fc347d752754870ca4c76b68d13770e9d203e882a106637c4138f39bb1698f09beb72f19e14bc3602ca345a60ad2ada93a5669c3bb9554b5dd67a86ec0f2f44e2b700cbf59d0c9189aa4e9726a0d5fc81785cd67ab11ee3d1d2440a153dd382d96865e0972c36f67c9668b1beec9266c26003a41c78ab52373ba79a9d1d1fd14fb50d84e1e1a90bd4bf7ed5d7c411184cb16fa0fa54616fbdf825707884eb43115f383b48eedec94c9ba58482bb42", 0x6ff}, {0x0}], 0x3, &(0x7f0000000300)=[@rthdrdstopts={{0x18, 0x29, 0x37, {0xff}}}, @flowinfo={{0x14, 0x29, 0xb, 0x7}}, @dontfrag={{0x14, 0x29, 0x3e, 0x10001}}, @tclass={{0x14, 0x29, 0x43, 0x1}}, @hoplimit={{0x14, 0x29, 0x34, 0x7}}, @hopopts={{0x20, 0x29, 0x36, {0x3b, 0x0, '\x00', [@enc_lim={0x4, 0x1, 0x5}, @pad1]}}}, @dontfrag={{0x14, 0x29, 0x3e, 0x8}}, @dontfrag={{0x14, 0x29, 0x3e, 0x100}}, @flowinfo={{0x14, 0x29, 0xb, 0xe7}}, @dontfrag={{0x14}}], 0xf8}, 0x40005)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0x2)
readv(r3, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0x940}], 0x1)
ioctl$TIOCVHANGUP(r3, 0x5437, 0x0)
sendmmsg$inet6(r1, &(0x7f0000007500)=[{{&(0x7f0000000140)={0xa, 0x4e21, 0x6, @empty}, 0x1c, 0x0, 0x0, &(0x7f0000000540)=[@hoplimit_2292={{0x14, 0x29, 0x8, 0x9}}, @flowinfo={{0x14}}], 0x30}}], 0x1, 0x68034)

13.891651287s ago: executing program 4 (id=103):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x20000, 0x0)
readv(r0, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0xfdef}], 0x1)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000001200)={0x0, 0xffffff1e, 0xffffffff, 0x4, 0x16, "001bf100eeff0000a2c2000100000000002000"})
r1 = syz_open_pts(r0, 0x101)
r2 = dup3(r1, r0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0xc8c7, 0x0, 0xfffffffd, 0x2}, 0x0, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r3, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x400, 0x200000400000000, 0x5, 0x344}, 0x0, 0x0)
syz_io_uring_setup(0x27f3, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xd)
write$UHID_INPUT(r2, &(0x7f0000002440)={0xa, {"08c39ee52f329f1698b1c4865f8b540a5eee9f496a0809c3d20325867b6edda88489ab4c09fe0a7f1e8640aa8e344f412df0d69475a5d6570e21f31fac7dfb4aa7ade0e851582d5c1abdd809580cb34c9e48576b1c73ed76023256fca058ada3db47d86cc75b33cf762b67fe61f152618c49a40858f68794a4fc484ab73ccd254ba3d147f5feddaf91dacc238c0a8096f79597ca1e6da781fcf37a0141a335c6a7577d2d53c6e552a7be208381bb31d1d3e0e92ea651655217535734b286d3f19780a4c720075a36a734151f8c00e651cb3a6bbe30e3f6aee48750436da6471e965e81f38134674fcb697108fb7345010bb8fa15fba9b33355d7858327171ab9c68f6c21b2ffbff4eb061dab80bc77a4a7769e7ff73bcd98790e09415bfc5978cf5af45c3ec9ef9c1a39f766c59d59590281038dbcb765580ba2b3f141d5bbfc40910a0894cd1f22d2a8b6d4e4778debef99438b54d44b4b7568de2777431a5b2f3e8d1a45a60a468f5e33e8ef534f803dfb6798c270f52edf031ecd996bb78c4e92961c63c079676d77412ebc6074e5f235417785e7a14b14ce7626b015071c154cc2bf8f4499b93293e9997c23df4c7a1498cf12414fb31eb873728e4f613b540d22e7ca718f18da5b82ed24995e4309c3af4a2e1097465bf09728082d09e71ea365522035eb9772b8e072f8454777ee304dacd59d3eb9f933f151fa14f8c38eadbeba04810a2dea7a66824f09235c13a45f07870210d0d310ce3ae6284577bd4e65f32700f6723727926cb52e4f27776a1dab0f6668327ab5cf1893879a635261f2e0d9923ccecbf5b80f10a8275c1515f47930d614e787f14c105d3a4f8faf8e7f738cf4eae4fc39ef3db3cb87794ace87f7239b69dc4ab4e5ae57cdfbd309e847d99600ef14b51faead01e8ade57d24270bc13a1787896096eeacb8ab1c93d31d93cfb244bb09ecfecf336362a5656db7df327cbb9aeb898f8af229c7bb9452805f2b4510c5df86b6d564e01f000000167ade5205331523a6392af2bea9e6db0ba5480cbf1b202714233289c4017cb66e83c0c8b6e88bedb922162d0ceecf6c5da173bbefe6781ab7720d2be6cca378db650c69d4228141ae190922fbbaddb86c7f0fe138b704e8305b3bcc7910b2280d96d71dafdbfa876b0013fc4de586f85d9ee077b6349becbdca8bd989a51c4c76ed8a8cc691a65078e0272a62edec8236a779f0cbffeda49dcdccd4def7064e0d77ae5a8c64f3057b4a3a0d4457d33f2bc6c112378315411baa4bb126fe540d750491fc58fbb66911ef82bce5ed76872dbcd8e05dea2f3f347a653aa39ab5d75e71671bfeb924e71476134dbf91e3f287fd853cc34bf81e717edd41aa04b6fbeb43cf2074f0c8fe5350401b6cff801c147a3b58b972aa5652629a9fd8b1df2852708ce958d4e9974ec4383aa5da4e3f75fdc85981e97b75863546f67a8703673b6fe2c26f0e9eeb8c45c26f673adac55fa5d69b82ae7d032fd3b26866047e8c029b90a62794a89c11398944b398b4177b2dcc5a743c16d4a5333b1e30af678d3db8df849c1753db067a6f94bab00c0dd3c7e94a8675924c89bda98ac09e10bcdf83f5114b9b466c413477a5cdc48c857230798934bcc1f0eb3a2d2944b139e459af32e515785f46ed4e97cdcb23c7e4dc7c4f91b5b5ca5228344aeb6652fffaf31325c7429bc70a5f6beaaa98ef190dffdeccc94bd814b3edfdd48243bf34291076ab5438ee00e924a827d5b453df42d24144fe1a45bb6c84fcbb2143d0a561c1e867c1279bdf0a47061ea77a84f36c720aff785f0db10eda84c767b5f3874f9455c0f026735ded32f0403ef7dbcf97d2233d59c670114ddf89314ba74fc248bcbdbf43c24e46304e229b3cf583aa410f4dfd119152495da8737518ee2a05a8ca1f004be3c551408f2e4013e444b63bf2bb26ddeae505642dffcc989ee241c48741181b506e22fdc4530319522780c74bf786852dc66ebbb51f8ecbb1e35de09ef7afe589bb8a31c5d63477db5d5e7174694ea04cfa98057d39127a4e5eedb4897a491c6693acd0a036abf846f3b6f3006e5e5fd586f29a4a8a31abbccf732e4f1b88187a72d669c16302657e9cbbeb9322662e111edc7771526400b6123d0f8207bcaa38bee07043e36e223d418ac948d65e7acfe72cc3fdcf03a3e43ecfec8ae489ddba09126709c5c7968829e3504de8a5010c9372de09476a7b96b04d7aed2486d8f89f21f075321abe350024abe00a81f87df3dc372fc3206496776c26b6958243070bda4cace3e358da5d39a3945765c2ba4b002b06efd416af66f3343f218ed84550ea83f02f9a5c3fc677ea60987aa25f0406d6154081cfdc074814a2465accdfa102858f5a52c9eae293c56ddcaf8f6926d3dd0ccb51a30c960d6b7e473038ebd3702b5106f6bc040efdfd7169fd3f2dc42ff23de26a239e13b74278729fd7e843b38a35c55fd50181ac13a9cbbbfd8feb36afaeb1993349c0ac5a0c44ffd92919dfe272b0f8ed7df7198cd299715f021109a58dced4753d3c7ddd6e9ea01596f18b2fe7000000004ccfca57aed5b5cebdff65de480a56bd53f4c7f83ddef00d7c9686311d1fce76f320bb3222a11db30ba6ed31535d8fda61e694478ca9935d72719b8d6b9be88ae3df30b60ee251b919b4d1734b994c62accdf855488b351738331b462eccf27efdc5577d7a5548579dc90d227a42ac010f33a720dc3cf0a63454f8b07c775287495761a058ec1e28e6aaf8057241f4ef8b5de56e279355bb66630c4ddf35e7c2cfff26a4241b1df0379d2a1e9f959e46d3843f89844ead50aff44640fcbc4a1edb033afff7cc9e57c4f8d31900764233e11fa4c28e547788c1b00de4268df692ba3415a9ad90fa712f9618f5ecff57da32809380eeff040cd3b23f508614c72b303cec3bcd732708303b166193366a062b9cea536f28478c387e626744c6a611a8e7162d274efccc84eee8eb31d3310c86752777dd5b5ffe234e895c54909f19a4aabcf3c15b90c02170409e314fd90e766ec4ba93c8ec6321237a980ad3c32fb2fab69e57541ea7f5427a85c2c57d40f9ebe9de5572f46a4713fb28e0af42d0adef3e29195aa41a3ba318181512eebfadffede4e35ff7f975928edc5d4d9f2d931fb44b30e1df55e66c52e1648e9cdaf71221b57c6a6b087428ccc57ade5b1531341cba2be452b426c434c70fd8c493337d4995cbd76ea1dd545226e3eb59d5f94ffb5352f87a4a66cd7c5e88322404fd397c46e198646a9c819d0eb1f10e54d8a3ea912f1cb134ff1095aa7325287f6ea9af8c13b67d6abcbb70dbc06838ecb33e45b60f6cb832c3e72d1401770f66bd02f35a2d007815ab676099e31f5102000000c0e83d5e7107c8dc5830c9cddb9781185b94d7f2814c5058ba3ac54c268741c5728f4997a9628602c2a36090162379f3f37c47619b3e7c7397a5913b7060b51e0c7f7226ff1135444f866f89a4b74136cbd3acb7178bd63183b3fd9cd19fdeb6fcc6341910ad4605da76a9af4bfb8b75fcd666f8188902b380ae560d9aa04f8f9b0ac5c109d1824a470726e06a49d955f8f71c8a86081e75b13f62600deb941da181eaff544cd559c467d8dae432debd22e7a7b3e1ad731a5b9470f5f60423dda061ff899c07c79f3da34f38e1d8182d6ee0c36c6029455091676c214569a8a8a759b20e41638fd57152029b190b5701d30a86f579e2d0cc53a2f809ca9bd3aba1eb2772a7acc35c4d983afa83a9baea35c0ed4931234719636cf8f5fe1884bde6cebbdf23bd62b1ebf0a5cb78c27295349bd7d5cf28c4ee4689497238fd3aa71a417914e6892667a56bd69dc2e5882cfb67df71494e9a9199e025892e4e7435f727636cd988cc7563d28db5133f649849c5b3973a3428de10ad39d96146b22acc50f50eee5a038876452b960686892de40efe30081ccdaa2bf64af78d5988026e529b36c62a21378ac42d220d0dd878010178e374e6dbb2b61206066d040700ed03c6fd9a4e00547fe9304aec0925d85a0acd07fdc5d48c1a1cff656916f5d25952327792255e0d606a32517781cc3d737ec753eb95b5b5b95dabd8946907ab54cc85d05b475e2e5486c6fc070417198d3a50910e2949d20d3fa68fd327934cff5171224942b8f18d88947763a7c710d09c4b269bdf2d3e99b755ba8fc04deabf4bc4bcffc4d62d491538c65078122bf2c263ae0020af67cfc9cf19e5b929e086af281fb43d5504d728935c5cfac136eb81703d50fddb39a5a713b2914c6acd9b2d07819cf7bba495ac5734fe423e611d309b80eeafcf9053d51b0ab3c29d5ca5eb8861ffc1ebc4d53f361b8991baecb52860c15202f979e34054fcde869d018103ccd6d914a70f1840fc6aaf426beec975ddb980b19b0f4cc2ca393c0b9e6ebe5e7d1c9fc1ef7a1c91378f0b73262993fb80667ecf62bac3c47cbd002ae1b87b8dc3ec99d5c987765d778868eb55022cc3bed14b8f934a584bcc98fa0b4f6e6982ab8d8a2bb49f9074ef429dd7b8db332a96ccec6983a97be7c8634c02e7937ffc8d613b83aa375886bf40a87ec062090382f874bf2c8e5fbb58ac18a46c4d9e85af3ca21bdacb7755f49776b0eb3972ff682c84beb07d74cbe2764e378253e72128991b73d2730704a5448280e8a0fd8cc87d4cddcffbfe5525ae3d2304877a3988e33c8e12bf77793e753f25840e9af2ce56bdb999fc62623a2298b4244534f662eb398a2577c72f6cfd5174697dcee151d4f3a7293b11de3889c43744da4165aca4e4a1e926d37ae4d7471584a06f3641f2037a74a58c2397a594f29d142d59f91bb57e24e1a3f30f68c626033cc34895c1b16d62e3a375c3e09f5dbd9338cd3a500643143cd404b57019c648c3ec31d696233fe16efc3c4c84aca0830ca8b9fbf1144b98d82f41e4cf67631c74cdcf8d9c8b8556b876ff1592683ccac0b47a26cb3a2cb1b917f433bb54e0b53deae9ac4b1cd0594c1fa0e6744e7ed88fdac60901e3da989f3b0d7c12b140cc576fa1b0e8e705321d37c303691aafc9fed9c3dc419078d0925ead56455ea5f3cd57941e410c1c14c2e8972d7cca44fcaca1f64fc817f4a41b6d9fb237fed159cb09e788ae560726537f49cb64b9f60915d402e0931355c55ad792cde758548b1af54b196e414046d4af3579a6c30ceac3d68bbfd2adef309c064e759a9f0dd69d682a3880b8ff27b69abffaa45ee7e65d8f1f6e40c188f6249fdf72220b4c87243217ba0292b9e9b67ebeda4fb83406216a4d765812bafeff34cc57f7d2cd1608282079c076055b9cabffe5fa491b970291bc2672540ccc15ed877d7dbe3ef683724c715ace770905e48c2dc6a44e1fc095773676d070eac00ee3834b07590cba7093f56b678313870471c81599d34c53fc03ec6c913d8ba3f604ace8da12d2025cbb5000bc062f4db65a6feacaf3915206d1c15ce7e78c17dc2ea32cb57d6fab0a22d487c77118e75016006f812541ec8180a321287a2d57248d4ee4a19706a19d802c70e250c3b0fc400a0b5cdc06537d2f55fd5300be4eeeaab8cc481a84b6a5e17d8c47ec92fe40710d4ec3530a94ca16710ade2ec7562398106e0ddbb6c8af6412166afd99d45d29a3a967e58decd0d6fc5bebb98d639b5606efd358a43d635d50f0ccb8472197da604994e7fb700243d5f7e45700", 0xe24}}, 0xffffff5c)

12.965741205s ago: executing program 0 (id=104):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f0000001400)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r1}, 0x18)
syslog(0x9, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x1)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)

11.773542685s ago: executing program 2 (id=105):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = inotify_init()
r4 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
r5 = inotify_add_watch(r3, &(0x7f0000000200)='./file0\x00', 0x400008bf)
write$binfmt_elf32(r4, &(0x7f0000000040)=ANY=[@ANYRES64=r5], 0x69)
close(r4)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)

11.77216932s ago: executing program 3 (id=106):
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1)
sched_setaffinity(0x0, 0xfffffffffffffdc5, &(0x7f00000002c0)=0x800002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001380)={&(0x7f0000000a80)=ANY=[@ANYBLOB], &(0x7f00000014c0)=""/2, 0x46, 0x2, 0x1}, 0x28)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, 0x0, 0x0)
r2 = fsopen(&(0x7f00000003c0)='bpf\x00', 0x0)
unlinkat(0xffffffffffffff9c, 0x0, 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f0000000280)='\xebU\x95\xa4i\xea`\xe0[\x9a\x84\x11\xc9&R:\xe9\xea\xec\xe05@b\x1f\xab\xb7\xe6\xd4\x18\xe7D@\xf5\xb2\xb4\xe8i$\x038\x99\xfb;\xbeR\xbf\xc2\r\x13\xf0\xf0\xec\x94\xad\nA\xee>\xb3i4\\\xc8\xd7 \x8d\xe0D\x953|) \xd8p\x12\x11\x81\x7f\x93\a\xfb!\x83\xc2\xd8\xe4\x98\xae\xb7\f\x0fR\xd3\xad\xa5\xca\xd5\xc2\bv+\x9a\x94\xd0\x05\x8d\xef\x9f94>\xa5?\x9a\x11Et\xef\xea\xe9e\x81\'jB\xca\f\xccz\x15x\x1cn\xe4\xf3\xbd\xb4q{\xb33\xffM\x95Jm\x90\x00\x15\r\xc8R\xb4\xf89>\xb7\x1e\xe3\x99\x99_~\xdb\xdc\xfd\x0f\x8f\xfc\xe4\xa4\xe8\x03K\xea\xb2\x91H|EB\xfd2\x10atXE\xee\xf4\x13c\xb5u\x85w$\xd3}\x19\xe7n\xf9\xe7\x11@\xceB\xd7/\xde\x80F\xe0\xd0dI\xedfq]\xb1\xaa\x9b)\\o\xd1\xdcx\x06\x80\x9f\xb3\xcc\r\b\xcb\xb1\x1c\x03G\xe4\xf0H`\x0e\xe1\xc7\x13\x9e%J\xe6\xe2\xe6\xb4:\xa8\xf51~\xc5\x8a\xfe++s\x0f\xa9\x00\x00A\xb8\xf1\xdb', &(0x7f0000000000)="8c", 0x1)

11.615631125s ago: executing program 1 (id=107):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x801, 0x84)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SG_BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r2, &(0x7f0000000280)='g', 0x1, 0x4008891, &(0x7f000005ffe4)={0xa, 0x0, 0x202, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x41}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000100)={0xb, 0x6, 0xfe, 0x2, 0x3, 0x80, 0x5, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x9}, 0xe)
setsockopt$sock_int(r2, 0x1, 0x28, 0x0, 0x0)
shutdown(r2, 0x1)
recvmmsg(r2, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0)

11.515575751s ago: executing program 0 (id=108):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$USBDEVFS_REAPURBNDELAY(0xffffffffffffffff, 0x4008550d, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x9000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r3 = gettid()
process_vm_writev(r3, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)

9.979814965s ago: executing program 4 (id=109):
accept(0xffffffffffffffff, 0x0, &(0x7f0000000040))
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
openat$dir(0xffffffffffffff9c, 0x0, 0xea, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000000), 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000480)={<r2=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r1, 0x40182103, &(0x7f0000000240)={r2, 0x2, r1})
mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', 0x0, 0x0, 0x0)
rmdir(&(0x7f0000000000)='./file0\x00')

9.788631357s ago: executing program 2 (id=110):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000280), 0x0)
socket$kcm(0x10, 0x2, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
gettid()
sendto$inet6(r0, &(0x7f0000000080)="b1", 0x1, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
write$UHID_SET_REPORT_REPLY(r0, 0x0, 0xffe0)

8.675097415s ago: executing program 0 (id=111):
openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0xa0201, 0x0)
ioctl$TIOCGETD(0xffffffffffffffff, 0x5424, 0x0)
openat$dsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x708, 0x41e3, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(0xffffffffffffffff, 0xfffffffc)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, 0x0, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x20, r3, 0x1, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}]}]}, 0x20}}, 0x0)

