last executing test programs: 1.959122199s ago: executing program 3 (id=44): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = socket$vsock_stream(0x28, 0x1, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000400)='dctcp\x00', 0x6) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg(r2, 0x0, 0x0, 0x1) syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) r3 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x8, 0x3, 0x3f8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x328, 0xffffffff, 0xffffffff, 0x328, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [0x0, 0x0, 0xff000000], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd8}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{0x0, 0x5, 0x7}, {0xffffffffffffffff, 0x5, 0x4}, 0x9, 0x200}}}, {{@ipv6={@loopback, @ipv4={'\x00', '\xff\xff', @multicast1}, [], [], 'bridge_slave_0\x00', 'gre0\x00'}, 0x0, 0x228, 0x250, 0x0, {}, [@common=@inet=@socket3={{0x28}, 0x6}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x47, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x458) r4 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r4, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0) connect$vsock_stream(r1, &(0x7f0000000500)={0x28, 0x0, 0x0, @my=0x1}, 0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000340)={@map=r5, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$xdp(0x2c, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x4, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x8, 0x0, 0x9, 0xfffffffffffffffd, 0x81, 0x7fffffff, 0x100000000}, 0x0, 0x0) 1.119586262s ago: executing program 3 (id=89): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, 0x0, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0xb8, r1, 0x205, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x4a, 0xe, {{{}, {}, @device_b, @broadcast, @from_mac=@device_b}, 0x0, @default, 0x5d7f, @void, @void, @val={0x3, 0x1, 0xb8}, @void, @void, @void, @void, @val={0x2a, 0x1, {0x0, 0x1}}, @void, @val={0x2d, 0x1a, {0x80, 0x1, 0x6, 0x0, {0x2, 0xc9, 0x0, 0x7, 0x0, 0x1, 0x0, 0x2, 0x1}, 0x8, 0xb, 0x4}}, @void, @void, @void}}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, "a8"}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0x9}, @beacon=[@NL80211_ATTR_IE={0x1e, 0x2a, [@link_id={0x65, 0x12}, @ext_channel_switch={0x3c, 0x4, {0x0, 0x2, 0xaf, 0xdc}}]}]]}, 0xb8}}, 0x0) 1.051612993s ago: executing program 3 (id=94): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000012c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010100000000fbdbdf252b00000008000300", @ANYRES32=r2, @ANYBLOB="04004600050034006e000000080026006c090000240051802000008005000900020000000900019c22a06c891400000005000300"], 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x4800) 980.212545ms ago: executing program 3 (id=99): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001ac0), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_DEL_KEY(r2, &(0x7f0000005bc0)={0x0, 0x0, &(0x7f0000005b80)={&(0x7f00000001c0)={0x28, r1, 0x1, 0x70bd24, 0x25dfdbff, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000044) 968.000475ms ago: executing program 3 (id=101): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_AUTHENTICATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000b00)={0x54, r1, 0x1, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_MAC={0xa, 0x6, @random="3c4768456acc"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @key_params=[@NL80211_ATTR_KEY={0x10, 0x50, 0x0, 0x1, [@NL80211_KEY_DEFAULT={0x4}, @NL80211_KEY_IDX={0x5, 0x2, 0x3}]}]]}, 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x40) 961.107175ms ago: executing program 1 (id=102): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wlan0\x00', &(0x7f0000000080)=@ethtool_rxfh_indir={0x38}}) 905.104126ms ago: executing program 1 (id=104): socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x12, 0x9, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r1, &(0x7f0000000200)="22a263"}, 0x20) 848.747317ms ago: executing program 3 (id=109): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) getsockopt$TIPC_SOCK_RECVQ_DEPTH(r0, 0x10f, 0x84, &(0x7f0000000280), &(0x7f00000002c0)=0x4) 848.480817ms ago: executing program 1 (id=110): openat$tun(0xffffffffffffff9c, 0x0, 0x20000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000740)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000180)={0x50, r1, 0x1, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x32, 0x33, @action={{{0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1}, {0x7}, @broadcast, @device_b, @from_mac=@broadcast, {0x2}, @value=@ver_80211n={0x0, 0x2, 0x2, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}}, @channel_switch={0x0, 0x4, {{0x25, 0x3, {0x0, 0xb4}}, @val={0x3e, 0x1, 0x1}, @val={0x76, 0x6, {0x70, 0xa, 0x27, 0xfff9}}}}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000004}, 0x44050) 846.003757ms ago: executing program 1 (id=114): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000100000500010001"], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="240000000104050000000000000000000700000006000640fbff00000500010002"], 0x24}}, 0x2000004) 830.761857ms ago: executing program 1 (id=115): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xffffffffffffffb1) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r1}, 0x18) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r2, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r2, 0x28, 0x1, &(0x7f0000000100)=0xfffffffffffffffe, 0x112) 756.056738ms ago: executing program 1 (id=119): socket$inet6_udp(0xa, 0x2, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$int_in(r0, 0x5452, &(0x7f0000000040)=0xf51) readv(r0, &(0x7f0000000340)=[{&(0x7f0000000080)=""/107, 0x6b}], 0x1) sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000140)="2aa229111272ff", 0x7}, {&(0x7f0000000200)="3cc5c48b32b27a215ed6734667e778fd5e31bd2a645c1ad3521f8bb3347afdda1150f0871a3dc29260bd8c43222471588c75a894d31eb4e0a8b9439adf553dd6c343aa6a7cb47d37bfcc1b89ff13a3e68d9ec5751948ea50e29915258db6597fa5c3ed168fe9704d5ecced81fd9dc1400a7b749d9495e6e621", 0x79}], 0x2}, 0x24044014) 672.65638ms ago: executing program 4 (id=123): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x3c, r0, 0x801, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP40={0x9, 0x1, "5d7a000600"}, @NL80211_KEY_IDX={0x5, 0x2, 0x5}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac0c}]}]}, 0x3c}}, 0x0) 658.348559ms ago: executing program 4 (id=125): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000a40)=ANY=[@ANYRES32=r3, @ANYRES32=r2, @ANYBLOB='\a'], 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r3, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r1}, 0x20) sendmsg$IPCTNL_MSG_EXP_DELETE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[], 0xc3ff}}, 0x0) syz_emit_ethernet(0x66, &(0x7f0000000380)={@local, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000300", 0x30, 0x3a, 0x0, @private0, @mcast2, {[], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "4aa198", 0x0, 0x3c, 0x0, @remote, @empty}}}}}}}, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x14, 0x0, 0x9, 0x401, 0x0, 0x0, {0x1}}, 0x14}}, 0x4000) 572.713121ms ago: executing program 4 (id=127): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f00000000c0)={0x5, &(0x7f0000000000)=[{0x15, 0x1, 0x3, 0x100000}, {0x60, 0x4}, {}, {0x0, 0x0, 0x0, 0x3}, {0x6, 0x3}]}) 