7.724828779s ago: executing program 3 (id=112):
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
getsockname$inet(0xffffffffffffffff, 0x0, &(0x7f0000000100))
sched_setscheduler(0x0, 0x2, &(0x7f0000000840)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, 0x0)
syz_mount_image$jfs(&(0x7f0000000400), &(0x7f0000000380)='./file1\x00', 0x0, &(0x7f0000002740)=ANY=[], 0x3, 0x5f4f, &(0x7f0000009040)="$eJzs3V1vHFf9B/DfPnj90H/TqPqrChEXbgqlpTTPCZSnplxwAUggoVyTyHWrQFpQEhCtIuIqF4gLHl4C3PSGi76RIvEKEC+ASAlXlaAMGvucZDxeex1i76x9Ph/JmfntmfGeydfj2fXM7AkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIL7z7R+e6UXElV+kB45G/F8MIvoRi3W9HPXMpbz8MCKOxXpzPBcRg/mIev31f56JOB8RHx+JuP/g9kr98Nld9uPC6Vs3Pv3ut/7269/fPfbjN3/0Ybv9B/9/7qPf3Ik4+v3XPvr0zt5sOwAAAJSiqqqql97mH0/v7/tddwoAmIp8/K+S/LharVar97T+XX+2+qMutG6qxrvTLCJirblO/ZrB6XgAOGDW4pOuu0CH5F+0YUQ81XUngJnW67oD7Iv7D26v9FK+vebxYHmjPf+dclP+a72H93dsN52kfY3JtH6+7sYgnt2mP4tT6sMsyfn32/lf2WgfpeX2O/9p2S7/0catT8XJ+Q/a+bdsyv8PEXFg8++Pzb9UOf/h4+S/NjjA+7/8AQAAAAA4/PLf/492fP53/sk3ZVd2Ov+7PKU+AAAAAAAAAMBee9Lx/x4y/h8AAADMrPq9eu2PRx49tt1nsdWPX+5FPN1aHihMullmqet+AAAAAAAAAAAAAEBJhhvX8F7uRcxFxNNLS1VV1V9N7fpxPen6B13p2w8l6/qXPAAAbPj4SOte/l7EQkRcTp/1N7e0tFRVC4tL1VK1OJ9fz47mF6rFxvvaPK0fmx/t4gXxcFTV32yhsV7TpPfLk9rb369+rlE12EXHpqPDwAEgIjaORvcdkQ6Zqnomun6Vw8Fg/z987P/sRtc/pwAAAMD+q6qq6qWP8z6ezvn3u+4UADANC/n43z4voFar1Wq1+vDVTdV4d5pFRKw116lfMxiOHwAOmLX4pOsu0CH5F20YEce67gQw03pdd4B9cf/B7ZVeyrfXPB6k8d3ztSCb8l/rra+X1x83naR9jcm0fr7uxiCe3aY/z02pD7Mk599v539lo32Ultvv/Kdlu/zr7TzaQX+6lvMftPNvOTz598fmX6qc//Cx8h/IHwAAAAAAZlj++//Rcs//DnJ/lqfUBwAAAAAAAADYa/cf3F7J973m8/+fHbNcrznn/s9DI+ff23X+7v89THL+/Xb+rQtyBo35e288yv+fD26vfHjrH5/J05nPf24wqp97rtcfDNM1P9XcW3EtrsdqnN6y/HBT+5kt7XOb2s9OaD+3pX1Uty/m9pOxEj+N6/Hmw/b5CRdGLUxorya05/wH9v8i5fyHja86/6XU3mtNa/c+6G/Z75vTcc9z6c//fnHr3jV9d2PwcNua6u070UF/1v9PnhrFz2+u3jj5y6u3bt04E2my6dGzkSZ7LOc/l75y/i+9sNGef+8399d7H4weO/9ZcTeG2+b/QmO+3t6Xp9y3LuT8R+kr55+PQOP3/4Oc//b7/ysd9AcAAAAAAAAAAAAAAAB2UlXV+i2ilyLiYrr/p6t7MwGAqfrt99JMlYRarVar1epDWzdV473eLGJh8zoXI+JX474ZADDL/hMRf++6E3RG/gXLn/dXTz/XdWeAqbr53vs/uXr9+uqNm133BAAAAAAAAAD4X+XxP5cb4z+vXwfUGjd60/ivb8TygR3/sz8arI91njbo+dh5/O8TsfP438MJzzc3oX00oX1+QvvChPaxN3o05PyfTxnn/I+nDStp/NeXOuhP13L+J9JYzzn/L7SWa+Zf/ekg59/flP+pW+/87NTN995/9do7V99efXv13TOnL54/d+H8uQsXTr117frq6Y1/O+zx/sr557GvXQdalpx/zlz+Zcn5fz7V8i9Lzv/FVMu/LDn//HpP/mXJ+ef3PvIvS87/5VTLvyw5/y+mWv5lyfm/kmr5lyXn/6VUy78sOf9XUy3/suT8T6Za/mXJ+Z9KtfzLkvPPZ7jkX5acf76yQf5lyfmfTbX8y5LzP5dq+Zcl538+1fIvS87/QqrlX5ac/8VUy78sOf8vp1r+Zcn5fyXV8i9Lzv+1VMu/LDn/r6Za/mXJ+X8t1fIvS87/66mWf1ly/t9ItfzLkvP/ZqrlX5ac/+upln9ZHn3+v5kpz/zrLxEz0A0zpc68+9edlun6NxMAAAAAAAAAAAAA0DaNK4273kYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+C87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsLe3cXIVd5nAD/7Za8NCW4ghBAnrI0BA4t311/gEINJQkpJm1IS0qYlNY69Nk78Ve86AYTKUmhLFKQitRf0omkSpVGktgJFkZpKNEJqpPauXCXiJmolLiwVKgcllVIFtjpz3vfdmdnZmfXH4jnn/H4I/70zZ2beOXNmdp+1nhkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaLbhY9N/PpBlWf5/4491WXZp/vc12Z78y7mdF3uFAAAAwPl6q/HnP1yWTtizjAs1bfNvH/qP78/Pz89nX3jz9Nt/OT+fzhjLsqHVWdY4L/r3X/5ivnmb4KlsdGCw6evBHjc/1OP84R7nj/Q4f1WP81f3OH+0x/mLdsAia4rfxzSubFPjr+uKXZpdkY00ztvU4VJPDaweHIy/y2kYaFxmfuRgdjg7kk1nk4suM9D4L8te2pDf1j1ZvK3Bpttan2XZmZ89vj+uYSDs401Zy401ND92b9yVjb35s8f3f2f29fd3mj13w6KVZtnmjfk6n86yhV9XZQPZ6rRP4joHm9a5vsM6h1rWOdC4XP739nWeWeY64/0eDet8pcs614fTHrk2y7K5bMlt2j2VDWZr22417e/R4ojIryN/KN+TDZ/VcbJhGcdJfpnXrm09TtqPybj/N4R9MrzEGpofjjeeXLVov5/rcZLf6344VvPrvi+/0dHR5l+tthyr+TaPX7f0MdDxsetwDKRjuekY2NjrGBhcNdQ4BgYX1ryx5RiYWnSZwWygcVunr+t+DEzMHj0xMfPoY7ccPrrv0PSh6WNTkzu3b9uxfduOHRMHDx+Zniz+PLtdWiJrs8F0DG4MrzXxGLyhbdvmQ3L+mxfueTDaJ8+D/L5/5vp8QZcOZksc4/k2T28+/+dB+r7f9DwYbnoedHxN7fA8GF7G8yDf5szm5X3PHG76v9MaVuq1cF3TMXAxvx/mt/ngjUu/Fq4P63rmprP9fji06BiId2sgPPfyU9LPe6O3hf2y+Li4Oj/jklXZqZnpk1se2Tc7e3IqC+MdcXnTY9V+vKxtuk/ZouNl8KyPlz1//6vrr+5w+rqwr0Zv7v5Y5dtsH+/+WDVe3Vv356qs2J8tp27NwrjA3un92em7Wb4/U5bosj/zbZ6+5fx/Fky5pOn1b6TX69/QyHDx+jeU9sZIy+vf4odmqLGyLDtzy/Je/0bC/+/0698VffL6l++rB7d0PwbybZ6ZONtjYLjr69+1YQ6E9dwYEsNoU+5/u3H+XHGYNj2WPY+b4eGRcNwMx1tsPW62LbpMfm35bW+ePLfjZvO1rY9Vy88tFTxu8n31V5Pdj5t8m5enzv+1Y038a9Nrx6pex8DI0Kp8vSPpIChe7+bXxGNgS7Y/O54dyQ6ky+SPcn5b41uXdwysCv+/068dV/XJMZDvq+e3dj8G8m1+tO3C/uy0OZyStmn62an99wtLZf6rhxeur323XejMn6/z4z/+VDqtU4bIt3l9+9nmjO776eZwyiUd9lP782epY/pA9s7sp6vCOo/s6P67qXybK3Yu83jak2XZq1OvNn7fFX6/+71TP/5+y+99O/1O+dWpV++duP8nZ7N+AADO3duNP+dWFT9rNv2L9XL+/R8AAAAohZj7B8NM5H8AAACojJj7h8JM5H8AAACojJj7h8NMapL/H75t1wtvPZGldwOcD+L5cTfcd0exXex4z4Wvx+YX5Kd/9NsjL3z1ieXd9mCWZb+69wMdt3/4jriuwom4zg+3nr7IVdcs6/YfemBhu+b3Tzizq7j+eH+WexjErvJLE1sb1zv26FRjvnxv1pj3zz3zVHH9xddx+9Pbiu3/JrxpyZ6DAy2X3xzWsynMsfCeMvftWdgP+YyXe2H9h/718s8u3F683MDGdzfu5vN/XFxvfI+o5y4vto/3e6n1/8vXvvtCvv0j13Ve/xODndd/Olzva2H+cnexffM+/2rT+v80rD/eXrzclm/9sOP6X3xfsf2L4bj4Rpjt67/rLz74VqfHK97OntuLy8Xbn/zf7Y3LxeuL19++/tEnplr2R/v1v/xmcT27v/zzoebt4+nxdqKHbm89vgfC49vSI8+y7Lt/lrXs5+wjxeX+uW398fpO3N55/Te3rfPEwDWNyy/cn3Ut9+vrf7e14/2N69nzj+ta7s9zd4f99+bEj/LrPX1/OB7D+f/3SnF97e9l+uLdra83cftvrCuet/H6JtrW/1zb+ueuyfdd7/Xf82ax/hfvXN2y/j2fCMfTPcXstf5Df3tZy+W/+Z3i8Tj5lfFjx2dOHT7QtFebn8erR9esveTSd737svBa2v713uOzD0+fHJscm8yysRK+ZeBKr/9bYf5PMeYu/C0UfvLz4rh79pPF960bflF8/Vw4/aHweMbvj1//65GW47X9cZ+7s5jnu/6bwjqW631f+69rlrXh6c+/dOqf/uT19p8L4v058d7Rxv17fsOVjfMGXi7Ob3+96uU/39v6vP7p8GRj/iDs1/nwzswbryxur/3643uTPPvp4vkbf5KLl8/a3k9k3VDr/Tjf9f80/Bzzw6taX//i8fGDJ9rezXldNpAvYS68PmRzxflxq7i/nz1zZcfbi+/Dk829/2yWuaSZR2cmjhw+duqRidnpmdmJmUcf23v0+Kljs3sb712694u9Lr/w/F7beH4fmN65PWs8248XY4Vd7PWfeGD/gVsnrz8wfXDfqYOzD5yYPnlo/8zM/ukDM9fvO3hw+iu9Ln/4wO6prbu23bp1/NDhA7tv27Vr267xw8eO58soFtXDzskvjR87ubdxkZnd23dN7dixfXL86PED07tvnZwcP9Xr8o3vTeP5pb88fnL6yL7Zw0enx2cOPza9e2rXzp1be77749ETB2fGJk6eOjZxamb65ERxX8ZmGyfn3/t6XZ56mDkeXu/aDISfzj938870/ri5bz+55FUVm7T+eJq9Ed4LKn5/6/V1zP0jYSY1yf8AAABQBzH3hzf+XzhD/gcAAIDKiLl/dZiJ/A8AAACVEXN/kfxH08e/1yX/X6j+/5P6/w36//r/mf5/ov+v/5/p/+v/96D/r/9f5vXr/+v/01u/9f9D7s/WZJl//wcAAICKirl/bZiJ/A8AAACVEXP/JWEm8j8AAABURsz9l4aZ1CT/+/x//X/9/279/7it/n+m/98P/f9N/63/v4j+v/5/pv9/zi52f77s6+/D/v8a/X/6Tb/1/2Puf1eYSU3yPwAAANRBzP3vDjOR/wEAAKAyYu6/LMxE/gcAAIDKiLl/XZhJTfK//r/+v/6/z//X/y9N/9/n/3eg/6//n+n/n7OL3Z8v+/r7sP/v8//pO/3W/4+5/9fCTGqS/wEAAKAOYu5/T5iJ/A8AAACVEXP/5WEm8j8AAABURsz9V4SZ1CT/17P//1qWZfr/mf6//n/bOvX/9f9Xgv6//n83+v/6/2Vev/6//j+99Vv/P+b+94aZ1CT/AwAAQB3E3H9lmIn8DwAAAJURc//7wkzkfwAAAKiMmPuvCjOpSf6vZ//f5//r/xf0/1vXqf+v/78S9P/1/7vR/9f/L/P69f/1/+mt3/r/Mfe/P8ykJvkfAAAA6iDm/qvDTOR/AAAAqIyY+z8QZiL/AwAAQGXE3L8+zKQm+V//X/9f/1//X/9f/38llav/P7jkOfr/Bf3/Vheu/z+3sAD9/9KsX/9f/5/e+q3/H3P/B8NMapL/AQAAoA5i7v9QmIn8DwAAAJURc/81YSbyPwAAAFRGzP1jYSY1yf/6//r/+v/6//r/+v8rqVz9/6Xp/xf0/1v5/H/9f/1//X+667f+f8z9G8JMapL/AQAAoA5i7t8YZiL/AwAAQGXE3H9tmIn8DwAAAJURc/+mMJOa5H/9f/1//X/9f/1//f+VpP+v/9+N/r/+f5nXr/+v/09v/db/j7n/ujCTmuR/AAAAqIOY+68PM5H/AQAAoDJi7r8hzET+BwAAgMqIuX9zmElN8r/+v/6//n+J+/9D+v+Z/n/f0//X/+9G/1//v8zr1//X/6e3fuv/x9x/Y5hJTfI/AAAA1EHM/TeFmcj/AAAAUBkx998cZiL/AwAAQGXE3D8eZlKT/K//r/+v/1/i/r/P/29Zv/5/f9L/L0v/f6T1S/3/ZdH/1//X/9f/p7t+6//H3H9LmElN8j8AAADUQcz9W8JM5H8AAACojJj7J8JM5H8AAACojJj7J8NMapL/9f/1//X/9f/1//X/V5L+f1n6/230/5dF/1//X/9f/5/u+q3/H3P/VJhJTfI/AAAA1EHM/VvDTOR/AAAAqIyY+7eFmcj/AAAAUBkx928PM6lJ/i9J/39LKkDp/+v/6//r/+v/l4r+v/5/N/r/+v9lXr/+v/4/rQY7nNZv/f+Y+3eEmdQk/wMAAEAdxNy/M8xE/gcAAIDKiLn/1jAT+R8AAAAqI+b+28JMapL/S9L/9/n/+v/6/030//X/y0T/X/+/G/1//f8yr1//X/+f3vqt/x9z/64wk5rkfwAAAKiDmPs/HGYi/wMAAEBlxNx/e5iJ/A8AAACl0ulzCKOY+z8SZlKT/K//X/X+//xq/X/9f/3/7uvX/19Z+v/6/93o/+v/l3n9+v/6//TWb/3/mPt3h5nUJP8DAABAHcTcf0eYifwPAAAAlRFz/51hJvI/AAAAVEbM/XvCTGqS//X/q97/9/n/+v/6/73Wr/+/svT/9f+70f8vZ/8//Nii/99H/f/8GNL/px/1W/8/5v67wkxqkv8BAACgDmLu/2iYifwPAAAAlRFz/8fCTOR/AAAAqIyY+z8eZlKT/K//r/+v/6//r/+v/7+S9P9XrP/feCnU/y/o/5+bi92fL/v6+6n/7/P/6Vf91v+Puf/uMJOa5H8AAACog5j7PxFmIv8DAABAZcTc/+thJvI/AAAAVEbM/feEmdQk/+v/6//r/+v/6//r/68k/X+f/9+N/r/+f5nXr/+v/09v/db/j7n/N8JMapL/AQAAoA5i7r83zET+BwAAgMqIuf+TYSbyPwAAAJTMqiXPibn/N8NMapL/y9f/Hytl/38wXb/+v/6//r/+v/7/haT/r/+f6f+fs4vdny/7+vX/9f/prd/6/zH3/1aYSU3yPwAAANRBzP2fCjOR/wEAAKAyYu7/7TAT+R8AAAAqI+b++8JMapL/L3T/v/3y3fj8f/3/TP9f/1//X///POn/6/9n+v/n7GL350u8/vijiP6//j899Fv/P+b+3wkzqUn+BwAAgDqIuf/+MBP5HwAAAPrUw2d9iZj7Px1mIv8DAABAZcTc/5kwk5rk//J9/r/+v/6//r/+v/5/mej/6/93o/+v/1/m9fv8f/1/euu3/n/M/Q+EmdQk/wMAAEAdxNz/2TAT+R8AAAAqI+b+3w0zkf8BAACgMmLu/70wk5rkf/1//X/9f/1//X/9/5Wk/7+4/5+/hun/F/T/9f/LvH79f/1/euu3/n/M/Z8LM6lJ/gcAAIA6iLn/98NM5H8AAACojJj7/yDMRP4HAACAyoi5/8Ewk5rkf/1//X/9f/1//X/9/5Wk/+/z/7vR/9f/L/P69f/1/+mt3/r/Mfd/PsykJvkfAAAA6iDm/j8MM5H/AQAAoDJi7t8bZiL/AwAAQGXE3P9QmElN8r/+v/6//r/+v/6//v9K0v/X/+9G/1//v8zr1//X/6e3fuv/x9y/L8xkT+vNAAAAAOUVc/8Xwkxq8u//AAAAUAcx9+8PM5H/AQAAoDJi7j8QZlKT/K//r/+v/6//r/+v/7+S9P/1/7vR/9f/L/P69f/1/+mt3/r/MfdPh5nUJP8DAABAHcTcfzDMRP4HAACAyoi5/1CYifwPAAAAlRFz/8NhJjXJ//r/+v/6/7Xt/7/yvbZ16v/r/68E/X/9/270//X/y7x+/X/9f3rrt/5/zP2Hw0xqkv8BAACgDmLu/2KYifwPAAAAlRFz/5fCTOR/AAAAqIyY+4+EmdQk/+v/6//r/9e2/7+8z/9fs3C7+v/6/+dC/1//vxv9f/3/Mq9f/1//n976rf8fc//RMJOa5H8AAACog5j7j4WZyP8AAABQGTH3Hw8zkf8BAACgMmLuPxFmUpP8r/9/dv3/gSW6gfr/ndev/1+B/n8T/X/9/3Oh/6//343+v/5/mdev/6//T2/91v+Puf+Pwkxqkv8BAACgDmLuPxlmIv8DAABAZcTcPxNmIv8DAABAZcTcPxtmUpP8r//v8//1//X/9f/1/1eS/r/+fzf6//r/ZV6//r/+P731W/8/5v5TYSY1yf8A8P/s3XeuXlfVx/HndV6Do4g5RMyAETAExoCEGAK9JPTQIfTeQm+hQ+i99x56b4HQqwTK9Vor2Nx7zrV9H3ufvT6fP7LCDSg7SpD4yXx1AAA6yN1/v7jF/gcAAIBp5O6/f9xi/wMAAMA0cvc/IG5psv/1//p//b/+X/+v/98n/b/+f4n+X/+/5ffr//X/rBut/8/d/8C4pcn+BwAAgA5y9z8obrH/AQAAYBq5+x8ct9j/AAAAMI3c/Q+JW5rsf/2//l//r//X/+v/90n/r/9fov/X/2/5/fp//T/rRuv/c/c/NG5psv8BAACgg9z9D4tb7H8AAACYRu7+h8ct9j8AAABMI3f/dXFLk/2v/9f/6/832P//v/5f/78d+n/9/xL9v/5/y+/X/+v/WTda/5+7//q4pcn+BwAAgA5y9z8ibrH/AQAAYHPuft/Df567/5Fxi/0PAAAA08jd/6i4pcn+1//r//X/G+z/ff9f/78h+n/9/xL9v/5/y+/X/+v/WTda/5+7/9FxS5P9DwAAAB3k7n9M3GL/AwAAwDRy9z82brH/AQAAYOtO5+/k7n9c3NJk/+v/9f/6f/2//l//v0/6f/3/Ev2//n/L79f/6/9Zt/f+/143HNzj9v+5+2+IW5rsfwAAAOggd//j4xb7HwAAAKaRu/8JcYv9DwAAANPI3f/EuKXJ/tf/6//v7P///X/6f/2//v/On+v/T4b+X/+/RP+v/9/y+/X/+n/W7b3/X+n9z//XufufFLc02f8AAADQQe7+J8ct9j8AAABMI3f/U+IW+x8AAACmkbv/qXFLk/2v/9f/+/6//l//r//fJ/3/sP3/+f/VO5f+/1j0//r/o/r/ex7j/fp/Ohit/8/d/7S4pcn+BwAAgA5y9z89brH/AQAAYBq5+2+MW+x/AAAAmEbu/mfELU32v/5f/6//1/+f2/+fatn/3/Ez/f9+6P+H7f+X6f+PRf+v//f9f/0/y0br/3P3PzNuabL/AQAAoIPc/c+KW+x/AAAAmEbu/mfHLfY/AAAATCN3/3Pilib7X/+v/9f/6/8v6fv/V83R//v+//7o//X/S/T/+v8tv1//r/9n3Wj9f+7+58YtTfY/AAAATO/Urnb/8+IW+x8AAACmkbv/+XGL/Q8AAADTyN3/grilyf7X/+v/9f/6/0vq/yf5/r/+f3/0//r/Jcft/3f6//pr0f+P8379v/6fdaP1/7n7Xxi3NNn/AAAA0EHu/hfFLfY/AAAATCN3/4vjFvsfAAAAppG7/yVxS5P9r//X/+v/9f/6f/3/Pun/9f9LfP9f/7/l9+v/9f+sG63/z93/0rilyf4HAACADnL3vyxusf8BAABgGrn7Xx632P8AAAAwjdz9r4hbzt//py7nqy4f/b/+X/+v/9f/6//3Sf+v/1+i/z+8/z9zxJ9P/z/W+/X/+n/Wjdb/5+6/KW7x6/8AAAAwjdz9r4xb7H8AAACYRu7+V8Ut9j8AAABMI3f/q+OWJvv/qP7/9mvO/nH9//Ho/w9/v/5f/6//1//r//X/S/T/vv+/5ffr//X/rBut/8/d/5q4pcn+BwAAgA5y9782brH/AQAAYBq5+18Xt9j/AAAAMI3c/a+PW5rs/5P//v+1+n/9v/4/rv5f/6//1//r/5fp//X/W36//l//z7rR+v/c/W+IW5rsfwAAAOggd/8b4xb7HwAAAKaRu/9NcYv9DwAAANPI3f/muKXJ/j/5/t/3//X/F9j/n9L/J/1//H3V/+v/L4D+X/+/0/9ftCvdz2/9/fp//T/rRuv/c/fffDD1+u1/AAAA6ODmg9+e2b0lbrH/AQAAYBq5+98at9j/AAAAMI3c/W+LW5rsf/2//v+K9/++/1/0//H3Vf+v/78A+n/9/07/f9GudD+/9ffr//X/rBut/8/d//a4pcn+BwAAgA5y978jbrH/AQAAYBqx+8/+n9/tfwAAAJjSOw9+e2b3rrilyf5v3P9fe6n9/9X/9fv6/8Pfr/8/kf7/5vP/2dP/6/+3RP+v/1+i/9f/b/n94/T/8YPr9P+MZ7T+P3f/u+OWJvsfAAAAOsjd/564xf4HAACAaeTuvyVusf8BAABgGrn73xu3NNn/jfv/Sb7/f+/b4gX6/3n7f9//j6v/1/8fRv8/Qf9/x//80v/Xn1//v533j9P/+/4/4xqt/8/d/764pcn+BwAAgA5y978/brH/AQAAYBq5+z8Qt9j/AAAAMI3c/R+MW5rsf/3/1vt/3//X/+v/9f9j0//r/5f4/r/+f8vv1//r/1k3Wv+fu/9DcUuT/Q8AAAAd5O7/cNxi/wMAAMA0cvd/JG6x/wEAAGAaufs/Grc02f/6f/3/vvr/O/4k+v8m/f/1+v+d/v9I+n/9/xL9v/5/y+/X/+v/WTda/5+7/2NxS5P9DwAAAB3k7v943GL/AwAAwDRy938ibrH/AQAAYBq5+z8ZN9zjblfuSSfr9BE/j95c/6//9/1//b/v/+v/90n/r/9fov/X/2/5/fp//T/rRuv/c/d/Km7x6/8AAAAwjdz9n45b7H8AAACYRu7+z8Qt9j8AAABMI3f/Z+OWJvtf/6//1/9vtv+/Wv9/7vv1/2PS/+v/l+j/9f9bfv+x+/9bD//P6//pYLT+P3f/5+KWJvsfAAAAOsjd//m4xf4HAACAaeTu/0LcYv8DAADANHL3fzFuabL/9f/6f/3/Zvt/3/8/7/36/zHp//X/S/T/+v8tv9/3//X/rBut/8/d/6W4pcn+BwAAgA5y9385brH/AQAAYBq5+78St9j/AAAAMI3c/V+NW5rsf/2//l//r//X/+v/90n/r/9fov/X/2/5/fp//T/rRuv/c/d/LW5psv8BAACgg9z9X49b7H8AAACYRu7+b8Qt9j8AAABMI3f/N+OWJvt/5v5/6d+m/z9L/6//3+n/9f97pv/X/y/R/+v/t/x+/b/+n3Wj9f+5+78VtzTZ/wAAANBB7v5vxy32PwAAAEwjd/+tcYv9DwAAANPI3f+duKXJ/p+5/1+i/z9L/6//3+n/9f97pv/X/y/R/+v/t/x+/b/+n3VXqP8/vTui/8/d/924pcn+BwAAgA5y938vbrH/AQAAYBq5+78ft9j/AAAAMI3c/T+IW+bZ//e5ZeEP6v9PvP8/+IdI/6//3+n/9f/6/wP6f/3/Ev2//n/L79f/6/9ZN9r3/3P3/zBumWf/AwAAQHu5+38Ut9j/AAAAMI3c/T+OW+x/AAAAmEbu/p/ELU32v/7f9//1/636/6t2+n/9/2Wm/9f/L9H/6/+3/H79v/6fdaP1/7n7fxq35PC75mL+KgEAAICR5O7/WdzS5Nf/AQAAoIPc/T+PW+x/AAAAmEbu/l/ELU32v/5f/6//b9X/+/6//v+y0//r/5fo//X/W35/9v/5z53+X//P/xqt/8/d/8u4pcn+BwAAgA5y9/8qbrH/AQAAYBq5+38dt9j/AAAAMI3c/b+JW5rsf/2//l//r//X/+v/90n/r/9fov/X/2/5/b7/r/9n3Wj9f+7+2+KWJvsfAAAAOsjd/9u4xf4HAACAaeTu/13cYv8DAADANHL33x63NNn/+n/9/5T9/131//p//f8o9P/6/yX6f/3/lt+v/9f/s260/j93/+/jlib7HwAAADrI3f+HuMX+BwAAgGnk7v9j3GL/AwAAwDRy9/8pbmmy//X/+v8L7/9P11/3sP2/7//r//X/w5i3/7+L/v+w/v/Mhb2/e/9/401nf6z/3+b79f/6f9aN1v/n7v9z3NJk/wMAAEAHufv/ErfY/wAAADCN3P1/jVvsfwAAAJhG7v6/xS1N9r/+X/8/5ff/9f/6f/3/MObt/33/3/f/ff9f/6//1/+zZrT+P3f/3+OWJvsfAAAAOsjd/4+4xf4HAACAaeTu/2fcYv8DAADANHL3/ytuabL/9f/6f/2//l//r//fJ/2//n+J/l//v+X36//1/6wbrf/P3f+fAAAA///vXi84")
r0 = syz_open_dev$MSR(&(0x7f0000000900), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdir(&(0x7f0000000300)='./bus\x00', 0x9)
mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}]})
r1 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r1, 0x0, 0xc000, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x101042, 0x104)

7.111342553s ago: executing program 4 (id=113):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x4)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000080), 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10)
sendmsg$inet(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="5c00000014006b03000000d86e6c1d000a847ea622fb564500004e23e3f58e76110165f450e71b0075e3002500028d459e37000f0000000000bf9367b47e51f60a64c9f4d4938037e786a6d0bdd700"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

7.110371515s ago: executing program 2 (id=124):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket(0x10, 0x3, 0x0)
creat(0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x26100, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
sendmmsg$sock(r2, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0)
shutdown(r2, 0x1)

6.505127933s ago: executing program 0 (id=114):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)

5.110689342s ago: executing program 4 (id=115):
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x1, 0x3f, 0x40, 0x42}, 0x48)
lsetxattr$security_ima(&(0x7f00000002c0)='./bus\x00', &(0x7f0000000180), &(0x7f00000001c0)=ANY=[@ANYBLOB="03020c"], 0xa, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)

4.776699389s ago: executing program 3 (id=116):
socket$kcm(0x10, 0x5, 0x0)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x80010)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
flistxattr(r2, 0x0, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='personality\x00')
lseek(r3, 0x1000000, 0x0)

4.209869817s ago: executing program 0 (id=117):
bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x0, 0x0, 0x20493859, 0x0, 0x0, 0x0, 0x5, 0xfeedcafe, 0x3, 0x7}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
socket(0x2a, 0x2, 0x0)
select(0x40, &(0x7f0000000400)={0x9, 0x3, 0x80000000, 0x8000000, 0x100000001, 0x201, 0x1}, 0x0, 0x0, 0x0)
close(0x3)
socket$inet6(0xa, 0x1, 0x0)
bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYBLOB, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)

4.08183584s ago: executing program 2 (id=118):
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
r4 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0x2d}, 0x4e20, 0x3, 'wrr\x00', 0x1, 0x2, 0x6e}, 0x2c)
sendmsg$rds(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000400)=[@mask_cswp={0x58, 0x114, 0x9, {{0xe, 0x7}, &(0x7f0000000140)=0x6, 0x0, 0x6, 0x2, 0x7ff, 0x4, 0x22, 0xfffffffffffffffa}}], 0x58, 0x8004}, 0x0)

2.844033713s ago: executing program 4 (id=119):
ioperm(0x0, 0x8, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00'}, 0x10)
prctl$PR_SET_IO_FLUSHER(0x43, 0xfffffffffffffffd)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @empty}}, 0x5, 0x12, 0x0, 0x3}, 0x9c)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0xe0000000, 0x5e490420, 0x2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20, 0x0, 0x3731, {0x0, 0x7f69ff17f1e1ab77}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xc5001, 0x104)
write$cgroup_netprio_ifpriomap(r2, 0x0, 0x0)

1.552202776s ago: executing program 2 (id=120):
syz_open_dev$dri(0x0, 0x1, 0xca000)
r0 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00')
r1 = socket(0x80000000000000a, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108)
preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000580)=""/128, 0x80}], 0x1, 0x5b, 0x0)

1.269434705s ago: executing program 0 (id=121):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6(0x10, 0x5, 0x3)
ioctl$VIDIOC_G_SELECTION(0xffffffffffffffff, 0xc040565e, 0x0)
socket$key(0xf, 0x3, 0x2)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000080)={{{@in6=@remote, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0xfffffffffffffffe}, 0x0, 0x0, 0x1, 0x0, 0x2, 0x2}, {{@in6=@remote, 0x4d5, 0x32}, 0x0, @in6=@loopback, 0x1, 0x3, 0x0, 0xb7, 0x1fb, 0xffffffff, 0xfffffff9}}, 0xe8)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r3, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc)
sendmmsg(r2, &(0x7f0000000180), 0x400000000000077, 0x7600)

0s ago: executing program 2 (id=122):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x2)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
listen(r5, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r7, &(0x7f00000000c0)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560a067fbc45ff810500000000000058000b480400945f6400947e570028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00000004fcff", 0x58}], 0x1)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.242' (ED25519) to the list of known hosts.
[  100.399100][ T5841] cgroup: Unknown subsys name 'net'
[  100.545071][ T5841] cgroup: Unknown subsys name 'cpuset'
[  100.555326][ T5841] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  101.421878][   T44] cfg80211: failed to load regulatory.db
[  102.237077][ T5841] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  105.250992][ T5867] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  105.258785][ T5867] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  105.266350][ T5863] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  105.275948][ T5867] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  105.276361][ T5872] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  105.283859][ T5867] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  105.291255][ T5872] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  105.303208][ T5867] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  105.305504][ T5872] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  105.312204][ T5867] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  105.326968][ T5872] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  105.334873][ T5871] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  105.343156][ T5872] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  105.355194][ T5872] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  105.364981][ T5872] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  105.426206][   T51] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  105.434033][ T5863] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  105.443608][   T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  105.451089][ T5862] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  105.458625][ T5862] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  105.466746][ T5862] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  105.474528][   T51] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  105.483275][ T5862] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  105.491653][ T5175] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  105.501808][ T5881] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  105.518045][ T5881] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  105.530269][ T5881] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  105.549979][ T5867] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  105.568900][ T5881] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  105.579685][ T5881] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  106.162436][ T5859] chnl_net:caif_netlink_parms(): no params data found
[  106.221379][ T5860] chnl_net:caif_netlink_parms(): no params data found
[  106.558321][ T5860] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.565793][ T5860] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.575391][ T5860] bridge_slave_0: entered allmulticast mode
[  106.583262][ T5860] bridge_slave_0: entered promiscuous mode
[  106.646196][ T5864] chnl_net:caif_netlink_parms(): no params data found
[  106.660666][ T5860] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.667821][ T5860] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.676103][ T5860] bridge_slave_1: entered allmulticast mode
[  106.684597][ T5860] bridge_slave_1: entered promiscuous mode
[  106.789718][ T5859] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.797121][ T5859] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.804439][ T5859] bridge_slave_0: entered allmulticast mode
[  106.811995][ T5859] bridge_slave_0: entered promiscuous mode
[  106.871960][ T5858] chnl_net:caif_netlink_parms(): no params data found
[  106.889097][ T5860] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  106.898471][ T5859] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.907833][ T5859] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.915484][ T5859] bridge_slave_1: entered allmulticast mode
[  106.923125][ T5859] bridge_slave_1: entered promiscuous mode
[  106.991708][ T5860] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  107.123517][ T5877] chnl_net:caif_netlink_parms(): no params data found
[  107.166807][ T5860] team0: Port device team_slave_0 added
[  107.175966][ T5859] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  107.190406][ T5859] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  107.207347][ T5868] chnl_net:caif_netlink_parms(): no params data found
[  107.219301][ T5864] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.226885][ T5864] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.234135][ T5864] bridge_slave_0: entered allmulticast mode
[  107.242388][ T5864] bridge_slave_0: entered promiscuous mode
[  107.258236][ T5860] team0: Port device team_slave_1 added
[  107.329366][ T5864] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.337083][ T5864] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.345041][ T5864] bridge_slave_1: entered allmulticast mode
[  107.353232][ T5864] bridge_slave_1: entered promiscuous mode
[  107.414236][ T5859] team0: Port device team_slave_0 added
[  107.420907][ T5872] Bluetooth: hci1: command tx timeout
[  107.499702][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_0
[  107.507097][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.533612][ T5860] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  107.555086][ T5859] team0: Port device team_slave_1 added
[  107.580246][ T5872] Bluetooth: hci3: command tx timeout
[  107.580258][ T5867] Bluetooth: hci0: command tx timeout
[  107.587087][ T5864] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  107.600670][ T5872] Bluetooth: hci2: command tx timeout
[  107.606855][ T5858] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.614208][ T5858] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.621495][ T5858] bridge_slave_0: entered allmulticast mode
[  107.629033][ T5858] bridge_slave_0: entered promiscuous mode
[  107.637257][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_1
[  107.644516][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.670504][ T5860] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  107.680654][ T5867] Bluetooth: hci4: command tx timeout
[  107.686787][ T5872] Bluetooth: hci5: command tx timeout
[  107.723864][ T5864] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  107.733327][ T5858] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.740810][ T5858] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.748005][ T5858] bridge_slave_1: entered allmulticast mode
[  107.757304][ T5858] bridge_slave_1: entered promiscuous mode
[  107.789977][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_0
[  107.796947][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.823938][ T5859] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  107.837082][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_1
[  107.844390][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.870821][ T5859] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  108.010649][ T5864] team0: Port device team_slave_0 added
[  108.021900][ T5858] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  108.036100][ T5858] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  108.045702][ T5877] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.053587][ T5877] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.061384][ T5877] bridge_slave_0: entered allmulticast mode
[  108.069095][ T5877] bridge_slave_0: entered promiscuous mode
[  108.078134][ T5877] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.085349][ T5877] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.092573][ T5877] bridge_slave_1: entered allmulticast mode
[  108.100515][ T5877] bridge_slave_1: entered promiscuous mode
[  108.157946][ T5864] team0: Port device team_slave_1 added
[  108.235600][ T5868] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.242904][ T5868] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.250166][ T5868] bridge_slave_0: entered allmulticast mode
[  108.257731][ T5868] bridge_slave_0: entered promiscuous mode
[  108.273954][ T5860] hsr_slave_0: entered promiscuous mode
[  108.280677][ T5860] hsr_slave_1: entered promiscuous mode
[  108.305333][ T5858] team0: Port device team_slave_0 added
[  108.314635][ T5858] team0: Port device team_slave_1 added
[  108.323811][ T5877] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  108.349512][ T5868] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.356792][ T5868] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.364502][ T5868] bridge_slave_1: entered allmulticast mode
[  108.372267][ T5868] bridge_slave_1: entered promiscuous mode
[  108.432121][ T5877] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  108.447399][ T5859] hsr_slave_0: entered promiscuous mode
[  108.454608][ T5859] hsr_slave_1: entered promiscuous mode
[  108.461069][ T5859] debugfs: 'hsr0' already exists in 'hsr'
[  108.466871][ T5859] Cannot create hsr debugfs directory
[  108.513201][ T5864] batman_adv: batadv0: Adding interface: batadv_slave_0
[  108.520609][ T5864] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  108.546592][ T5864] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  108.559561][ T5864] batman_adv: batadv0: Adding interface: batadv_slave_1
[  108.566604][ T5864] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  108.592655][ T5864] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  108.673360][ T5868] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  108.694788][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_0
[  108.702204][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  108.728373][ T5858] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  108.758686][ T5877] team0: Port device team_slave_0 added
[  108.768151][ T5877] team0: Port device team_slave_1 added
[  108.794164][ T5868] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  108.820992][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_1
[  108.827953][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  108.855163][ T5858] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  108.934497][ T5868] team0: Port device team_slave_0 added
[  108.974805][ T5877] batman_adv: batadv0: Adding interface: batadv_slave_0
[  108.981818][ T5877] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.008770][ T5877] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  109.045803][ T5868] team0: Port device team_slave_1 added
[  109.076281][ T5877] batman_adv: batadv0: Adding interface: batadv_slave_1
[  109.083474][ T5877] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.110110][ T5877] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  109.209463][ T5864] hsr_slave_0: entered promiscuous mode
[  109.216021][ T5864] hsr_slave_1: entered promiscuous mode
[  109.222632][ T5864] debugfs: 'hsr0' already exists in 'hsr'
[  109.228407][ T5864] Cannot create hsr debugfs directory
[  109.258844][ T5868] batman_adv: batadv0: Adding interface: batadv_slave_0
[  109.266191][ T5868] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.292246][ T5868] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  109.373549][ T5858] hsr_slave_0: entered promiscuous mode
[  109.380281][ T5858] hsr_slave_1: entered promiscuous mode
[  109.386458][ T5858] debugfs: 'hsr0' already exists in 'hsr'
[  109.392334][ T5858] Cannot create hsr debugfs directory
[  109.406363][ T5868] batman_adv: batadv0: Adding interface: batadv_slave_1
[  109.413356][ T5868] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.439581][ T5868] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  109.505414][ T5872] Bluetooth: hci1: command tx timeout
[  109.606196][ T5877] hsr_slave_0: entered promiscuous mode
[  109.613011][ T5877] hsr_slave_1: entered promiscuous mode
[  109.619236][ T5877] debugfs: 'hsr0' already exists in 'hsr'
[  109.625816][ T5877] Cannot create hsr debugfs directory
[  109.660095][ T5872] Bluetooth: hci3: command tx timeout
[  109.660448][ T5867] Bluetooth: hci0: command tx timeout
[  109.670313][ T5872] Bluetooth: hci2: command tx timeout
[  109.740070][ T5872] Bluetooth: hci5: command tx timeout
[  109.740416][ T5867] Bluetooth: hci4: command tx timeout
[  109.844452][ T5868] hsr_slave_0: entered promiscuous mode
[  109.851408][ T5868] hsr_slave_1: entered promiscuous mode
[  109.857641][ T5868] debugfs: 'hsr0' already exists in 'hsr'
[  109.863450][ T5868] Cannot create hsr debugfs directory
[  110.075199][ T5860] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  110.089617][ T5860] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  110.102019][ T5860] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  110.164016][ T5860] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  110.373058][ T5859] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  110.406823][ T5859] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  110.439650][ T5859] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  110.452082][ T5859] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  110.542429][ T5864] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  110.555350][ T5864] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  110.566677][ T5864] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  110.585490][ T5864] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  110.697217][ T5858] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  110.716334][ T5858] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  110.740799][ T5860] 8021q: adding VLAN 0 to HW filter on device bond0
[  110.758424][ T5858] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  110.791074][ T5858] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  110.871704][ T5860] 8021q: adding VLAN 0 to HW filter on device team0
[  110.896650][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.903945][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  110.918599][   T37] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.925803][   T37] bridge0: port 2(bridge_slave_1) entered forwarding state
[  111.004328][ T5877] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  111.036156][ T5877] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  111.049794][ T5877] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  111.071804][ T5877] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  111.168894][ T5859] 8021q: adding VLAN 0 to HW filter on device bond0
[  111.232679][ T5868] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  111.246652][ T5868] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  111.287731][ T5859] 8021q: adding VLAN 0 to HW filter on device team0
[  111.304871][ T5864] 8021q: adding VLAN 0 to HW filter on device bond0
[  111.313419][ T5868] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  111.338803][ T5868] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  111.382338][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.389512][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  111.476925][ T5864] 8021q: adding VLAN 0 to HW filter on device team0
[  111.499824][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.506996][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  111.554561][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.561757][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[  111.580972][ T5867] Bluetooth: hci1: command tx timeout
[  111.616416][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.623653][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  111.668526][ T5858] 8021q: adding VLAN 0 to HW filter on device bond0
[  111.743989][ T5867] Bluetooth: hci0: command tx timeout
[  111.744093][ T5881] Bluetooth: hci3: command tx timeout
[  111.758613][ T5872] Bluetooth: hci2: command tx timeout
[  111.828150][ T5872] Bluetooth: hci5: command tx timeout
[  111.830340][ T5881] Bluetooth: hci4: command tx timeout
[  111.862270][ T5858] 8021q: adding VLAN 0 to HW filter on device team0
[  111.904957][ T5860] 8021q: adding VLAN 0 to HW filter on device batadv0
[  111.923182][ T5877] 8021q: adding VLAN 0 to HW filter on device bond0
[  111.963102][   T63] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.970308][   T63] bridge0: port 1(bridge_slave_0) entered forwarding state
[  112.001160][ T3009] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.008355][ T3009] bridge0: port 2(bridge_slave_1) entered forwarding state
[  112.147466][ T5877] 8021q: adding VLAN 0 to HW filter on device team0
[  112.179099][ T5868] 8021q: adding VLAN 0 to HW filter on device bond0
[  112.267352][ T3009] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.274533][ T3009] bridge0: port 1(bridge_slave_0) entered forwarding state
[  112.375717][ T5858] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  112.429271][ T5868] 8021q: adding VLAN 0 to HW filter on device team0
[  112.489198][ T5968] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.496368][ T5968] bridge0: port 2(bridge_slave_1) entered forwarding state
[  112.565540][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.572691][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  112.595895][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.603052][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  112.719209][ T5859] 8021q: adding VLAN 0 to HW filter on device batadv0
[  112.793733][ T5864] 8021q: adding VLAN 0 to HW filter on device batadv0
[  112.970252][ T5860] veth0_vlan: entered promiscuous mode
[  113.046773][ T5860] veth1_vlan: entered promiscuous mode
[  113.158619][ T5864] veth0_vlan: entered promiscuous mode
[  113.203380][ T5858] 8021q: adding VLAN 0 to HW filter on device batadv0
[  113.224108][ T5859] veth0_vlan: entered promiscuous mode
[  113.303803][ T5864] veth1_vlan: entered promiscuous mode
[  113.327994][ T5859] veth1_vlan: entered promiscuous mode
[  113.447210][ T5860] veth0_macvtap: entered promiscuous mode
[  113.465575][ T5877] 8021q: adding VLAN 0 to HW filter on device batadv0
[  113.493790][ T5859] veth0_macvtap: entered promiscuous mode
[  113.543629][ T5864] veth0_macvtap: entered promiscuous mode
[  113.554992][ T5860] veth1_macvtap: entered promiscuous mode
[  113.605402][ T5859] veth1_macvtap: entered promiscuous mode
[  113.619142][ T5864] veth1_macvtap: entered promiscuous mode
[  113.649193][ T5868] 8021q: adding VLAN 0 to HW filter on device batadv0
[  113.665673][ T5881] Bluetooth: hci1: command tx timeout
[  113.689827][ T5858] veth0_vlan: entered promiscuous mode
[  113.749623][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_0
[  113.773117][ T5858] veth1_vlan: entered promiscuous mode
[  113.785707][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_0
[  113.811402][ T5864] batman_adv: batadv0: Interface activated: batadv_slave_0
[  113.821083][ T5881] Bluetooth: hci0: command tx timeout
[  113.821713][ T5872] Bluetooth: hci2: command tx timeout
[  113.826494][ T5881] Bluetooth: hci3: command tx timeout
[  113.846600][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_1
[  113.877295][ T5864] batman_adv: batadv0: Interface activated: batadv_slave_1
[  113.901846][ T5881] Bluetooth: hci4: command tx timeout
[  113.908235][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_1
[  113.915938][ T5881] Bluetooth: hci5: command tx timeout
[  113.986281][ T5868] veth0_vlan: entered promiscuous mode
[  113.995994][   T36] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  114.008729][   T36] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  114.036053][   T36] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  114.067700][   T59] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  114.077914][   T59] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  114.104099][   T59] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  114.113938][   T12] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  114.128548][ T5868] veth1_vlan: entered promiscuous mode
[  114.147362][   T12] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  114.156321][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  114.177433][ T5858] veth0_macvtap: entered promiscuous mode
[  114.195324][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  114.204301][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  114.221350][ T5858] veth1_macvtap: entered promiscuous mode
[  114.236731][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  114.402296][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_0
[  114.418540][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.435814][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.451039][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_1
[  114.459367][ T5877] veth0_vlan: entered promiscuous mode
[  114.479237][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.495636][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.528227][ T5877] veth1_vlan: entered promiscuous mode
[  114.549445][ T5868] veth0_macvtap: entered promiscuous mode
[  114.566547][   T36] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  114.575496][   T36] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  114.614108][   T36] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  114.628743][   T36] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  114.648111][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.670679][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.677411][ T5868] veth1_macvtap: entered promiscuous mode
[  114.748969][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.765011][ T5877] veth0_macvtap: entered promiscuous mode
[  114.766320][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.793118][ T5877] veth1_macvtap: entered promiscuous mode
[  114.833802][ T5968] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.853133][ T5968] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.932403][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.949390][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.972013][ T5868] batman_adv: batadv0: Interface activated: batadv_slave_0
[  115.007920][ T5877] batman_adv: batadv0: Interface activated: batadv_slave_0
[  115.023106][ T5864] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  115.039244][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.050062][ T5868] batman_adv: batadv0: Interface activated: batadv_slave_1
[  115.067531][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.089237][ T5877] batman_adv: batadv0: Interface activated: batadv_slave_1
[  115.189563][   T59] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  115.212206][   T59] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  115.234213][   T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  115.284847][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.314768][ T6001] loop0: detected capacity change from 0 to 8
[  115.322621][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.329677][   T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  115.358428][ T6001] MTD: Attempt to mount non-MTD device "/dev/loop0"
[  115.371293][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  115.804771][ T6006] process 'syz.0.1' launched './file2' with NULL argv: empty string added
[  115.813937][ T6006] cramfs: Error -3 while decompressing!
[  115.819606][ T6006] cramfs: ffffffff9af1ed28(26)->ffff88806b11f000(4096)
[  115.826602][ T6006] cramfs: Error -3 while decompressing!
[  115.832325][ T6006] cramfs: ffffffff9af1ed42(26)->ffff88806b120000(4096)
[  115.839210][ T6006] cramfs: Error -3 while decompressing!
[  115.843151][ T6002] @: renamed from vlan0 (while UP)
[  115.844820][ T6006] cramfs: ffffffff9af1ed5c(16)->ffff88806b121000(4096)
[  115.856769][ T6006] cramfs: Error -3 while decompressing!
[  115.862384][ T6006] cramfs: ffffffff9af1ed28(26)->ffff88806b11f000(4096)
[  115.970278][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  115.970339][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  116.092174][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  116.422733][ T5882] udevd[5882]: incorrect cramfs checksum on /dev/loop0
[  116.504720][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  116.534181][   T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  116.680465][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  116.810093][    T0] NOHZ tick-stop error: local softirq work is pending, handler #102!!!
[  116.818528][    T0] NOHZ tick-stop error: local softirq work is pending, handler #102!!!
[  117.101331][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  117.109535][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  117.119114][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  117.219657][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[  117.903447][   T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  118.693425][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.668671][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.054418][ T6036] loop5: detected capacity change from 0 to 2048
[  120.130373][ T6036] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  120.377377][ T6008] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.408977][ T6008] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.480119][ T6042] sctp: [Deprecated]: syz.3.13 (pid 6042) Use of struct sctp_assoc_value in delayed_ack socket option.
[  121.480119][ T6042] Use struct sctp_sack_info instead
[  122.453514][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.377698][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.741724][ T6050] tipc: Started in network mode
[  123.746692][ T6050] tipc: Node identity ac1414aa, cluster identity 4711
[  123.995152][ T6050] tipc: Enabled bearer <udp:syz2>, priority 10
[  124.010587][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  124.816402][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  125.140168][    T9] tipc: Node number set to 2886997162
[  126.132519][ T6062] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  132.318242][   T30] audit: type=1326 audit(1754408709.767:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6099 comm="syz.4.28" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc6fa38eb69 code=0x0
[  134.344295][ T6108] binder: 6107:6108 ioctl c0306201 200000000680 returned -14
[  134.448702][ T6111] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  140.500404][ T5962] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  140.956307][ T6162] =======================================================
[  140.956307][ T6162] WARNING: The mand mount option has been deprecated and
[  140.956307][ T6162]          and is ignored by this kernel. Remove the mand
[  140.956307][ T6162]          option from the mount to silence this warning.
[  140.956307][ T6162] =======================================================
[  142.543837][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  142.566276][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  142.740351][ T5962] usb 2-1: device descriptor read/all, error -71
[  143.199305][ T6183] loop4: detected capacity change from 0 to 32768
[  143.207026][ T6183] XFS: ikeep mount option is deprecated.
[  143.714636][ T6183] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  147.058646][ T6183] XFS (loop4): Ending clean mount
[  147.070628][ T6183] XFS (loop4): Quotacheck needed: Please wait.
[  147.918479][ T6183] XFS (loop4): Quotacheck: Done.
[  148.778764][ T5877] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  152.054219][ T6237] loop4: detected capacity change from 0 to 512
[  152.093471][ T6237] EXT4-fs: Ignoring removed orlov option
[  152.236038][ T6237] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  152.723445][ T6241] loop0: detected capacity change from 0 to 4096
[  152.743301][ T6237] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002]
[  152.910322][ T6237] EXT4-fs error (device loop4): ext4_iget_extra_inode:5103: inode #15: comm syz.4.57: corrupted in-inode xattr: e_value size too large
[  152.991868][ T6237] EXT4-fs error (device loop4): ext4_orphan_get:1395: comm syz.4.57: couldn't read orphan inode 15 (err -117)
[  153.149375][ T6237] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  155.062633][ T5877] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  155.320495][ T5872] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  155.329633][ T5872] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  155.341212][ T5872] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  155.349453][ T5872] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  155.357783][ T5872] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  155.825908][ T6263] netlink: 52 bytes leftover after parsing attributes in process `syz.3.64'.
[  156.547118][ T5872] Bluetooth: hci4: command 0x0405 tx timeout
[  157.431174][ T5881] Bluetooth: hci6: command tx timeout
[  159.071372][ T6255] chnl_net:caif_netlink_parms(): no params data found
[  159.972890][ T5881] Bluetooth: hci6: command tx timeout
[  161.600357][   T63] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  161.980420][ T5881] Bluetooth: hci6: command tx timeout
[  165.111712][ T5881] Bluetooth: hci6: command tx timeout
[  165.525936][ T6323] loop1: detected capacity change from 0 to 16
[  165.902728][ T6323] erofs (device loop1): EXPERIMENTAL EROFS subpage compressed block support in use. Use at your own risk!
[  165.917816][ T6323] erofs (device loop1): mounted with root inode @ nid 36.
[  165.943810][ T6323] syz.1.78: attempt to access beyond end of device
[  165.943810][ T6323] loop1: rw=0, sector=1152, nr_sectors = 257 limit=16
[  165.963004][ T6323] erofs (device loop1): read error -5 @ 0 of nid 36
[  166.207415][ T6322] loop3: detected capacity change from 0 to 512
[  166.446052][ T6322] EXT4-fs: Ignoring removed nomblk_io_submit option
[  166.458325][ T6322] EXT4-fs: Ignoring removed nomblk_io_submit option
[  166.465358][   T63] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  166.622327][ T6322] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  166.910880][ T6322] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[  166.942430][ T6322] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -2
[  167.065986][ T6322] EXT4-fs (loop3): 1 truncate cleaned up
[  167.161745][ T6322] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  167.306062][ T6322] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #2: block 4: comm syz.3.80: lblock 0 mapped to illegal pblock 4 (length 1)
[  167.412849][ T6322] EXT4-fs (loop3): Remounting filesystem read-only
[  167.420411][ T6328] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters
[  167.463088][ T6322] ext3: Unknown parameter '·[^Žœ6(Ÿ›áÛB‚xÀÁ‹ïƒ'Ótü±`Å•¸Å›É.0 q¡ã((+”Qjò¨;¼Ý)¥²E‚ò ßYÎéÔZ�À麿ґLI/Xã$u¯å;°²Va¬R&éFöχڱ&
òËUW?¬}H¦G¤ï8ãü©#wÿÝ›_;·[­+@m�VV´î¡z~/T˜U™½°—“‹1Qõ§Ã’AÈŒ&4Ï4%3ˆ5¨é—[vÝàâuóR/ö¾@ †Že�º#ï¨î´pö1ÊZ.^53c íìÿ„Fs3'
[  167.589556][ T6335] netlink: 76 bytes leftover after parsing attributes in process `syz.1.81'.
[  167.760871][   T63] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  167.818512][ T6322] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000.
[  168.367954][ T6340] netlink: 'syz.0.82': attribute type 2 has an invalid length.
[  168.511583][ T5864] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.195269][   T63] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  169.740680][ T6255] bridge0: port 1(bridge_slave_0) entered blocking state
[  169.747816][ T6255] bridge0: port 1(bridge_slave_0) entered disabled state
[  169.820398][ T6255] bridge_slave_0: entered allmulticast mode
[  169.832410][ T6255] bridge_slave_0: entered promiscuous mode
[  169.853069][ T6255] bridge0: port 2(bridge_slave_1) entered blocking state
[  170.896333][ T6255] bridge0: port 2(bridge_slave_1) entered disabled state
[  170.909615][ T6255] bridge_slave_1: entered allmulticast mode
[  170.935072][ T6255] bridge_slave_1: entered promiscuous mode
[  172.632454][ T6255] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  173.014207][ T6255] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  175.063987][ T6255] team0: Port device team_slave_0 added
[  175.859705][ T6255] team0: Port device team_slave_1 added
[  179.412679][    T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  179.422697][ T6255] batman_adv: batadv0: Adding interface: batadv_slave_0
[  179.473332][ T6255] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  179.551465][ T6255] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  179.578137][ T6255] batman_adv: batadv0: Adding interface: batadv_slave_1
[  179.591034][ T6255] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  179.594841][    T9] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  179.623647][ T6255] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  180.056443][   T63] bridge_slave_1: left allmulticast mode
[  180.140906][   T63] bridge_slave_1: left promiscuous mode
[  180.188558][   T63] bridge0: port 2(bridge_slave_1) entered disabled state
[  180.221748][    T9] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  180.232133][    T9] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  180.241974][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  180.266599][    T9] usb 2-1: can't set config #27, error -71
[  180.283598][    T9] usb 2-1: USB disconnect, device number 4
[  181.568827][   T63] bridge_slave_0: left allmulticast mode
[  181.638650][   T63] bridge_slave_0: left promiscuous mode
[  181.658923][   T63] bridge0: port 1(bridge_slave_0) entered disabled state
[  187.017688][   T30] audit: type=1326 audit(1754408764.457:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6439 comm="syz.4.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6fa38eb69 code=0x7fc00000
[  187.397733][ T6461] loop3: detected capacity change from 0 to 32768
[  192.227772][ T6489] atomic_op ffff888028450998 conn xmit_atomic 0000000000000000
[  192.307935][ T5880] IPVS: starting estimator thread 0...
[  193.070092][ T6490] IPVS: using max 21 ests per chain, 50400 per kthread
[  194.653893][ T6503] ==================================================================
[  194.662002][ T6503] BUG: KASAN: slab-use-after-free in xfrm_state_find+0x7401/0x84c0
[  194.669909][ T6503] Read of size 1 at addr ffff8880280c0330 by task syz.0.121/6503
[  194.677634][ T6503] 
[  194.679956][ T6503] CPU: 0 UID: 0 PID: 6503 Comm: syz.0.121 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) 
[  194.679997][ T6503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  194.680017][ T6503] Call Trace:
[  194.680029][ T6503]  <TASK>
[  194.680041][ T6503]  dump_stack_lvl+0x116/0x1f0
[  194.680079][ T6503]  print_report+0xcd/0x630
[  194.680108][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  194.680149][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  194.680187][ T6503]  ? __phys_addr+0xe8/0x180
[  194.680233][ T6503]  ? xfrm_state_find+0x7401/0x84c0
[  194.680265][ T6503]  kasan_report+0xe0/0x110
[  194.680295][ T6503]  ? xfrm_state_find+0x7401/0x84c0
[  194.680333][ T6503]  xfrm_state_find+0x7401/0x84c0
[  194.680364][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  194.680409][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  194.680456][ T6503]  ? __pfx_xfrm_state_find+0x10/0x10
[  194.680488][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  194.680529][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  194.680568][ T6503]  ? rcu_is_watching+0x12/0xc0
[  194.680627][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  194.680666][ T6503]  ? trace_sched_exit_tp+0xd1/0x120
[  194.680715][ T6503]  xfrm_resolve_and_create_bundle+0x4cd/0x3740
[  194.680767][ T6503]  ? srso_alias_return_thunk+0xf4/0xfbef5
[  194.680810][ T6503]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[  194.680851][ T6503]  ? rcu_is_watching+0x12/0xc0
[  194.680891][ T6503]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  194.680945][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  194.680984][ T6503]  ? lockdep_hardirqs_on+0x7c/0x110
[  194.681017][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  194.681056][ T6503]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  194.681109][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  194.681148][ T6503]  ? rcu_preempt_deferred_qs_irqrestore+0x500/0xbc0
[  194.681207][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  194.681249][ T6503]  ? __rcu_read_unlock+0x2bc/0x620
[  194.681291][ T6503]  ? rcu_is_watching+0x12/0xc0
[  194.681331][ T6503]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  194.681384][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  194.681423][ T6503]  ? xfrm_expand_policies.constprop.0+0x252/0x6a0
[  194.681470][ T6503]  xfrm_lookup_with_ifid+0x2a0/0x1e40
[  194.681513][ T6503]  ? __entry_text_end+0xfdfb7/0x1020b9
[  194.681553][ T6503]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[  194.681609][ T6503]  ? __rcu_read_unlock+0x2bc/0x620
[  194.681642][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  194.681681][ T6503]  ? ip_route_output_key_hash+0x16b/0x2e0
[  194.681742][ T6503]  xfrm_lookup_route+0x3b/0x200
[  194.681784][ T6503]  ip_route_output_flow+0x11e/0x150
[  194.681836][ T6503]  udp_sendmsg+0x1af9/0x2870
[  194.681877][ T6503]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  194.681917][ T6503]  ? __pfx_udp_sendmsg+0x10/0x10
[  194.681954][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  194.682000][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  194.682043][ T6503]  ? __lock_acquire+0xb97/0x1ce0
[  194.682097][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  194.682136][ T6503]  ? aa_sk_perm+0x2f4/0xb10
[  194.682177][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  194.682219][ T6503]  ? __pfx_udp_sendmsg+0x10/0x10
[  194.682258][ T6503]  inet_sendmsg+0x105/0x140
[  194.682306][ T6503]  ____sys_sendmsg+0x973/0xc70
[  194.682350][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  194.682389][ T6503]  ? copy_msghdr_from_user+0x10a/0x160
[  194.682422][ T6503]  ? __pfx_____sys_sendmsg+0x10/0x10
[  194.682467][ T6503]  ? find_held_lock+0x2b/0x80
[  194.682507][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  194.682550][ T6503]  ___sys_sendmsg+0x134/0x1d0
[  194.682595][ T6503]  ? __pfx____sys_sendmsg+0x10/0x10
[  194.682637][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  194.682676][ T6503]  ? find_held_lock+0x2b/0x80
[  194.682728][ T6503]  __sys_sendmmsg+0x200/0x420
[  194.682763][ T6503]  ? __pfx___sys_sendmmsg+0x10/0x10
[  194.682803][ T6503]  ? __pfx_do_futex+0x10/0x10
[  194.682854][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  194.682904][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  194.682943][ T6503]  ? xfd_validate_state+0x61/0x180
[  194.682995][ T6503]  ? __sys_setsockopt+0x1c0/0x230
[  194.683028][ T6503]  __x64_sys_sendmmsg+0x9c/0x100
[  194.683061][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  194.683099][ T6503]  ? lockdep_hardirqs_on+0x7c/0x110
[  194.683133][ T6503]  do_syscall_64+0xcd/0x4c0
[  194.683171][ T6503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  194.683204][ T6503] RIP: 0033:0x7f8debf8eb69
[  194.683228][ T6503] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  194.683259][ T6503] RSP: 002b:00007f8de9db4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  194.683290][ T6503] RAX: ffffffffffffffda RBX: 00007f8dec1b6160 RCX: 00007f8debf8eb69
[  194.683312][ T6503] RDX: 0400000000000077 RSI: 0000200000000180 RDI: 0000000000000006
[  194.683333][ T6503] RBP: 00007f8dec011df1 R08: 0000000000000000 R09: 0000000000000000
[  194.683353][ T6503] R10: 0000000000007600 R11: 0000000000000246 R12: 0000000000000000
[  194.683373][ T6503] R13: 0000000000000000 R14: 00007f8dec1b6160 R15: 00007ffd3651e048
[  194.683405][ T6503]  </TASK>
[  194.683416][ T6503] 
[  195.184783][ T6503] Allocated by task 6222:
[  195.189100][ T6503]  kasan_save_stack+0x33/0x60
[  195.193799][ T6503]  kasan_save_track+0x14/0x30
[  195.198501][ T6503]  __kasan_slab_alloc+0x89/0x90
[  195.203380][ T6503]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[  195.208862][ T6503]  xfrm_state_alloc+0x23/0x5c0
[  195.213640][ T6503]  __find_acq_core+0xb59/0x2900
[  195.218488][ T6503]  xfrm_find_acq+0x7b/0xa0
[  195.222904][ T6503]  pfkey_getspi+0xa62/0xeb0
[  195.227419][ T6503]  pfkey_process+0x6dc/0x840
[  195.232014][ T6503]  pfkey_sendmsg+0x435/0x850
[  195.236621][ T6503]  ____sys_sendmsg+0xa98/0xc70
[  195.241397][ T6503]  ___sys_sendmsg+0x134/0x1d0
[  195.246076][ T6503]  __sys_sendmsg+0x16d/0x220
[  195.250670][ T6503]  do_syscall_64+0xcd/0x4c0
[  195.255184][ T6503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  195.261081][ T6503] 
[  195.263391][ T6503] Freed by task 5943:
[  195.267357][ T6503]  kasan_save_stack+0x33/0x60
[  195.272060][ T6503]  kasan_save_track+0x14/0x30
[  195.276755][ T6503]  kasan_save_free_info+0x3b/0x60
[  195.281785][ T6503]  __kasan_slab_free+0x51/0x70
[  195.286570][ T6503]  kmem_cache_free+0x2d1/0x4d0
[  195.291352][ T6503]  xfrm_state_gc_task+0x50a/0x770
[  195.296376][ T6503]  process_one_work+0x9cf/0x1b70
[  195.301317][ T6503]  worker_thread+0x6c8/0xf10
[  195.305911][ T6503]  kthread+0x3c5/0x780
[  195.309976][ T6503]  ret_from_fork+0x5d7/0x6f0
[  195.314564][ T6503]  ret_from_fork_asm+0x1a/0x30
[  195.319338][ T6503] 
[  195.321655][ T6503] The buggy address belongs to the object at ffff8880280c0000
[  195.321655][ T6503]  which belongs to the cache xfrm_state of size 928
[  195.335624][ T6503] The buggy address is located 816 bytes inside of
[  195.335624][ T6503]  freed 928-byte region [ffff8880280c0000, ffff8880280c03a0)
[  195.349434][ T6503] 
[  195.351758][ T6503] The buggy address belongs to the physical page:
[  195.358165][ T6503] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x280c0
[  195.366935][ T6503] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  195.375434][ T6503] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  195.382978][ T6503] page_type: f5(slab)
[  195.386961][ T6503] raw: 00fff00000000040 ffff888145e883c0 dead000000000122 0000000000000000
[  195.395548][ T6503] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[  195.404137][ T6503] head: 00fff00000000040 ffff888145e883c0 dead000000000122 0000000000000000
[  195.412814][ T6503] head: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[  195.421488][ T6503] head: 00fff00000000002 ffffea0000a03001 00000000ffffffff 00000000ffffffff
[  195.430164][ T6503] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  195.438827][ T6503] page dumped because: kasan: bad access detected
[  195.445232][ T6503] page_owner tracks the page as allocated
[  195.450936][ T6503] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6222, tgid 6219 (syz.0.53), ts 149415408527, free_ts 149336029428
[  195.470060][ T6503]  post_alloc_hook+0x1c0/0x230
[  195.474849][ T6503]  get_page_from_freelist+0x132b/0x38e0
[  195.480412][ T6503]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  195.486327][ T6503]  alloc_pages_mpol+0x1fb/0x550
[  195.491176][ T6503]  new_slab+0x247/0x330
[  195.495340][ T6503]  ___slab_alloc+0xcf2/0x1740
[  195.500025][ T6503]  __slab_alloc.constprop.0+0x56/0xb0
[  195.505422][ T6503]  kmem_cache_alloc_noprof+0xef/0x3b0
[  195.510819][ T6503]  xfrm_state_alloc+0x23/0x5c0
[  195.515603][ T6503]  __find_acq_core+0xb59/0x2900
[  195.520451][ T6503]  xfrm_find_acq+0x7b/0xa0
[  195.524870][ T6503]  pfkey_getspi+0xa62/0xeb0
[  195.529377][ T6503]  pfkey_process+0x6dc/0x840
[  195.533969][ T6503]  pfkey_sendmsg+0x435/0x850
[  195.538561][ T6503]  ____sys_sendmsg+0xa98/0xc70
[  195.543345][ T6503]  ___sys_sendmsg+0x134/0x1d0
[  195.548021][ T6503] page last free pid 6222 tgid 6219 stack trace:
[  195.554368][ T6503]  __free_frozen_pages+0x7d5/0x10f0
[  195.559589][ T6503]  qlist_free_all+0x4d/0x120
[  195.564209][ T6503]  kasan_quarantine_reduce+0x195/0x1e0
[  195.569688][ T6503]  __kasan_slab_alloc+0x69/0x90
[  195.574558][ T6503]  __kmalloc_cache_noprof+0x1f1/0x3e0
[  195.579956][ T6503]  bpf_int_jit_compile+0x12bc/0x1830
[  195.585253][ T6503]  bpf_prog_select_runtime+0x32a/0x4c0
[  195.590719][ T6503]  bpf_prog_load+0xe75/0x2490
[  195.595397][ T6503]  __sys_bpf+0x4a3f/0x4de0
[  195.599814][ T6503]  __x64_sys_bpf+0x78/0xc0
[  195.604231][ T6503]  do_syscall_64+0xcd/0x4c0
[  195.608736][ T6503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  195.614627][ T6503] 
[  195.616935][ T6503] Memory state around the buggy address:
[  195.622550][ T6503]  ffff8880280c0200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  195.630607][ T6503]  ffff8880280c0280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  195.638660][ T6503] >ffff8880280c0300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  195.646706][ T6503]                                      ^
[  195.652326][ T6503]  ffff8880280c0380: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[  195.660381][ T6503]  ffff8880280c0400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  195.668429][ T6503] ==================================================================
[  196.027567][ T6503] Disabling lock debugging due to kernel taint
[  196.038561][ T6503] ==================================================================
[  196.046663][ T6503] BUG: KASAN: slab-use-after-free in xfrm_state_find+0x73e6/0x84c0
[  196.054573][ T6503] Read of size 2 at addr ffff8880280c0142 by task syz.0.121/6503
[  196.062295][ T6503] 
[  196.064625][ T6503] CPU: 0 UID: 0 PID: 6503 Comm: syz.0.121 Tainted: G    B               6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) 
[  196.064674][ T6503] Tainted: [B]=BAD_PAGE
[  196.064685][ T6503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  196.064704][ T6503] Call Trace:
[  196.064716][ T6503]  <TASK>
[  196.064728][ T6503]  dump_stack_lvl+0x116/0x1f0
[  196.064766][ T6503]  print_report+0xcd/0x630
[  196.064795][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  196.064836][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  196.064875][ T6503]  ? __phys_addr+0xe8/0x180
[  196.064921][ T6503]  ? xfrm_state_find+0x73e6/0x84c0
[  196.064953][ T6503]  kasan_report+0xe0/0x110
[  196.064983][ T6503]  ? xfrm_state_find+0x73e6/0x84c0
[  196.065020][ T6503]  xfrm_state_find+0x73e6/0x84c0
[  196.065052][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  196.065096][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  196.065142][ T6503]  ? __pfx_xfrm_state_find+0x10/0x10
[  196.065175][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  196.065215][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  196.065254][ T6503]  ? rcu_is_watching+0x12/0xc0
[  196.065295][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  196.065333][ T6503]  ? trace_sched_exit_tp+0xd1/0x120
[  196.065382][ T6503]  xfrm_resolve_and_create_bundle+0x4cd/0x3740
[  196.065432][ T6503]  ? srso_alias_return_thunk+0xf4/0xfbef5
[  196.065475][ T6503]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[  196.065515][ T6503]  ? rcu_is_watching+0x12/0xc0
[  196.065555][ T6503]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  196.065614][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  196.065652][ T6503]  ? lockdep_hardirqs_on+0x7c/0x110
[  196.065686][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  196.065724][ T6503]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  196.065779][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  196.065817][ T6503]  ? rcu_preempt_deferred_qs_irqrestore+0x500/0xbc0
[  196.065877][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  196.065918][ T6503]  ? __rcu_read_unlock+0x2bc/0x620
[  196.065959][ T6503]  ? rcu_is_watching+0x12/0xc0
[  196.065999][ T6503]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  196.066052][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  196.066091][ T6503]  ? xfrm_expand_policies.constprop.0+0x252/0x6a0
[  196.066137][ T6503]  xfrm_lookup_with_ifid+0x2a0/0x1e40
[  196.066181][ T6503]  ? __entry_text_end+0xfdfb7/0x1020b9
[  196.066223][ T6503]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[  196.066268][ T6503]  ? __rcu_read_unlock+0x2bc/0x620
[  196.066303][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  196.066346][ T6503]  ? ip_route_output_key_hash+0x16b/0x2e0
[  196.066411][ T6503]  xfrm_lookup_route+0x3b/0x200
[  196.066456][ T6503]  ip_route_output_flow+0x11e/0x150
[  196.066513][ T6503]  udp_sendmsg+0x1af9/0x2870
[  196.066557][ T6503]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  196.066601][ T6503]  ? __pfx_udp_sendmsg+0x10/0x10
[  196.066647][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  196.066698][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  196.066744][ T6503]  ? __lock_acquire+0xb97/0x1ce0
[  196.066804][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  196.066847][ T6503]  ? aa_sk_perm+0x2f4/0xb10
[  196.066892][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  196.066938][ T6503]  ? __pfx_udp_sendmsg+0x10/0x10
[  196.066981][ T6503]  inet_sendmsg+0x105/0x140
[  196.067034][ T6503]  ____sys_sendmsg+0x973/0xc70
[  196.067082][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  196.067125][ T6503]  ? copy_msghdr_from_user+0x10a/0x160
[  196.067161][ T6503]  ? __pfx_____sys_sendmsg+0x10/0x10
[  196.067209][ T6503]  ? find_held_lock+0x2b/0x80
[  196.067252][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  196.067299][ T6503]  ___sys_sendmsg+0x134/0x1d0
[  196.067336][ T6503]  ? __pfx____sys_sendmsg+0x10/0x10
[  196.067381][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  196.067425][ T6503]  ? find_held_lock+0x2b/0x80
[  196.067481][ T6503]  __sys_sendmmsg+0x200/0x420
[  196.067520][ T6503]  ? __pfx___sys_sendmmsg+0x10/0x10
[  196.067563][ T6503]  ? __pfx_do_futex+0x10/0x10
[  196.067627][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  196.067682][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  196.067725][ T6503]  ? xfd_validate_state+0x61/0x180
[  196.067783][ T6503]  ? __sys_setsockopt+0x1c0/0x230
[  196.067819][ T6503]  __x64_sys_sendmmsg+0x9c/0x100
[  196.067855][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  196.067899][ T6503]  ? lockdep_hardirqs_on+0x7c/0x110
[  196.067937][ T6503]  do_syscall_64+0xcd/0x4c0
[  196.067978][ T6503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  196.068014][ T6503] RIP: 0033:0x7f8debf8eb69
[  196.068041][ T6503] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  196.068076][ T6503] RSP: 002b:00007f8de9db4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  196.068109][ T6503] RAX: ffffffffffffffda RBX: 00007f8dec1b6160 RCX: 00007f8debf8eb69
[  196.068134][ T6503] RDX: 0400000000000077 RSI: 0000200000000180 RDI: 0000000000000006
[  196.068155][ T6503] RBP: 00007f8dec011df1 R08: 0000000000000000 R09: 0000000000000000
[  196.068175][ T6503] R10: 0000000000007600 R11: 0000000000000246 R12: 0000000000000000
[  196.068195][ T6503] R13: 0000000000000000 R14: 00007f8dec1b6160 R15: 00007ffd3651e048
[  196.068225][ T6503]  </TASK>
[  196.068236][ T6503] 
[  196.574511][ T6503] Allocated by task 6222:
[  196.578830][ T6503]  kasan_save_stack+0x33/0x60
[  196.583542][ T6503]  kasan_save_track+0x14/0x30
[  196.588241][ T6503]  __kasan_slab_alloc+0x89/0x90
[  196.593108][ T6503]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[  196.598585][ T6503]  xfrm_state_alloc+0x23/0x5c0
[  196.603365][ T6503]  __find_acq_core+0xb59/0x2900
[  196.608212][ T6503]  xfrm_find_acq+0x7b/0xa0
[  196.612632][ T6503]  pfkey_getspi+0xa62/0xeb0
[  196.617141][ T6503]  pfkey_process+0x6dc/0x840
[  196.621737][ T6503]  pfkey_sendmsg+0x435/0x850
[  196.626326][ T6503]  ____sys_sendmsg+0xa98/0xc70
[  196.631097][ T6503]  ___sys_sendmsg+0x134/0x1d0
[  196.635769][ T6503]  __sys_sendmsg+0x16d/0x220
[  196.640354][ T6503]  do_syscall_64+0xcd/0x4c0
[  196.644858][ T6503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  196.650750][ T6503] 
[  196.653058][ T6503] Freed by task 5943:
[  196.657021][ T6503]  kasan_save_stack+0x33/0x60
[  196.661713][ T6503]  kasan_save_track+0x14/0x30
[  196.666405][ T6503]  kasan_save_free_info+0x3b/0x60
[  196.671527][ T6503]  __kasan_slab_free+0x51/0x70
[  196.676311][ T6503]  kmem_cache_free+0x2d1/0x4d0
[  196.681087][ T6503]  xfrm_state_gc_task+0x50a/0x770
[  196.686120][ T6503]  process_one_work+0x9cf/0x1b70
[  196.691060][ T6503]  worker_thread+0x6c8/0xf10
[  196.695655][ T6503]  kthread+0x3c5/0x780
[  196.699720][ T6503]  ret_from_fork+0x5d7/0x6f0
[  196.704311][ T6503]  ret_from_fork_asm+0x1a/0x30
[  196.709080][ T6503] 
[  196.711387][ T6503] The buggy address belongs to the object at ffff8880280c0000
[  196.711387][ T6503]  which belongs to the cache xfrm_state of size 928
[  196.725345][ T6503] The buggy address is located 322 bytes inside of
[  196.725345][ T6503]  freed 928-byte region [ffff8880280c0000, ffff8880280c03a0)
[  196.739138][ T6503] 
[  196.741445][ T6503] The buggy address belongs to the physical page:
[  196.747930][ T6503] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x280c0
[  196.756683][ T6503] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  196.765175][ T6503] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  196.772711][ T6503] page_type: f5(slab)
[  196.776690][ T6503] raw: 00fff00000000040 ffff888145e883c0 dead000000000122 0000000000000000
[  196.785271][ T6503] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[  196.793856][ T6503] head: 00fff00000000040 ffff888145e883c0 dead000000000122 0000000000000000
[  196.802551][ T6503] head: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[  196.811219][ T6503] head: 00fff00000000002 ffffea0000a03001 00000000ffffffff 00000000ffffffff
[  196.819890][ T6503] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  196.828553][ T6503] page dumped because: kasan: bad access detected
[  196.834954][ T6503] page_owner tracks the page as allocated
[  196.840665][ T6503] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6222, tgid 6219 (syz.0.53), ts 149415408527, free_ts 149336029428
[  196.859802][ T6503]  post_alloc_hook+0x1c0/0x230
[  196.864601][ T6503]  get_page_from_freelist+0x132b/0x38e0
[  196.870171][ T6503]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  196.876083][ T6503]  alloc_pages_mpol+0x1fb/0x550
[  196.880933][ T6503]  new_slab+0x247/0x330
[  196.885098][ T6503]  ___slab_alloc+0xcf2/0x1740
[  196.889786][ T6503]  __slab_alloc.constprop.0+0x56/0xb0
[  196.895182][ T6503]  kmem_cache_alloc_noprof+0xef/0x3b0
[  196.900574][ T6503]  xfrm_state_alloc+0x23/0x5c0
[  196.905362][ T6503]  __find_acq_core+0xb59/0x2900
[  196.910216][ T6503]  xfrm_find_acq+0x7b/0xa0
[  196.914631][ T6503]  pfkey_getspi+0xa62/0xeb0
[  196.919140][ T6503]  pfkey_process+0x6dc/0x840
[  196.923736][ T6503]  pfkey_sendmsg+0x435/0x850
[  196.928327][ T6503]  ____sys_sendmsg+0xa98/0xc70
[  196.933101][ T6503]  ___sys_sendmsg+0x134/0x1d0
[  196.937776][ T6503] page last free pid 6222 tgid 6219 stack trace:
[  196.944089][ T6503]  __free_frozen_pages+0x7d5/0x10f0
[  196.949311][ T6503]  qlist_free_all+0x4d/0x120
[  196.953944][ T6503]  kasan_quarantine_reduce+0x195/0x1e0
[  196.959420][ T6503]  __kasan_slab_alloc+0x69/0x90
[  196.964289][ T6503]  __kmalloc_cache_noprof+0x1f1/0x3e0
[  196.969674][ T6503]  bpf_int_jit_compile+0x12bc/0x1830
[  196.974957][ T6503]  bpf_prog_select_runtime+0x32a/0x4c0
[  196.980423][ T6503]  bpf_prog_load+0xe75/0x2490
[  196.985105][ T6503]  __sys_bpf+0x4a3f/0x4de0
[  196.989533][ T6503]  __x64_sys_bpf+0x78/0xc0
[  196.993980][ T6503]  do_syscall_64+0xcd/0x4c0
[  196.998497][ T6503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.004402][ T6503] 
[  197.006720][ T6503] Memory state around the buggy address:
[  197.012342][ T6503]  ffff8880280c0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  197.020401][ T6503]  ffff8880280c0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  197.028460][ T6503] >ffff8880280c0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  197.036513][ T6503]                                            ^
[  197.042657][ T6503]  ffff8880280c0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  197.050721][ T6503]  ffff8880280c0200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  197.058773][ T6503] ==================================================================
[  197.517967][ T6503] ==================================================================
[  197.526077][ T6503] BUG: KASAN: slab-use-after-free in xfrm_state_find+0x7356/0x84c0
[  197.533985][ T6503] Read of size 4 at addr ffff8880280c00c4 by task syz.0.121/6503
[  197.541702][ T6503] 
[  197.544030][ T6503] CPU: 0 UID: 0 PID: 6503 Comm: syz.0.121 Tainted: G    B               6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) 
[  197.544079][ T6503] Tainted: [B]=BAD_PAGE
[  197.544091][ T6503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  197.544110][ T6503] Call Trace:
[  197.544122][ T6503]  <TASK>
[  197.544135][ T6503]  dump_stack_lvl+0x116/0x1f0
[  197.544174][ T6503]  print_report+0xcd/0x630
[  197.544203][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  197.544243][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  197.544282][ T6503]  ? __phys_addr+0xe8/0x180
[  197.544327][ T6503]  ? xfrm_state_find+0x7356/0x84c0
[  197.544360][ T6503]  kasan_report+0xe0/0x110
[  197.544390][ T6503]  ? xfrm_state_find+0x7356/0x84c0
[  197.544427][ T6503]  xfrm_state_find+0x7356/0x84c0
[  197.544459][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  197.544504][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  197.544551][ T6503]  ? __pfx_xfrm_state_find+0x10/0x10
[  197.544584][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  197.544625][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  197.544664][ T6503]  ? rcu_is_watching+0x12/0xc0
[  197.544705][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  197.544744][ T6503]  ? trace_sched_exit_tp+0xd1/0x120
[  197.544793][ T6503]  xfrm_resolve_and_create_bundle+0x4cd/0x3740
[  197.544849][ T6503]  ? srso_alias_return_thunk+0xf4/0xfbef5
[  197.544891][ T6503]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[  197.544933][ T6503]  ? rcu_is_watching+0x12/0xc0
[  197.544973][ T6503]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  197.545028][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  197.545067][ T6503]  ? lockdep_hardirqs_on+0x7c/0x110
[  197.545100][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  197.545139][ T6503]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  197.545193][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  197.545232][ T6503]  ? rcu_preempt_deferred_qs_irqrestore+0x500/0xbc0
[  197.545292][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  197.545334][ T6503]  ? __rcu_read_unlock+0x2bc/0x620
[  197.545374][ T6503]  ? rcu_is_watching+0x12/0xc0
[  197.545415][ T6503]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  197.545468][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  197.545507][ T6503]  ? xfrm_expand_policies.constprop.0+0x252/0x6a0
[  197.545554][ T6503]  xfrm_lookup_with_ifid+0x2a0/0x1e40
[  197.545597][ T6503]  ? __entry_text_end+0xfdfb7/0x1020b9
[  197.545638][ T6503]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[  197.545679][ T6503]  ? __rcu_read_unlock+0x2bc/0x620
[  197.545712][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  197.545751][ T6503]  ? ip_route_output_key_hash+0x16b/0x2e0
[  197.545811][ T6503]  xfrm_lookup_route+0x3b/0x200
[  197.545857][ T6503]  ip_route_output_flow+0x11e/0x150
[  197.545909][ T6503]  udp_sendmsg+0x1af9/0x2870
[  197.545950][ T6503]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  197.545989][ T6503]  ? __pfx_udp_sendmsg+0x10/0x10
[  197.546026][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  197.546072][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  197.546115][ T6503]  ? __lock_acquire+0xb97/0x1ce0
[  197.546169][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  197.546208][ T6503]  ? aa_sk_perm+0x2f4/0xb10
[  197.546249][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  197.546291][ T6503]  ? __pfx_udp_sendmsg+0x10/0x10
[  197.546329][ T6503]  inet_sendmsg+0x105/0x140
[  197.546378][ T6503]  ____sys_sendmsg+0x973/0xc70
[  197.546421][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  197.546460][ T6503]  ? copy_msghdr_from_user+0x10a/0x160
[  197.546494][ T6503]  ? __pfx_____sys_sendmsg+0x10/0x10
[  197.546539][ T6503]  ? find_held_lock+0x2b/0x80
[  197.546579][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  197.546623][ T6503]  ___sys_sendmsg+0x134/0x1d0
[  197.546656][ T6503]  ? __pfx____sys_sendmsg+0x10/0x10
[  197.546697][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  197.546737][ T6503]  ? find_held_lock+0x2b/0x80
[  197.546788][ T6503]  __sys_sendmmsg+0x200/0x420
[  197.546823][ T6503]  ? __pfx___sys_sendmmsg+0x10/0x10
[  197.546865][ T6503]  ? __pfx_do_futex+0x10/0x10
[  197.546916][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  197.546966][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  197.547005][ T6503]  ? xfd_validate_state+0x61/0x180
[  197.547057][ T6503]  ? __sys_setsockopt+0x1c0/0x230
[  197.547090][ T6503]  __x64_sys_sendmmsg+0x9c/0x100
[  197.547123][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  197.547162][ T6503]  ? lockdep_hardirqs_on+0x7c/0x110
[  197.547195][ T6503]  do_syscall_64+0xcd/0x4c0
[  197.547233][ T6503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.547266][ T6503] RIP: 0033:0x7f8debf8eb69
[  197.547290][ T6503] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  197.547322][ T6503] RSP: 002b:00007f8de9db4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  197.547353][ T6503] RAX: ffffffffffffffda RBX: 00007f8dec1b6160 RCX: 00007f8debf8eb69
[  197.547375][ T6503] RDX: 0400000000000077 RSI: 0000200000000180 RDI: 0000000000000006
[  197.547396][ T6503] RBP: 00007f8dec011df1 R08: 0000000000000000 R09: 0000000000000000
[  197.547416][ T6503] R10: 0000000000007600 R11: 0000000000000246 R12: 0000000000000000
[  197.547436][ T6503] R13: 0000000000000000 R14: 00007f8dec1b6160 R15: 00007ffd3651e048
[  197.547467][ T6503]  </TASK>
[  197.547478][ T6503] 
[  198.053588][ T6503] Allocated by task 6222:
[  198.057911][ T6503]  kasan_save_stack+0x33/0x60
[  198.062615][ T6503]  kasan_save_track+0x14/0x30
[  198.067313][ T6503]  __kasan_slab_alloc+0x89/0x90
[  198.072182][ T6503]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[  198.077664][ T6503]  xfrm_state_alloc+0x23/0x5c0
[  198.082440][ T6503]  __find_acq_core+0xb59/0x2900
[  198.087287][ T6503]  xfrm_find_acq+0x7b/0xa0
[  198.091698][ T6503]  pfkey_getspi+0xa62/0xeb0
[  198.096206][ T6503]  pfkey_process+0x6dc/0x840
[  198.100800][ T6503]  pfkey_sendmsg+0x435/0x850
[  198.105391][ T6503]  ____sys_sendmsg+0xa98/0xc70
[  198.110166][ T6503]  ___sys_sendmsg+0x134/0x1d0
[  198.114846][ T6503]  __sys_sendmsg+0x16d/0x220
[  198.119450][ T6503]  do_syscall_64+0xcd/0x4c0
[  198.123962][ T6503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  198.129902][ T6503] 
[  198.132211][ T6503] Freed by task 5943:
[  198.136185][ T6503]  kasan_save_stack+0x33/0x60
[  198.140887][ T6503]  kasan_save_track+0x14/0x30
[  198.145580][ T6503]  kasan_save_free_info+0x3b/0x60
[  198.150614][ T6503]  __kasan_slab_free+0x51/0x70
[  198.155398][ T6503]  kmem_cache_free+0x2d1/0x4d0
[  198.160179][ T6503]  xfrm_state_gc_task+0x50a/0x770
[  198.165205][ T6503]  process_one_work+0x9cf/0x1b70
[  198.170147][ T6503]  worker_thread+0x6c8/0xf10
[  198.174745][ T6503]  kthread+0x3c5/0x780
[  198.178812][ T6503]  ret_from_fork+0x5d7/0x6f0
[  198.183399][ T6503]  ret_from_fork_asm+0x1a/0x30
[  198.188170][ T6503] 
[  198.190480][ T6503] The buggy address belongs to the object at ffff8880280c0000
[  198.190480][ T6503]  which belongs to the cache xfrm_state of size 928
[  198.204447][ T6503] The buggy address is located 196 bytes inside of
[  198.204447][ T6503]  freed 928-byte region [ffff8880280c0000, ffff8880280c03a0)
[  198.218253][ T6503] 
[  198.220579][ T6503] The buggy address belongs to the physical page:
[  198.226986][ T6503] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x280c0
[  198.235745][ T6503] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  198.244246][ T6503] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  198.251789][ T6503] page_type: f5(slab)
[  198.255769][ T6503] raw: 00fff00000000040 ffff888145e883c0 dead000000000122 0000000000000000
[  198.264355][ T6503] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[  198.272948][ T6503] head: 00fff00000000040 ffff888145e883c0 dead000000000122 0000000000000000
[  198.281628][ T6503] head: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[  198.290304][ T6503] head: 00fff00000000002 ffffea0000a03001 00000000ffffffff 00000000ffffffff
[  198.298983][ T6503] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  198.307651][ T6503] page dumped because: kasan: bad access detected
[  198.314060][ T6503] page_owner tracks the page as allocated
[  198.319765][ T6503] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6222, tgid 6219 (syz.0.53), ts 149415408527, free_ts 149336029428
[  198.338918][ T6503]  post_alloc_hook+0x1c0/0x230
[  198.343714][ T6503]  get_page_from_freelist+0x132b/0x38e0
[  198.349287][ T6503]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  198.355203][ T6503]  alloc_pages_mpol+0x1fb/0x550
[  198.360056][ T6503]  new_slab+0x247/0x330
[  198.364221][ T6503]  ___slab_alloc+0xcf2/0x1740
[  198.368909][ T6503]  __slab_alloc.constprop.0+0x56/0xb0
[  198.374294][ T6503]  kmem_cache_alloc_noprof+0xef/0x3b0
[  198.379687][ T6503]  xfrm_state_alloc+0x23/0x5c0
[  198.384498][ T6503]  __find_acq_core+0xb59/0x2900
[  198.389349][ T6503]  xfrm_find_acq+0x7b/0xa0
[  198.393852][ T6503]  pfkey_getspi+0xa62/0xeb0
[  198.398370][ T6503]  pfkey_process+0x6dc/0x840
[  198.402967][ T6503]  pfkey_sendmsg+0x435/0x850
[  198.407567][ T6503]  ____sys_sendmsg+0xa98/0xc70
[  198.412348][ T6503]  ___sys_sendmsg+0x134/0x1d0
[  198.417030][ T6503] page last free pid 6222 tgid 6219 stack trace:
[  198.423345][ T6503]  __free_frozen_pages+0x7d5/0x10f0
[  198.428558][ T6503]  qlist_free_all+0x4d/0x120
[  198.433171][ T6503]  kasan_quarantine_reduce+0x195/0x1e0
[  198.438649][ T6503]  __kasan_slab_alloc+0x69/0x90
[  198.443524][ T6503]  __kmalloc_cache_noprof+0x1f1/0x3e0
[  198.448918][ T6503]  bpf_int_jit_compile+0x12bc/0x1830
[  198.454205][ T6503]  bpf_prog_select_runtime+0x32a/0x4c0
[  198.459674][ T6503]  bpf_prog_load+0xe75/0x2490
[  198.464364][ T6503]  __sys_bpf+0x4a3f/0x4de0
[  198.468834][ T6503]  __x64_sys_bpf+0x78/0xc0
[  198.473258][ T6503]  do_syscall_64+0xcd/0x4c0
[  198.477773][ T6503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  198.483674][ T6503] 
[  198.485985][ T6503] Memory state around the buggy address:
[  198.491606][ T6503]  ffff8880280bff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  198.499663][ T6503]  ffff8880280c0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  198.507728][ T6503] >ffff8880280c0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  198.515783][ T6503]                                            ^
[  198.521930][ T6503]  ffff8880280c0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  198.530003][ T6503]  ffff8880280c0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  198.538065][ T6503] ==================================================================
[  198.565806][ T6503] ==================================================================
[  198.573911][ T6503] BUG: KASAN: slab-use-after-free in xfrm_state_find+0x7c3d/0x84c0
[  198.581821][ T6503] Read of size 8 at addr ffff8880280c0028 by task syz.0.121/6503
[  198.589573][ T6503] 
[  198.591930][ T6503] CPU: 0 UID: 0 PID: 6503 Comm: syz.0.121 Tainted: G    B               6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) 
[  198.591982][ T6503] Tainted: [B]=BAD_PAGE
[  198.591994][ T6503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  198.592014][ T6503] Call Trace:
[  198.592026][ T6503]  <TASK>
[  198.592039][ T6503]  dump_stack_lvl+0x116/0x1f0
[  198.592078][ T6503]  print_report+0xcd/0x630
[  198.592108][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.592149][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.592188][ T6503]  ? __phys_addr+0xe8/0x180
[  198.592234][ T6503]  ? xfrm_state_find+0x7c3d/0x84c0
[  198.592267][ T6503]  kasan_report+0xe0/0x110
[  198.592297][ T6503]  ? xfrm_state_find+0x7c3d/0x84c0
[  198.592335][ T6503]  xfrm_state_find+0x7c3d/0x84c0
[  198.592367][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.592412][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.592458][ T6503]  ? __pfx_xfrm_state_find+0x10/0x10
[  198.592491][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.592533][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.592572][ T6503]  ? rcu_is_watching+0x12/0xc0
[  198.592613][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.592653][ T6503]  ? trace_sched_exit_tp+0xd1/0x120
[  198.592702][ T6503]  xfrm_resolve_and_create_bundle+0x4cd/0x3740
[  198.592753][ T6503]  ? srso_alias_return_thunk+0xf4/0xfbef5
[  198.592796][ T6503]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[  198.592837][ T6503]  ? rcu_is_watching+0x12/0xc0
[  198.592883][ T6503]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  198.592938][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.592978][ T6503]  ? lockdep_hardirqs_on+0x7c/0x110
[  198.593010][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.593050][ T6503]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  198.593104][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.593144][ T6503]  ? rcu_preempt_deferred_qs_irqrestore+0x500/0xbc0
[  198.593204][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.593246][ T6503]  ? __rcu_read_unlock+0x2bc/0x620
[  198.593286][ T6503]  ? rcu_is_watching+0x12/0xc0
[  198.593327][ T6503]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  198.593381][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.593420][ T6503]  ? xfrm_expand_policies.constprop.0+0x252/0x6a0
[  198.593467][ T6503]  xfrm_lookup_with_ifid+0x2a0/0x1e40
[  198.593510][ T6503]  ? __entry_text_end+0xfdfb7/0x1020b9
[  198.593553][ T6503]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[  198.593594][ T6503]  ? __rcu_read_unlock+0x2bc/0x620
[  198.593628][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.593667][ T6503]  ? ip_route_output_key_hash+0x16b/0x2e0
[  198.593727][ T6503]  xfrm_lookup_route+0x3b/0x200
[  198.593770][ T6503]  ip_route_output_flow+0x11e/0x150
[  198.593822][ T6503]  udp_sendmsg+0x1af9/0x2870
[  198.593862][ T6503]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  198.593907][ T6503]  ? __pfx_udp_sendmsg+0x10/0x10
[  198.593944][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.593990][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.594033][ T6503]  ? __lock_acquire+0xb97/0x1ce0
[  198.594087][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.594126][ T6503]  ? aa_sk_perm+0x2f4/0xb10
[  198.594167][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.594209][ T6503]  ? __pfx_udp_sendmsg+0x10/0x10
[  198.594248][ T6503]  inet_sendmsg+0x105/0x140
[  198.594297][ T6503]  ____sys_sendmsg+0x973/0xc70
[  198.594341][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.594380][ T6503]  ? copy_msghdr_from_user+0x10a/0x160
[  198.594413][ T6503]  ? __pfx_____sys_sendmsg+0x10/0x10
[  198.594458][ T6503]  ? find_held_lock+0x2b/0x80
[  198.594499][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.594542][ T6503]  ___sys_sendmsg+0x134/0x1d0
[  198.594576][ T6503]  ? __pfx____sys_sendmsg+0x10/0x10
[  198.594617][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.594657][ T6503]  ? find_held_lock+0x2b/0x80
[  198.594708][ T6503]  __sys_sendmmsg+0x200/0x420
[  198.594743][ T6503]  ? __pfx___sys_sendmmsg+0x10/0x10
[  198.594783][ T6503]  ? __pfx_do_futex+0x10/0x10
[  198.594834][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.594888][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.594927][ T6503]  ? xfd_validate_state+0x61/0x180
[  198.594980][ T6503]  ? __sys_setsockopt+0x1c0/0x230
[  198.595013][ T6503]  __x64_sys_sendmmsg+0x9c/0x100
[  198.595046][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.595085][ T6503]  ? lockdep_hardirqs_on+0x7c/0x110
[  198.595118][ T6503]  do_syscall_64+0xcd/0x4c0
[  198.595156][ T6503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  198.595189][ T6503] RIP: 0033:0x7f8debf8eb69
[  198.595214][ T6503] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  198.595246][ T6503] RSP: 002b:00007f8de9db4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  198.595277][ T6503] RAX: ffffffffffffffda RBX: 00007f8dec1b6160 RCX: 00007f8debf8eb69
[  198.595299][ T6503] RDX: 0400000000000077 RSI: 0000200000000180 RDI: 0000000000000006
[  198.595320][ T6503] RBP: 00007f8dec011df1 R08: 0000000000000000 R09: 0000000000000000
[  198.595341][ T6503] R10: 0000000000007600 R11: 0000000000000246 R12: 0000000000000000
[  198.595361][ T6503] R13: 0000000000000000 R14: 00007f8dec1b6160 R15: 00007ffd3651e048
[  198.595392][ T6503]  </TASK>
[  198.595403][ T6503] 
[  199.101536][ T6503] Allocated by task 6222:
[  199.105868][ T6503]  kasan_save_stack+0x33/0x60
[  199.110568][ T6503]  kasan_save_track+0x14/0x30
[  199.115265][ T6503]  __kasan_slab_alloc+0x89/0x90
[  199.120138][ T6503]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[  199.125619][ T6503]  xfrm_state_alloc+0x23/0x5c0
[  199.130397][ T6503]  __find_acq_core+0xb59/0x2900
[  199.135246][ T6503]  xfrm_find_acq+0x7b/0xa0
[  199.139664][ T6503]  pfkey_getspi+0xa62/0xeb0
[  199.144194][ T6503]  pfkey_process+0x6dc/0x840
[  199.148796][ T6503]  pfkey_sendmsg+0x435/0x850
[  199.153397][ T6503]  ____sys_sendmsg+0xa98/0xc70
[  199.158172][ T6503]  ___sys_sendmsg+0x134/0x1d0
[  199.162856][ T6503]  __sys_sendmsg+0x16d/0x220
[  199.167461][ T6503]  do_syscall_64+0xcd/0x4c0
[  199.171984][ T6503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.177883][ T6503] 
[  199.180191][ T6503] Freed by task 5943:
[  199.184159][ T6503]  kasan_save_stack+0x33/0x60
[  199.188872][ T6503]  kasan_save_track+0x14/0x30
[  199.193584][ T6503]  kasan_save_free_info+0x3b/0x60
[  199.198636][ T6503]  __kasan_slab_free+0x51/0x70
[  199.203422][ T6503]  kmem_cache_free+0x2d1/0x4d0
[  199.208204][ T6503]  xfrm_state_gc_task+0x50a/0x770
[  199.213231][ T6503]  process_one_work+0x9cf/0x1b70
[  199.218172][ T6503]  worker_thread+0x6c8/0xf10
[  199.222767][ T6503]  kthread+0x3c5/0x780
[  199.226836][ T6503]  ret_from_fork+0x5d7/0x6f0
[  199.231425][ T6503]  ret_from_fork_asm+0x1a/0x30
[  199.236197][ T6503] 
[  199.238505][ T6503] The buggy address belongs to the object at ffff8880280c0000
[  199.238505][ T6503]  which belongs to the cache xfrm_state of size 928
[  199.252520][ T6503] The buggy address is located 40 bytes inside of
[  199.252520][ T6503]  freed 928-byte region [ffff8880280c0000, ffff8880280c03a0)
[  199.266265][ T6503] 
[  199.268582][ T6503] The buggy address belongs to the physical page:
[  199.274994][ T6503] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x280c0
[  199.283757][ T6503] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  199.292257][ T6503] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  199.299801][ T6503] page_type: f5(slab)
[  199.303783][ T6503] raw: 00fff00000000040 ffff888145e883c0 dead000000000122 0000000000000000
[  199.312377][ T6503] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[  199.320974][ T6503] head: 00fff00000000040 ffff888145e883c0 dead000000000122 0000000000000000
[  199.329684][ T6503] head: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[  199.338384][ T6503] head: 00fff00000000002 ffffea0000a03001 00000000ffffffff 00000000ffffffff
[  199.347065][ T6503] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  199.355738][ T6503] page dumped because: kasan: bad access detected
[  199.362143][ T6503] page_owner tracks the page as allocated
[  199.367846][ T6503] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6222, tgid 6219 (syz.0.53), ts 149415408527, free_ts 149336029428
[  199.386970][ T6503]  post_alloc_hook+0x1c0/0x230
[  199.391760][ T6503]  get_page_from_freelist+0x132b/0x38e0
[  199.397328][ T6503]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  199.403246][ T6503]  alloc_pages_mpol+0x1fb/0x550
[  199.408096][ T6503]  new_slab+0x247/0x330
[  199.412259][ T6503]  ___slab_alloc+0xcf2/0x1740
[  199.416946][ T6503]  __slab_alloc.constprop.0+0x56/0xb0
[  199.422328][ T6503]  kmem_cache_alloc_noprof+0xef/0x3b0
[  199.427722][ T6503]  xfrm_state_alloc+0x23/0x5c0
[  199.432501][ T6503]  __find_acq_core+0xb59/0x2900
[  199.437355][ T6503]  xfrm_find_acq+0x7b/0xa0
[  199.441771][ T6503]  pfkey_getspi+0xa62/0xeb0
[  199.446283][ T6503]  pfkey_process+0x6dc/0x840
[  199.450892][ T6503]  pfkey_sendmsg+0x435/0x850
[  199.455499][ T6503]  ____sys_sendmsg+0xa98/0xc70
[  199.460277][ T6503]  ___sys_sendmsg+0x134/0x1d0
[  199.464961][ T6503] page last free pid 6222 tgid 6219 stack trace:
[  199.471285][ T6503]  __free_frozen_pages+0x7d5/0x10f0
[  199.476499][ T6503]  qlist_free_all+0x4d/0x120
[  199.481103][ T6503]  kasan_quarantine_reduce+0x195/0x1e0
[  199.486581][ T6503]  __kasan_slab_alloc+0x69/0x90
[  199.491455][ T6503]  __kmalloc_cache_noprof+0x1f1/0x3e0
[  199.496844][ T6503]  bpf_int_jit_compile+0x12bc/0x1830
[  199.502133][ T6503]  bpf_prog_select_runtime+0x32a/0x4c0
[  199.507601][ T6503]  bpf_prog_load+0xe75/0x2490
[  199.512370][ T6503]  __sys_bpf+0x4a3f/0x4de0
[  199.516795][ T6503]  __x64_sys_bpf+0x78/0xc0
[  199.521221][ T6503]  do_syscall_64+0xcd/0x4c0
[  199.525785][ T6503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.531691][ T6503] 
[  199.534005][ T6503] Memory state around the buggy address:
[  199.539624][ T6503]  ffff8880280bff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  199.547687][ T6503]  ffff8880280bff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  199.555760][ T6503] >ffff8880280c0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  199.563823][ T6503]                                   ^
[  199.569269][ T6503]  ffff8880280c0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  199.577330][ T6503]  ffff8880280c0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  199.585390][ T6503] ==================================================================
[  199.619685][ T6503] ==================================================================
[  199.627785][ T6503] BUG: KASAN: slab-use-after-free in xfrm_state_find+0x7401/0x84c0
[  199.635702][ T6503] Read of size 1 at addr ffff8880280c0330 by task syz.0.121/6503
[  199.643425][ T6503] 
[  199.645755][ T6503] CPU: 0 UID: 0 PID: 6503 Comm: syz.0.121 Tainted: G    B               6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) 
[  199.645806][ T6503] Tainted: [B]=BAD_PAGE
[  199.645818][ T6503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  199.645837][ T6503] Call Trace:
[  199.645852][ T6503]  <TASK>
[  199.645864][ T6503]  dump_stack_lvl+0x116/0x1f0
[  199.645903][ T6503]  print_report+0xcd/0x630
[  199.645932][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  199.645972][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  199.646011][ T6503]  ? __phys_addr+0xe8/0x180
[  199.646057][ T6503]  ? xfrm_state_find+0x7401/0x84c0
[  199.646089][ T6503]  kasan_report+0xe0/0x110
[  199.646119][ T6503]  ? xfrm_state_find+0x7401/0x84c0
[  199.646157][ T6503]  xfrm_state_find+0x7401/0x84c0
[  199.646189][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  199.646228][ T6503]  ? arch_stack_walk+0xa6/0x100
[  199.646277][ T6503]  ? __pfx_xfrm_state_find+0x10/0x10
[  199.646310][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  199.646352][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  199.646394][ T6503]  ? rcu_is_watching+0x12/0xc0
[  199.646435][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  199.646477][ T6503]  ? lock_release+0x201/0x2f0
[  199.646527][ T6503]  ? bpf_ksym_find+0x124/0x1c0
[  199.646568][ T6503]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  199.646620][ T6503]  xfrm_resolve_and_create_bundle+0x4cd/0x3740
[  199.646675][ T6503]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[  199.646714][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  199.646753][ T6503]  ? trace_irq_enable.constprop.0+0xd4/0x120
[  199.646793][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  199.646832][ T6503]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  199.646891][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  199.646930][ T6503]  ? ref_tracker_alloc+0x305/0x5b0
[  199.646973][ T6503]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  199.647015][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  199.647054][ T6503]  ? rcu_is_watching+0x12/0xc0
[  199.647096][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  199.647147][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  199.647187][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  199.647226][ T6503]  ? dst_alloc+0xc0/0x1a0
[  199.647275][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  199.647314][ T6503]  ? xfrm_expand_policies.constprop.0+0x252/0x6a0
[  199.647361][ T6503]  xfrm_lookup_with_ifid+0x2a0/0x1e40
[  199.647402][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  199.647443][ T6503]  ? __entry_text_end+0xfdfb7/0x1020b9
[  199.647483][ T6503]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[  199.647527][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  199.647566][ T6503]  ? ip_route_output_key_hash+0x16b/0x2e0
[  199.647619][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  199.647665][ T6503]  xfrm_lookup_route+0x3b/0x200
[  199.647707][ T6503]  ip_route_output_flow+0x11e/0x150
[  199.647759][ T6503]  udp_sendmsg+0x1af9/0x2870
[  199.647799][ T6503]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  199.647842][ T6503]  ? __pfx_udp_sendmsg+0x10/0x10
[  199.647879][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  199.647925][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  199.647967][ T6503]  ? __lock_acquire+0xb97/0x1ce0
[  199.648021][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  199.648060][ T6503]  ? aa_sk_perm+0x2f4/0xb10
[  199.648100][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  199.648143][ T6503]  ? __pfx_udp_sendmsg+0x10/0x10
[  199.648181][ T6503]  inet_sendmsg+0x105/0x140
[  199.648229][ T6503]  ____sys_sendmsg+0x973/0xc70
[  199.648272][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  199.648312][ T6503]  ? copy_msghdr_from_user+0x10a/0x160
[  199.648345][ T6503]  ? __pfx_____sys_sendmsg+0x10/0x10
[  199.648390][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  199.648429][ T6503]  ? kfree+0x24f/0x4d0
[  199.648470][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  199.648514][ T6503]  ___sys_sendmsg+0x134/0x1d0
[  199.648547][ T6503]  ? __pfx____sys_sendmsg+0x10/0x10
[  199.648588][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  199.648627][ T6503]  ? find_held_lock+0x2b/0x80
[  199.648674][ T6503]  ? __pfx___might_resched+0x10/0x10
[  199.648720][ T6503]  __sys_sendmmsg+0x200/0x420
[  199.648755][ T6503]  ? __pfx___sys_sendmmsg+0x10/0x10
[  199.648794][ T6503]  ? __pfx_do_futex+0x10/0x10
[  199.648851][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  199.648900][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  199.648939][ T6503]  ? xfd_validate_state+0x61/0x180
[  199.648992][ T6503]  ? __sys_setsockopt+0x1c0/0x230
[  199.649025][ T6503]  __x64_sys_sendmmsg+0x9c/0x100
[  199.649057][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  199.649096][ T6503]  ? lockdep_hardirqs_on+0x7c/0x110
[  199.649130][ T6503]  do_syscall_64+0xcd/0x4c0
[  199.649168][ T6503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.649202][ T6503] RIP: 0033:0x7f8debf8eb69
[  199.649227][ T6503] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  199.649258][ T6503] RSP: 002b:00007f8de9db4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  199.649289][ T6503] RAX: ffffffffffffffda RBX: 00007f8dec1b6160 RCX: 00007f8debf8eb69
[  199.649311][ T6503] RDX: 0400000000000077 RSI: 0000200000000180 RDI: 0000000000000006
[  199.649332][ T6503] RBP: 00007f8dec011df1 R08: 0000000000000000 R09: 0000000000000000
[  199.649352][ T6503] R10: 0000000000007600 R11: 0000000000000246 R12: 0000000000000000
[  199.649372][ T6503] R13: 0000000000000000 R14: 00007f8dec1b6160 R15: 00007ffd3651e048
[  199.649403][ T6503]  </TASK>
[  199.649414][ T6503] 
[  200.181344][ T6503] Allocated by task 6222:
[  200.185660][ T6503]  kasan_save_stack+0x33/0x60
[  200.190356][ T6503]  kasan_save_track+0x14/0x30
[  200.195052][ T6503]  __kasan_slab_alloc+0x89/0x90
[  200.199919][ T6503]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[  200.205392][ T6503]  xfrm_state_alloc+0x23/0x5c0
[  200.210166][ T6503]  __find_acq_core+0xb59/0x2900
[  200.215011][ T6503]  xfrm_find_acq+0x7b/0xa0
[  200.219420][ T6503]  pfkey_getspi+0xa62/0xeb0
[  200.223931][ T6503]  pfkey_process+0x6dc/0x840
[  200.228528][ T6503]  pfkey_sendmsg+0x435/0x850
[  200.233118][ T6503]  ____sys_sendmsg+0xa98/0xc70
[  200.237891][ T6503]  ___sys_sendmsg+0x134/0x1d0
[  200.242573][ T6503]  __sys_sendmsg+0x16d/0x220
[  200.247158][ T6503]  do_syscall_64+0xcd/0x4c0
[  200.251662][ T6503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.257557][ T6503] 
[  200.259868][ T6503] Freed by task 5943:
[  200.263837][ T6503]  kasan_save_stack+0x33/0x60
[  200.268537][ T6503]  kasan_save_track+0x14/0x30
[  200.273230][ T6503]  kasan_save_free_info+0x3b/0x60
[  200.278262][ T6503]  __kasan_slab_free+0x51/0x70
[  200.283041][ T6503]  kmem_cache_free+0x2d1/0x4d0
[  200.287828][ T6503]  xfrm_state_gc_task+0x50a/0x770
[  200.292852][ T6503]  process_one_work+0x9cf/0x1b70
[  200.297794][ T6503]  worker_thread+0x6c8/0xf10
[  200.302381][ T6503]  kthread+0x3c5/0x780
[  200.306443][ T6503]  ret_from_fork+0x5d7/0x6f0
[  200.311026][ T6503]  ret_from_fork_asm+0x1a/0x30
[  200.315796][ T6503] 
[  200.318105][ T6503] The buggy address belongs to the object at ffff8880280c0000
[  200.318105][ T6503]  which belongs to the cache xfrm_state of size 928
[  200.332082][ T6503] The buggy address is located 816 bytes inside of
[  200.332082][ T6503]  freed 928-byte region [ffff8880280c0000, ffff8880280c03a0)
[  200.345883][ T6503] 
[  200.348196][ T6503] The buggy address belongs to the physical page:
[  200.354588][ T6503] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x280c0
[  200.363342][ T6503] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  200.371835][ T6503] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  200.379386][ T6503] page_type: f5(slab)
[  200.383362][ T6503] raw: 00fff00000000040 ffff888145e883c0 dead000000000122 0000000000000000
[  200.391942][ T6503] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[  200.400524][ T6503] head: 00fff00000000040 ffff888145e883c0 dead000000000122 0000000000000000
[  200.409192][ T6503] head: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[  200.417865][ T6503] head: 00fff00000000002 ffffea0000a03001 00000000ffffffff 00000000ffffffff
[  200.426534][ T6503] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  200.435190][ T6503] page dumped because: kasan: bad access detected
[  200.441591][ T6503] page_owner tracks the page as allocated
[  200.447294][ T6503] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6222, tgid 6219 (syz.0.53), ts 149415408527, free_ts 149336029428
[  200.466409][ T6503]  post_alloc_hook+0x1c0/0x230
[  200.471198][ T6503]  get_page_from_freelist+0x132b/0x38e0
[  200.476774][ T6503]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  200.482689][ T6503]  alloc_pages_mpol+0x1fb/0x550
[  200.487538][ T6503]  new_slab+0x247/0x330
[  200.491704][ T6503]  ___slab_alloc+0xcf2/0x1740
[  200.496387][ T6503]  __slab_alloc.constprop.0+0x56/0xb0
[  200.501765][ T6503]  kmem_cache_alloc_noprof+0xef/0x3b0
[  200.507150][ T6503]  xfrm_state_alloc+0x23/0x5c0
[  200.511921][ T6503]  __find_acq_core+0xb59/0x2900
[  200.516767][ T6503]  xfrm_find_acq+0x7b/0xa0
[  200.521175][ T6503]  pfkey_getspi+0xa62/0xeb0
[  200.525681][ T6503]  pfkey_process+0x6dc/0x840
[  200.530270][ T6503]  pfkey_sendmsg+0x435/0x850
[  200.534862][ T6503]  ____sys_sendmsg+0xa98/0xc70
[  200.539638][ T6503]  ___sys_sendmsg+0x134/0x1d0
[  200.544310][ T6503] page last free pid 6222 tgid 6219 stack trace:
[  200.550626][ T6503]  __free_frozen_pages+0x7d5/0x10f0
[  200.555832][ T6503]  qlist_free_all+0x4d/0x120
[  200.560433][ T6503]  kasan_quarantine_reduce+0x195/0x1e0
[  200.565907][ T6503]  __kasan_slab_alloc+0x69/0x90
[  200.570801][ T6503]  __kmalloc_cache_noprof+0x1f1/0x3e0
[  200.576186][ T6503]  bpf_int_jit_compile+0x12bc/0x1830
[  200.581474][ T6503]  bpf_prog_select_runtime+0x32a/0x4c0
[  200.586940][ T6503]  bpf_prog_load+0xe75/0x2490
[  200.591622][ T6503]  __sys_bpf+0x4a3f/0x4de0
[  200.596042][ T6503]  __x64_sys_bpf+0x78/0xc0
[  200.600633][ T6503]  do_syscall_64+0xcd/0x4c0
[  200.605137][ T6503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.611028][ T6503] 
[  200.613335][ T6503] Memory state around the buggy address:
[  200.618952][ T6503]  ffff8880280c0200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  200.627009][ T6503]  ffff8880280c0280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  200.635064][ T6503] >ffff8880280c0300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  200.643210][ T6503]                                      ^
[  200.648841][ T6503]  ffff8880280c0380: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[  200.656901][ T6503]  ffff8880280c0400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  200.664973][ T6503] ==================================================================
[  200.754228][ T6503] ==================================================================
[  200.762330][ T6503] BUG: KASAN: slab-use-after-free in xfrm_state_find+0x73e6/0x84c0
[  200.770234][ T6503] Read of size 2 at addr ffff8880280c0142 by task syz.0.121/6503
[  200.777950][ T6503] 
[  200.780277][ T6503] CPU: 1 UID: 0 PID: 6503 Comm: syz.0.121 Tainted: G    B               6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) 
[  200.780328][ T6503] Tainted: [B]=BAD_PAGE
[  200.780339][ T6503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  200.780358][ T6503] Call Trace:
[  200.780369][ T6503]  <TASK>
[  200.780380][ T6503]  dump_stack_lvl+0x116/0x1f0
[  200.780418][ T6503]  print_report+0xcd/0x630
[  200.780447][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.780487][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.780526][ T6503]  ? __phys_addr+0xe8/0x180
[  200.780571][ T6503]  ? xfrm_state_find+0x73e6/0x84c0
[  200.780603][ T6503]  kasan_report+0xe0/0x110
[  200.780639][ T6503]  ? xfrm_state_find+0x73e6/0x84c0
[  200.780676][ T6503]  xfrm_state_find+0x73e6/0x84c0
[  200.780708][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.780747][ T6503]  ? arch_stack_walk+0xa6/0x100
[  200.780796][ T6503]  ? __pfx_xfrm_state_find+0x10/0x10
[  200.780829][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.780870][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.780912][ T6503]  ? rcu_is_watching+0x12/0xc0
[  200.780953][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.780995][ T6503]  ? lock_release+0x201/0x2f0
[  200.781045][ T6503]  ? bpf_ksym_find+0x124/0x1c0
[  200.781086][ T6503]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  200.781137][ T6503]  xfrm_resolve_and_create_bundle+0x4cd/0x3740
[  200.781192][ T6503]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[  200.781231][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.781270][ T6503]  ? trace_irq_enable.constprop.0+0xd4/0x120
[  200.781309][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.781348][ T6503]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  200.781403][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.781442][ T6503]  ? ref_tracker_alloc+0x305/0x5b0
[  200.781485][ T6503]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  200.781526][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.781565][ T6503]  ? rcu_is_watching+0x12/0xc0
[  200.781606][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.781660][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.781700][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.781739][ T6503]  ? dst_alloc+0xc0/0x1a0
[  200.781788][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.781827][ T6503]  ? xfrm_expand_policies.constprop.0+0x252/0x6a0
[  200.781873][ T6503]  xfrm_lookup_with_ifid+0x2a0/0x1e40
[  200.781914][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.781954][ T6503]  ? __entry_text_end+0xfdfb7/0x1020b9
[  200.781994][ T6503]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[  200.782037][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.782076][ T6503]  ? ip_route_output_key_hash+0x16b/0x2e0
[  200.782128][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.782174][ T6503]  xfrm_lookup_route+0x3b/0x200
[  200.782215][ T6503]  ip_route_output_flow+0x11e/0x150
[  200.782267][ T6503]  udp_sendmsg+0x1af9/0x2870
[  200.782307][ T6503]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  200.782347][ T6503]  ? __pfx_udp_sendmsg+0x10/0x10
[  200.782384][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.782429][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.782471][ T6503]  ? __lock_acquire+0xb97/0x1ce0
[  200.782524][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.782563][ T6503]  ? aa_sk_perm+0x2f4/0xb10
[  200.782603][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.782649][ T6503]  ? __pfx_udp_sendmsg+0x10/0x10
[  200.782687][ T6503]  inet_sendmsg+0x105/0x140
[  200.782735][ T6503]  ____sys_sendmsg+0x973/0xc70
[  200.782778][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.782817][ T6503]  ? copy_msghdr_from_user+0x10a/0x160
[  200.782850][ T6503]  ? __pfx_____sys_sendmsg+0x10/0x10
[  200.782895][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.782934][ T6503]  ? kfree+0x24f/0x4d0
[  200.782974][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.783017][ T6503]  ___sys_sendmsg+0x134/0x1d0
[  200.783050][ T6503]  ? __pfx____sys_sendmsg+0x10/0x10
[  200.783092][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.783130][ T6503]  ? find_held_lock+0x2b/0x80
[  200.783177][ T6503]  ? __pfx___might_resched+0x10/0x10
[  200.783222][ T6503]  __sys_sendmmsg+0x200/0x420
[  200.783257][ T6503]  ? __pfx___sys_sendmmsg+0x10/0x10
[  200.783295][ T6503]  ? __pfx_do_futex+0x10/0x10
[  200.783346][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.783395][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.783434][ T6503]  ? xfd_validate_state+0x61/0x180
[  200.783486][ T6503]  ? __sys_setsockopt+0x1c0/0x230
[  200.783522][ T6503]  __x64_sys_sendmmsg+0x9c/0x100
[  200.783555][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  200.783593][ T6503]  ? lockdep_hardirqs_on+0x7c/0x110
[  200.783630][ T6503]  do_syscall_64+0xcd/0x4c0
[  200.783668][ T6503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.783700][ T6503] RIP: 0033:0x7f8debf8eb69
[  200.783725][ T6503] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  200.783757][ T6503] RSP: 002b:00007f8de9db4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  200.783787][ T6503] RAX: ffffffffffffffda RBX: 00007f8dec1b6160 RCX: 00007f8debf8eb69
[  200.783809][ T6503] RDX: 0400000000000077 RSI: 0000200000000180 RDI: 0000000000000006
[  200.783830][ T6503] RBP: 00007f8dec011df1 R08: 0000000000000000 R09: 0000000000000000
[  200.783850][ T6503] R10: 0000000000007600 R11: 0000000000000246 R12: 0000000000000000
[  200.783871][ T6503] R13: 0000000000000000 R14: 00007f8dec1b6160 R15: 00007ffd3651e048
[  200.783901][ T6503]  </TASK>
[  200.783912][ T6503] 
[  201.315256][ T6503] Allocated by task 6222:
[  201.319573][ T6503]  kasan_save_stack+0x33/0x60
[  201.324275][ T6503]  kasan_save_track+0x14/0x30
[  201.329003][ T6503]  __kasan_slab_alloc+0x89/0x90
[  201.333873][ T6503]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[  201.339374][ T6503]  xfrm_state_alloc+0x23/0x5c0
[  201.344165][ T6503]  __find_acq_core+0xb59/0x2900
[  201.349053][ T6503]  xfrm_find_acq+0x7b/0xa0
[  201.353464][ T6503]  pfkey_getspi+0xa62/0xeb0
[  201.357979][ T6503]  pfkey_process+0x6dc/0x840
[  201.362571][ T6503]  pfkey_sendmsg+0x435/0x850
[  201.367169][ T6503]  ____sys_sendmsg+0xa98/0xc70
[  201.371943][ T6503]  ___sys_sendmsg+0x134/0x1d0
[  201.376638][ T6503]  __sys_sendmsg+0x16d/0x220
[  201.381231][ T6503]  do_syscall_64+0xcd/0x4c0
[  201.385751][ T6503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.391646][ T6503] 
[  201.394012][ T6503] Freed by task 5943:
[  201.397977][ T6503]  kasan_save_stack+0x33/0x60
[  201.402672][ T6503]  kasan_save_track+0x14/0x30
[  201.407369][ T6503]  kasan_save_free_info+0x3b/0x60
[  201.412400][ T6503]  __kasan_slab_free+0x51/0x70
[  201.417180][ T6503]  kmem_cache_free+0x2d1/0x4d0
[  201.421958][ T6503]  xfrm_state_gc_task+0x50a/0x770
[  201.426980][ T6503]  process_one_work+0x9cf/0x1b70
[  201.431917][ T6503]  worker_thread+0x6c8/0xf10
[  201.436507][ T6503]  kthread+0x3c5/0x780
[  201.440572][ T6503]  ret_from_fork+0x5d7/0x6f0
[  201.445171][ T6503]  ret_from_fork_asm+0x1a/0x30
[  201.449952][ T6503] 
[  201.452265][ T6503] The buggy address belongs to the object at ffff8880280c0000
[  201.452265][ T6503]  which belongs to the cache xfrm_state of size 928
[  201.466226][ T6503] The buggy address is located 322 bytes inside of
[  201.466226][ T6503]  freed 928-byte region [ffff8880280c0000, ffff8880280c03a0)
[  201.480037][ T6503] 
[  201.482351][ T6503] The buggy address belongs to the physical page:
[  201.488745][ T6503] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x280c0
[  201.497504][ T6503] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  201.506005][ T6503] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  201.513549][ T6503] page_type: f5(slab)
[  201.517528][ T6503] raw: 00fff00000000040 ffff888145e883c0 dead000000000122 0000000000000000
[  201.526114][ T6503] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[  201.534702][ T6503] head: 00fff00000000040 ffff888145e883c0 dead000000000122 0000000000000000
[  201.543379][ T6503] head: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[  201.552056][ T6503] head: 00fff00000000002 ffffea0000a03001 00000000ffffffff 00000000ffffffff
[  201.560731][ T6503] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  201.569416][ T6503] page dumped because: kasan: bad access detected
[  201.575821][ T6503] page_owner tracks the page as allocated
[  201.581523][ T6503] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6222, tgid 6219 (syz.0.53), ts 149415408527, free_ts 149336029428
[  201.600650][ T6503]  post_alloc_hook+0x1c0/0x230
[  201.605434][ T6503]  get_page_from_freelist+0x132b/0x38e0
[  201.611006][ T6503]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  201.616923][ T6503]  alloc_pages_mpol+0x1fb/0x550
[  201.621778][ T6503]  new_slab+0x247/0x330
[  201.625942][ T6503]  ___slab_alloc+0xcf2/0x1740
[  201.630627][ T6503]  __slab_alloc.constprop.0+0x56/0xb0
[  201.636014][ T6503]  kmem_cache_alloc_noprof+0xef/0x3b0
[  201.641399][ T6503]  xfrm_state_alloc+0x23/0x5c0
[  201.646172][ T6503]  __find_acq_core+0xb59/0x2900
[  201.651024][ T6503]  xfrm_find_acq+0x7b/0xa0
[  201.655436][ T6503]  pfkey_getspi+0xa62/0xeb0
[  201.659953][ T6503]  pfkey_process+0x6dc/0x840
[  201.664546][ T6503]  pfkey_sendmsg+0x435/0x850
[  201.669138][ T6503]  ____sys_sendmsg+0xa98/0xc70
[  201.673909][ T6503]  ___sys_sendmsg+0x134/0x1d0
[  201.678583][ T6503] page last free pid 6222 tgid 6219 stack trace:
[  201.684902][ T6503]  __free_frozen_pages+0x7d5/0x10f0
[  201.690111][ T6503]  qlist_free_all+0x4d/0x120
[  201.694718][ T6503]  kasan_quarantine_reduce+0x195/0x1e0
[  201.700191][ T6503]  __kasan_slab_alloc+0x69/0x90
[  201.705098][ T6503]  __kmalloc_cache_noprof+0x1f1/0x3e0
[  201.710509][ T6503]  bpf_int_jit_compile+0x12bc/0x1830
[  201.715792][ T6503]  bpf_prog_select_runtime+0x32a/0x4c0
[  201.721256][ T6503]  bpf_prog_load+0xe75/0x2490
[  201.725933][ T6503]  __sys_bpf+0x4a3f/0x4de0
[  201.730354][ T6503]  __x64_sys_bpf+0x78/0xc0
[  201.734776][ T6503]  do_syscall_64+0xcd/0x4c0
[  201.739281][ T6503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.745176][ T6503] 
[  201.747485][ T6503] Memory state around the buggy address:
[  201.753107][ T6503]  ffff8880280c0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  201.761425][ T6503]  ffff8880280c0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  201.769482][ T6503] >ffff8880280c0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  201.777532][ T6503]                                            ^
[  201.783676][ T6503]  ffff8880280c0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  201.791732][ T6503]  ffff8880280c0200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  201.799782][ T6503] ==================================================================
[  201.819393][ T6503] ==================================================================
[  201.827490][ T6503] BUG: KASAN: slab-use-after-free in xfrm_state_find+0x7356/0x84c0
[  201.835402][ T6503] Read of size 4 at addr ffff8880280c00c4 by task syz.0.121/6503
[  201.843118][ T6503] 
[  201.845441][ T6503] CPU: 1 UID: 0 PID: 6503 Comm: syz.0.121 Tainted: G    B               6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) 
[  201.845490][ T6503] Tainted: [B]=BAD_PAGE
[  201.845502][ T6503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  201.845521][ T6503] Call Trace:
[  201.845533][ T6503]  <TASK>
[  201.845545][ T6503]  dump_stack_lvl+0x116/0x1f0
[  201.845584][ T6503]  print_report+0xcd/0x630
[  201.845620][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.845660][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.845699][ T6503]  ? __phys_addr+0xe8/0x180
[  201.845744][ T6503]  ? xfrm_state_find+0x7356/0x84c0
[  201.845776][ T6503]  kasan_report+0xe0/0x110
[  201.845806][ T6503]  ? xfrm_state_find+0x7356/0x84c0
[  201.845843][ T6503]  xfrm_state_find+0x7356/0x84c0
[  201.845875][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.845914][ T6503]  ? arch_stack_walk+0xa6/0x100
[  201.845963][ T6503]  ? __pfx_xfrm_state_find+0x10/0x10
[  201.845996][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.846037][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.846079][ T6503]  ? rcu_is_watching+0x12/0xc0
[  201.846120][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.846162][ T6503]  ? lock_release+0x201/0x2f0
[  201.846212][ T6503]  ? bpf_ksym_find+0x124/0x1c0
[  201.846253][ T6503]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  201.846304][ T6503]  xfrm_resolve_and_create_bundle+0x4cd/0x3740
[  201.846359][ T6503]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[  201.846398][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.846437][ T6503]  ? trace_irq_enable.constprop.0+0xd4/0x120
[  201.846476][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.846515][ T6503]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  201.846570][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.846614][ T6503]  ? ref_tracker_alloc+0x305/0x5b0
[  201.846657][ T6503]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  201.846698][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.846737][ T6503]  ? rcu_is_watching+0x12/0xc0
[  201.846778][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.846829][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.846869][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.846908][ T6503]  ? dst_alloc+0xc0/0x1a0
[  201.846957][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.846996][ T6503]  ? xfrm_expand_policies.constprop.0+0x252/0x6a0
[  201.847042][ T6503]  xfrm_lookup_with_ifid+0x2a0/0x1e40
[  201.847083][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.847123][ T6503]  ? __entry_text_end+0xfdfb7/0x1020b9
[  201.847163][ T6503]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[  201.847206][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.847245][ T6503]  ? ip_route_output_key_hash+0x16b/0x2e0
[  201.847298][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.847343][ T6503]  xfrm_lookup_route+0x3b/0x200
[  201.847385][ T6503]  ip_route_output_flow+0x11e/0x150
[  201.847436][ T6503]  udp_sendmsg+0x1af9/0x2870
[  201.847476][ T6503]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  201.847516][ T6503]  ? __pfx_udp_sendmsg+0x10/0x10
[  201.847553][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.847602][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.847644][ T6503]  ? __lock_acquire+0xb97/0x1ce0
[  201.847698][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.847736][ T6503]  ? aa_sk_perm+0x2f4/0xb10
[  201.847776][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.847818][ T6503]  ? __pfx_udp_sendmsg+0x10/0x10
[  201.847857][ T6503]  inet_sendmsg+0x105/0x140
[  201.847905][ T6503]  ____sys_sendmsg+0x973/0xc70
[  201.847948][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.847987][ T6503]  ? copy_msghdr_from_user+0x10a/0x160
[  201.848019][ T6503]  ? __pfx_____sys_sendmsg+0x10/0x10
[  201.848064][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.848103][ T6503]  ? kfree+0x24f/0x4d0
[  201.848144][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.848187][ T6503]  ___sys_sendmsg+0x134/0x1d0
[  201.848220][ T6503]  ? __pfx____sys_sendmsg+0x10/0x10
[  201.848261][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.848300][ T6503]  ? find_held_lock+0x2b/0x80
[  201.848346][ T6503]  ? __pfx___might_resched+0x10/0x10
[  201.848391][ T6503]  __sys_sendmmsg+0x200/0x420
[  201.848426][ T6503]  ? __pfx___sys_sendmmsg+0x10/0x10
[  201.848465][ T6503]  ? __pfx_do_futex+0x10/0x10
[  201.848515][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.848565][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.848607][ T6503]  ? xfd_validate_state+0x61/0x180
[  201.848659][ T6503]  ? __sys_setsockopt+0x1c0/0x230
[  201.848691][ T6503]  __x64_sys_sendmmsg+0x9c/0x100
[  201.848724][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  201.848763][ T6503]  ? lockdep_hardirqs_on+0x7c/0x110
[  201.848796][ T6503]  do_syscall_64+0xcd/0x4c0
[  201.848834][ T6503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.848867][ T6503] RIP: 0033:0x7f8debf8eb69
[  201.848892][ T6503] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  201.848923][ T6503] RSP: 002b:00007f8de9db4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  201.848954][ T6503] RAX: ffffffffffffffda RBX: 00007f8dec1b6160 RCX: 00007f8debf8eb69
[  201.848975][ T6503] RDX: 0400000000000077 RSI: 0000200000000180 RDI: 0000000000000006
[  201.848996][ T6503] RBP: 00007f8dec011df1 R08: 0000000000000000 R09: 0000000000000000
[  201.849016][ T6503] R10: 0000000000007600 R11: 0000000000000246 R12: 0000000000000000
[  201.849036][ T6503] R13: 0000000000000000 R14: 00007f8dec1b6160 R15: 00007ffd3651e048
[  201.849067][ T6503]  </TASK>
[  201.849078][ T6503] 
[  202.379858][ T6503] Allocated by task 6222:
[  202.384177][ T6503]  kasan_save_stack+0x33/0x60
[  202.388874][ T6503]  kasan_save_track+0x14/0x30
[  202.393568][ T6503]  __kasan_slab_alloc+0x89/0x90
[  202.398439][ T6503]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[  202.403914][ T6503]  xfrm_state_alloc+0x23/0x5c0
[  202.408693][ T6503]  __find_acq_core+0xb59/0x2900
[  202.413539][ T6503]  xfrm_find_acq+0x7b/0xa0
[  202.417957][ T6503]  pfkey_getspi+0xa62/0xeb0
[  202.422472][ T6503]  pfkey_process+0x6dc/0x840
[  202.427067][ T6503]  pfkey_sendmsg+0x435/0x850
[  202.431658][ T6503]  ____sys_sendmsg+0xa98/0xc70
[  202.436431][ T6503]  ___sys_sendmsg+0x134/0x1d0
[  202.441103][ T6503]  __sys_sendmsg+0x16d/0x220
[  202.445690][ T6503]  do_syscall_64+0xcd/0x4c0
[  202.450196][ T6503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.456088][ T6503] 
[  202.458394][ T6503] Freed by task 5943:
[  202.462356][ T6503]  kasan_save_stack+0x33/0x60
[  202.467047][ T6503]  kasan_save_track+0x14/0x30
[  202.471739][ T6503]  kasan_save_free_info+0x3b/0x60
[  202.476772][ T6503]  __kasan_slab_free+0x51/0x70
[  202.481554][ T6503]  kmem_cache_free+0x2d1/0x4d0
[  202.486334][ T6503]  xfrm_state_gc_task+0x50a/0x770
[  202.491357][ T6503]  process_one_work+0x9cf/0x1b70
[  202.496292][ T6503]  worker_thread+0x6c8/0xf10
[  202.500883][ T6503]  kthread+0x3c5/0x780
[  202.504946][ T6503]  ret_from_fork+0x5d7/0x6f0
[  202.509529][ T6503]  ret_from_fork_asm+0x1a/0x30
[  202.514298][ T6503] 
[  202.516624][ T6503] The buggy address belongs to the object at ffff8880280c0000
[  202.516624][ T6503]  which belongs to the cache xfrm_state of size 928
[  202.530592][ T6503] The buggy address is located 196 bytes inside of
[  202.530592][ T6503]  freed 928-byte region [ffff8880280c0000, ffff8880280c03a0)
[  202.544403][ T6503] 
[  202.546714][ T6503] The buggy address belongs to the physical page:
[  202.553107][ T6503] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x280c0
[  202.561862][ T6503] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  202.570356][ T6503] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  202.577898][ T6503] page_type: f5(slab)
[  202.581878][ T6503] raw: 00fff00000000040 ffff888145e883c0 dead000000000122 0000000000000000
[  202.590459][ T6503] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[  202.599040][ T6503] head: 00fff00000000040 ffff888145e883c0 dead000000000122 0000000000000000
[  202.607713][ T6503] head: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[  202.616386][ T6503] head: 00fff00000000002 ffffea0000a03001 00000000ffffffff 00000000ffffffff
[  202.625061][ T6503] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  202.633724][ T6503] page dumped because: kasan: bad access detected
[  202.640126][ T6503] page_owner tracks the page as allocated
[  202.645825][ T6503] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6222, tgid 6219 (syz.0.53), ts 149415408527, free_ts 149336029428
[  202.664966][ T6503]  post_alloc_hook+0x1c0/0x230
[  202.669751][ T6503]  get_page_from_freelist+0x132b/0x38e0
[  202.675316][ T6503]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  202.681230][ T6503]  alloc_pages_mpol+0x1fb/0x550
[  202.686080][ T6503]  new_slab+0x247/0x330
[  202.690241][ T6503]  ___slab_alloc+0xcf2/0x1740
[  202.694926][ T6503]  __slab_alloc.constprop.0+0x56/0xb0
[  202.700308][ T6503]  kmem_cache_alloc_noprof+0xef/0x3b0
[  202.705697][ T6503]  xfrm_state_alloc+0x23/0x5c0
[  202.710470][ T6503]  __find_acq_core+0xb59/0x2900
[  202.715315][ T6503]  xfrm_find_acq+0x7b/0xa0
[  202.719727][ T6503]  pfkey_getspi+0xa62/0xeb0
[  202.724235][ T6503]  pfkey_process+0x6dc/0x840
[  202.728831][ T6503]  pfkey_sendmsg+0x435/0x850
[  202.733424][ T6503]  ____sys_sendmsg+0xa98/0xc70
[  202.738197][ T6503]  ___sys_sendmsg+0x134/0x1d0
[  202.742872][ T6503] page last free pid 6222 tgid 6219 stack trace:
[  202.749182][ T6503]  __free_frozen_pages+0x7d5/0x10f0
[  202.754389][ T6503]  qlist_free_all+0x4d/0x120
[  202.758993][ T6503]  kasan_quarantine_reduce+0x195/0x1e0
[  202.764468][ T6503]  __kasan_slab_alloc+0x69/0x90
[  202.769337][ T6503]  __kmalloc_cache_noprof+0x1f1/0x3e0
[  202.774720][ T6503]  bpf_int_jit_compile+0x12bc/0x1830
[  202.780004][ T6503]  bpf_prog_select_runtime+0x32a/0x4c0
[  202.785467][ T6503]  bpf_prog_load+0xe75/0x2490
[  202.790142][ T6503]  __sys_bpf+0x4a3f/0x4de0
[  202.794558][ T6503]  __x64_sys_bpf+0x78/0xc0
[  202.798980][ T6503]  do_syscall_64+0xcd/0x4c0
[  202.803485][ T6503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.809375][ T6503] 
[  202.811681][ T6503] Memory state around the buggy address:
[  202.817296][ T6503]  ffff8880280bff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  202.825355][ T6503]  ffff8880280c0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  202.833413][ T6503] >ffff8880280c0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  202.841461][ T6503]                                            ^
[  202.847602][ T6503]  ffff8880280c0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  202.855654][ T6503]  ffff8880280c0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  202.863707][ T6503] ==================================================================
[  202.924151][ T6503] ==================================================================
[  202.932242][ T6503] BUG: KASAN: slab-use-after-free in xfrm_state_find+0x7c3d/0x84c0
[  202.940143][ T6503] Read of size 8 at addr ffff8880280c0028 by task syz.0.121/6503
[  202.947855][ T6503] 
[  202.950173][ T6503] CPU: 1 UID: 0 PID: 6503 Comm: syz.0.121 Tainted: G    B               6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) 
[  202.950223][ T6503] Tainted: [B]=BAD_PAGE
[  202.950234][ T6503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  202.950253][ T6503] Call Trace:
[  202.950265][ T6503]  <TASK>
[  202.950278][ T6503]  dump_stack_lvl+0x116/0x1f0
[  202.950315][ T6503]  print_report+0xcd/0x630
[  202.950345][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.950385][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.950424][ T6503]  ? __phys_addr+0xe8/0x180
[  202.950469][ T6503]  ? xfrm_state_find+0x7c3d/0x84c0
[  202.950501][ T6503]  kasan_report+0xe0/0x110
[  202.950531][ T6503]  ? xfrm_state_find+0x7c3d/0x84c0
[  202.950568][ T6503]  xfrm_state_find+0x7c3d/0x84c0
[  202.950606][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.950645][ T6503]  ? arch_stack_walk+0xa6/0x100
[  202.950695][ T6503]  ? __pfx_xfrm_state_find+0x10/0x10
[  202.950727][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.950769][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.950811][ T6503]  ? rcu_is_watching+0x12/0xc0
[  202.950852][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.950893][ T6503]  ? lock_release+0x201/0x2f0
[  202.950943][ T6503]  ? bpf_ksym_find+0x124/0x1c0
[  202.950985][ T6503]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  202.951035][ T6503]  xfrm_resolve_and_create_bundle+0x4cd/0x3740
[  202.951090][ T6503]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[  202.951129][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.951168][ T6503]  ? trace_irq_enable.constprop.0+0xd4/0x120
[  202.951207][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.951246][ T6503]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  202.951301][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.951339][ T6503]  ? ref_tracker_alloc+0x305/0x5b0
[  202.951382][ T6503]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  202.951423][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.951462][ T6503]  ? rcu_is_watching+0x12/0xc0
[  202.951503][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.951553][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.951593][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.951635][ T6503]  ? dst_alloc+0xc0/0x1a0
[  202.951684][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.951723][ T6503]  ? xfrm_expand_policies.constprop.0+0x252/0x6a0
[  202.951769][ T6503]  xfrm_lookup_with_ifid+0x2a0/0x1e40
[  202.951809][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.951850][ T6503]  ? __entry_text_end+0xfdfb7/0x1020b9
[  202.951890][ T6503]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[  202.951933][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.951972][ T6503]  ? ip_route_output_key_hash+0x16b/0x2e0
[  202.952024][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.952069][ T6503]  xfrm_lookup_route+0x3b/0x200
[  202.952111][ T6503]  ip_route_output_flow+0x11e/0x150
[  202.952163][ T6503]  udp_sendmsg+0x1af9/0x2870
[  202.952203][ T6503]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  202.952242][ T6503]  ? __pfx_udp_sendmsg+0x10/0x10
[  202.952279][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.952325][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.952367][ T6503]  ? __lock_acquire+0xb97/0x1ce0
[  202.952420][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.952459][ T6503]  ? aa_sk_perm+0x2f4/0xb10
[  202.952499][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.952541][ T6503]  ? __pfx_udp_sendmsg+0x10/0x10
[  202.952579][ T6503]  inet_sendmsg+0x105/0x140
[  202.952632][ T6503]  ____sys_sendmsg+0x973/0xc70
[  202.952675][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.952714][ T6503]  ? copy_msghdr_from_user+0x10a/0x160
[  202.952747][ T6503]  ? __pfx_____sys_sendmsg+0x10/0x10
[  202.952792][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.952831][ T6503]  ? kfree+0x24f/0x4d0
[  202.952872][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.952915][ T6503]  ___sys_sendmsg+0x134/0x1d0
[  202.952948][ T6503]  ? __pfx____sys_sendmsg+0x10/0x10
[  202.952989][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.953028][ T6503]  ? find_held_lock+0x2b/0x80
[  202.953074][ T6503]  ? __pfx___might_resched+0x10/0x10
[  202.953119][ T6503]  __sys_sendmmsg+0x200/0x420
[  202.953154][ T6503]  ? __pfx___sys_sendmmsg+0x10/0x10
[  202.953193][ T6503]  ? __pfx_do_futex+0x10/0x10
[  202.953243][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.953292][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.953331][ T6503]  ? xfd_validate_state+0x61/0x180
[  202.953383][ T6503]  ? __sys_setsockopt+0x1c0/0x230
[  202.953416][ T6503]  __x64_sys_sendmmsg+0x9c/0x100
[  202.953448][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  202.953487][ T6503]  ? lockdep_hardirqs_on+0x7c/0x110
[  202.953520][ T6503]  do_syscall_64+0xcd/0x4c0
[  202.953558][ T6503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.953591][ T6503] RIP: 0033:0x7f8debf8eb69
[  202.953621][ T6503] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  202.953653][ T6503] RSP: 002b:00007f8de9db4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  202.953683][ T6503] RAX: ffffffffffffffda RBX: 00007f8dec1b6160 RCX: 00007f8debf8eb69
[  202.953705][ T6503] RDX: 0400000000000077 RSI: 0000200000000180 RDI: 0000000000000006
[  202.953726][ T6503] RBP: 00007f8dec011df1 R08: 0000000000000000 R09: 0000000000000000
[  202.953746][ T6503] R10: 0000000000007600 R11: 0000000000000246 R12: 0000000000000000
[  202.953766][ T6503] R13: 0000000000000000 R14: 00007f8dec1b6160 R15: 00007ffd3651e048
[  202.953797][ T6503]  </TASK>
[  202.953808][ T6503] 
[  203.484614][ T6503] Allocated by task 6222:
[  203.488931][ T6503]  kasan_save_stack+0x33/0x60
[  203.493628][ T6503]  kasan_save_track+0x14/0x30
[  203.498321][ T6503]  __kasan_slab_alloc+0x89/0x90
[  203.503186][ T6503]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[  203.508662][ T6503]  xfrm_state_alloc+0x23/0x5c0
[  203.513435][ T6503]  __find_acq_core+0xb59/0x2900
[  203.518282][ T6503]  xfrm_find_acq+0x7b/0xa0
[  203.522692][ T6503]  pfkey_getspi+0xa62/0xeb0
[  203.527199][ T6503]  pfkey_process+0x6dc/0x840
[  203.531790][ T6503]  pfkey_sendmsg+0x435/0x850
[  203.536383][ T6503]  ____sys_sendmsg+0xa98/0xc70
[  203.541153][ T6503]  ___sys_sendmsg+0x134/0x1d0
[  203.545826][ T6503]  __sys_sendmsg+0x16d/0x220
[  203.550414][ T6503]  do_syscall_64+0xcd/0x4c0
[  203.554919][ T6503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  203.560808][ T6503] 
[  203.563115][ T6503] Freed by task 5943:
[  203.567076][ T6503]  kasan_save_stack+0x33/0x60
[  203.571768][ T6503]  kasan_save_track+0x14/0x30
[  203.576459][ T6503]  kasan_save_free_info+0x3b/0x60
[  203.581506][ T6503]  __kasan_slab_free+0x51/0x70
[  203.586288][ T6503]  kmem_cache_free+0x2d1/0x4d0
[  203.591087][ T6503]  xfrm_state_gc_task+0x50a/0x770
[  203.596109][ T6503]  process_one_work+0x9cf/0x1b70
[  203.601045][ T6503]  worker_thread+0x6c8/0xf10
[  203.605638][ T6503]  kthread+0x3c5/0x780
[  203.609700][ T6503]  ret_from_fork+0x5d7/0x6f0
[  203.614286][ T6503]  ret_from_fork_asm+0x1a/0x30
[  203.619055][ T6503] 
[  203.621362][ T6503] The buggy address belongs to the object at ffff8880280c0000
[  203.621362][ T6503]  which belongs to the cache xfrm_state of size 928
[  203.635322][ T6503] The buggy address is located 40 bytes inside of
[  203.635322][ T6503]  freed 928-byte region [ffff8880280c0000, ffff8880280c03a0)
[  203.649044][ T6503] 
[  203.651371][ T6503] The buggy address belongs to the physical page:
[  203.657773][ T6503] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x280c0
[  203.666534][ T6503] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  203.675036][ T6503] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  203.682584][ T6503] page_type: f5(slab)
[  203.686566][ T6503] raw: 00fff00000000040 ffff888145e883c0 dead000000000122 0000000000000000
[  203.695150][ T6503] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[  203.703770][ T6503] head: 00fff00000000040 ffff888145e883c0 dead000000000122 0000000000000000
[  203.712444][ T6503] head: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[  203.721115][ T6503] head: 00fff00000000002 ffffea0000a03001 00000000ffffffff 00000000ffffffff
[  203.729786][ T6503] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  203.738443][ T6503] page dumped because: kasan: bad access detected
[  203.744844][ T6503] page_owner tracks the page as allocated
[  203.750547][ T6503] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6222, tgid 6219 (syz.0.53), ts 149415408527, free_ts 149336029428
[  203.769671][ T6503]  post_alloc_hook+0x1c0/0x230
[  203.774455][ T6503]  get_page_from_freelist+0x132b/0x38e0
[  203.780020][ T6503]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  203.785943][ T6503]  alloc_pages_mpol+0x1fb/0x550
[  203.790791][ T6503]  new_slab+0x247/0x330
[  203.794952][ T6503]  ___slab_alloc+0xcf2/0x1740
[  203.799634][ T6503]  __slab_alloc.constprop.0+0x56/0xb0
[  203.805015][ T6503]  kmem_cache_alloc_noprof+0xef/0x3b0
[  203.810401][ T6503]  xfrm_state_alloc+0x23/0x5c0
[  203.815176][ T6503]  __find_acq_core+0xb59/0x2900
[  203.820022][ T6503]  xfrm_find_acq+0x7b/0xa0
[  203.824435][ T6503]  pfkey_getspi+0xa62/0xeb0
[  203.828943][ T6503]  pfkey_process+0x6dc/0x840
[  203.833539][ T6503]  pfkey_sendmsg+0x435/0x850
[  203.838166][ T6503]  ____sys_sendmsg+0xa98/0xc70
[  203.842938][ T6503]  ___sys_sendmsg+0x134/0x1d0
[  203.847611][ T6503] page last free pid 6222 tgid 6219 stack trace:
[  203.853924][ T6503]  __free_frozen_pages+0x7d5/0x10f0
[  203.859135][ T6503]  qlist_free_all+0x4d/0x120
[  203.863737][ T6503]  kasan_quarantine_reduce+0x195/0x1e0
[  203.869212][ T6503]  __kasan_slab_alloc+0x69/0x90
[  203.874079][ T6503]  __kmalloc_cache_noprof+0x1f1/0x3e0
[  203.879461][ T6503]  bpf_int_jit_compile+0x12bc/0x1830
[  203.884745][ T6503]  bpf_prog_select_runtime+0x32a/0x4c0
[  203.890209][ T6503]  bpf_prog_load+0xe75/0x2490
[  203.894889][ T6503]  __sys_bpf+0x4a3f/0x4de0
[  203.899309][ T6503]  __x64_sys_bpf+0x78/0xc0
[  203.903739][ T6503]  do_syscall_64+0xcd/0x4c0
[  203.908245][ T6503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  203.914138][ T6503] 
[  203.916446][ T6503] Memory state around the buggy address:
[  203.922064][ T6503]  ffff8880280bff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  203.930124][ T6503]  ffff8880280bff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  203.938187][ T6503] >ffff8880280c0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  203.946237][ T6503]                                   ^
[  203.951596][ T6503]  ffff8880280c0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  203.959650][ T6503]  ffff8880280c0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  203.967702][ T6503] ==================================================================
[  204.001782][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  204.009017][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  204.142013][ T6503] ==================================================================
[  204.150109][ T6503] BUG: KASAN: slab-use-after-free in xfrm_state_find+0x7401/0x84c0
[  204.158012][ T6503] Read of size 1 at addr ffff8880280c0330 by task syz.0.121/6503
[  204.165725][ T6503] 
[  204.168055][ T6503] CPU: 1 UID: 0 PID: 6503 Comm: syz.0.121 Tainted: G    B               6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) 
[  204.168105][ T6503] Tainted: [B]=BAD_PAGE
[  204.168117][ T6503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  204.168137][ T6503] Call Trace:
[  204.168147][ T6503]  <TASK>
[  204.168159][ T6503]  dump_stack_lvl+0x116/0x1f0
[  204.168196][ T6503]  print_report+0xcd/0x630
[  204.168226][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  204.168266][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  204.168305][ T6503]  ? __phys_addr+0xe8/0x180
[  204.168351][ T6503]  ? xfrm_state_find+0x7401/0x84c0
[  204.168383][ T6503]  kasan_report+0xe0/0x110
[  204.168413][ T6503]  ? xfrm_state_find+0x7401/0x84c0
[  204.168451][ T6503]  xfrm_state_find+0x7401/0x84c0
[  204.168482][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  204.168522][ T6503]  ? arch_stack_walk+0xa6/0x100
[  204.168571][ T6503]  ? __pfx_xfrm_state_find+0x10/0x10
[  204.168605][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  204.168651][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  204.168693][ T6503]  ? rcu_is_watching+0x12/0xc0
[  204.168734][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  204.168776][ T6503]  ? lock_release+0x201/0x2f0
[  204.168827][ T6503]  ? bpf_ksym_find+0x124/0x1c0
[  204.168867][ T6503]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  204.168918][ T6503]  xfrm_resolve_and_create_bundle+0x4cd/0x3740
[  204.168973][ T6503]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[  204.169013][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  204.169052][ T6503]  ? trace_irq_enable.constprop.0+0xd4/0x120
[  204.169092][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  204.169131][ T6503]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  204.169186][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  204.169226][ T6503]  ? ref_tracker_alloc+0x305/0x5b0
[  204.169269][ T6503]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  204.169310][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  204.169349][ T6503]  ? rcu_is_watching+0x12/0xc0
[  204.169390][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  204.169441][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  204.169481][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  204.169520][ T6503]  ? dst_alloc+0xc0/0x1a0
[  204.169568][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  204.169608][ T6503]  ? xfrm_expand_policies.constprop.0+0x252/0x6a0
[  204.169658][ T6503]  xfrm_lookup_with_ifid+0x2a0/0x1e40
[  204.169699][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  204.169740][ T6503]  ? __entry_text_end+0xfdfb7/0x1020b9
[  204.169780][ T6503]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[  204.169824][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  204.169863][ T6503]  ? ip_route_output_key_hash+0x16b/0x2e0
[  204.169920][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  204.169966][ T6503]  xfrm_lookup_route+0x3b/0x200
[  204.170008][ T6503]  ip_route_output_flow+0x11e/0x150
[  204.170060][ T6503]  udp_sendmsg+0x1af9/0x2870
[  204.170100][ T6503]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  204.170140][ T6503]  ? __pfx_udp_sendmsg+0x10/0x10
[  204.170177][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  204.170223][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  204.170266][ T6503]  ? __lock_acquire+0xb97/0x1ce0
[  204.170319][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  204.170358][ T6503]  ? aa_sk_perm+0x2f4/0xb10
[  204.170399][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  204.170442][ T6503]  ? __pfx_udp_sendmsg+0x10/0x10
[  204.170480][ T6503]  inet_sendmsg+0x105/0x140
[  204.170528][ T6503]  ____sys_sendmsg+0x973/0xc70
[  204.170570][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  204.170610][ T6503]  ? copy_msghdr_from_user+0x10a/0x160
[  204.170647][ T6503]  ? __pfx_____sys_sendmsg+0x10/0x10
[  204.170693][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  204.170731][ T6503]  ? kfree+0x24f/0x4d0
[  204.170772][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  204.170816][ T6503]  ___sys_sendmsg+0x134/0x1d0
[  204.170849][ T6503]  ? __pfx____sys_sendmsg+0x10/0x10
[  204.170891][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  204.170931][ T6503]  ? find_held_lock+0x2b/0x80
[  204.170977][ T6503]  ? __pfx___might_resched+0x10/0x10
[  204.171022][ T6503]  __sys_sendmmsg+0x200/0x420
[  204.171058][ T6503]  ? __pfx___sys_sendmmsg+0x10/0x10
[  204.171098][ T6503]  ? __pfx_do_futex+0x10/0x10
[  204.171148][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  204.171198][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  204.171237][ T6503]  ? xfd_validate_state+0x61/0x180
[  204.171288][ T6503]  ? __sys_setsockopt+0x1c0/0x230
[  204.171322][ T6503]  __x64_sys_sendmmsg+0x9c/0x100
[  204.171355][ T6503]  ? srso_alias_return_thunk+0x5/0xfbef5
[  204.171394][ T6503]  ? lockdep_hardirqs_on+0x7c/0x110
[  204.171428][ T6503]  do_syscall_64+0xcd/0x4c0
[  204.171466][ T6503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  204.171499][ T6503] RIP: 0033:0x7f8debf8eb69
[  204.171524][ T6503] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  204.171556][ T6503] RSP: 002b:00007f8de9db4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  204.171587][ T6503] RAX: ffffffffffffffda RBX: 00007f8dec1b6160 RCX: 00007f8debf8eb69
[  204.171609][ T6503] RDX: 0400000000000077 RSI: 0000200000000180 RDI: 0000000000000006
[  204.171636][ T6503] RBP: 00007f8dec011df1 R08: 0000000000000000 R09: 0000000000000000
[  204.171656][ T6503] R10: 0000000000007600 R11: 0000000000000246 R12: 0000000000000000