531.257602ms ago: executing program 4 (id=132): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x38}]]}, 0x30}}, 0x0) 483.957503ms ago: executing program 4 (id=136): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001e80)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000480000000820000095000000000000002ba7e1d30c04aa8b3382022ce2a1d97411a0f6b599e83f24a3aa81d36bb7019c13bd23212fb56f040026fbfefc4a056bdc17487902317142fac7e7be168c1886d0d4d94f2f4eb45c652fbc1626cca2a28d67893547db51ee988e6e06c8cedf7ceb9fc40400ae5e4aa74c92c6a51cbf9b0a4def23d410f6accd364158a4591c559f76c0130bfc4e90a6341865c3f5ab3e89cf6c662ed4148d3b3e22278d00031e5388ee5c867de2c6211d6ececb0c18ce74c4dae15cb7947c491b8bea3fd2f73902ebcfcf4982277d9800011b405bbf7b02433a9bcd715f5888b2007f000000001c000000010000000000000600000000309329170ee5b567e70f00c484d339c480f70006a10f58fa64533500000000000000000000000031000000000000001208e75a89faffbfb11b7dc6ea31001e846c12423a169f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d617de7a6520655a80d0900f4d433623c850af895abba14f6fbd7fbad1f98e26ad4deaf1a4f294b2a431ab9142f3a06d54740a4bc5e3abd378af7c9676a08ef74c48785f895b4ec8d1141d5e8744d7f09ab4df6027bf48cabecead649f96ea24d3287a7b01ab84d336f3c0f45a0642d6f2c494160cb7f46ce680eeb80157eb23f9902519ac655fa73103170cbc496d7122034b85e7e87a2db762cbb253fbd76b9117c1a11d18aa2040c5f0c289906000000000000005ffe91ff799a11d9b219c00c369a12bf8685b862d0dbdd956cbda1bae489bcef5ae59136aaadc59609f4d42617c0e6066938b521a0f2e2467a6c435ad5b800262a5da053ced5e95394e500000072737638ac44fb61310e2df511c60b3c88113996a81fb64bce5eb95ce91738640ff7ae6ed6b62086e699955926934389cdf9bcffff3ffd86fe9ce05268bf8a3958f2206cdc7095682c14f10be1075832956762b2dcc6251e7b74cb1da627e332765511c58215bf84d253e8778e6e8ffe4ea50b076446f35efffc806b340658342d2d9e1ef68c6ef3e98407d2fcefb34a0000000000000000895ddbb76122b1222e4da37177fe833e4fcaa67997e92a206ebd085bd9f90008d3fdd528efe6c1dca17f45ba5e8bd3153a0077bb43f8a63dd390d18f0239b41da1a52383a4c6768ca1bb66b8fb3c5000f6f246fd20356a60769b461b6cdf133de073b1df08ae09268b0073bb97d88d741a5546e76caf4b6b1387ff37ec13d262dae0260be74cdf7bb6d3107597430ef5bbd476bb9d69b2aef9f3cb644b4bf01ccf16d40720939daf2af469bdfb361b9c015dd026fd0fffe3c66f5c343afb78a7cfd852f3e05c089887d7df2ff4f9982030019421af6b78ff9c444a17091875cfe4eab0e7f50eb69c860b1613a6b4f5af04f9c635d8d646c89f8b85f820ce7464c731deba39f9ff7b815f7b0acba754c01ed8bf1bba0010a8c6a2b966d861f9dd547abf2e9b23e5607f00f80b58fd76e4bc46c84799aa792cdaeb6cfb858e577dacff607ba513250e13ae696cd6ed7d318190a93b9ee07927efca6b8d1f5980994690bbe002db5146439d906a0d4aef065214b15666cdca81091b69acee2c7ce0821fc19e0891f0b53469f935c5ac420100010000000000fb53faf4420638489e6a1c696d8c414a87b60000000000080000b6be15579518540000bc2d061827ae6349a045b780893771524a424335b9fc34616ee9f09141057262530b7c2f7c9b969938779736ece7b470078ac0b1b4b528000000009866e99948a9096672ec9f3800c2fc35ba6516e542624c47bdba76a816c3a3dd6c3fa87a3ec91df199a9af91a7babf2b8d0e7b77e6dfb4bbc9817847b705000000a1000000000000ab8353f3800f045b90b0eaab6d731199c9447eabbc8c740183aff5389742e47de5000000826a570d14310700cf2ae3366ebdb7f1000000000000333c00e6addbf4c71ffad6bfb5babb49109f92a5a52042c425190a6e3f1a8a3abfe6059da9c952cf35c98ce7616355493d280f2d0be99e18fd0900c769e7eb4edc1c03a33676080000007229e0237c1e34641848531712ff09e89fb062a3e66f4f3c9d7a7fc9aab1ced0ae679733830039cb61ea0691f0b4e0b33194404e643243c3841e1e7fe301f7f47a7f89512d92e83624e3de705bdfbfd0e5e381398e9d5428a00cc8a6d097d97e6ac8bd09b1a5577920a650114a522c1e2dcdc4f606fcbcee91770a9fada34d38cd7976a9228a0a0dd8661be8162e966aac26bea4c11458cd6ce22ddf7054cdd0a60ef3ec000000000000000000425cb75dc7ec92e9a5d29f9c99697d2a98ae0a9f35e4196c3faeb7a690bf897846f6f0f1c163d6075119169d55d10da9ad0e4b2c636d200000009baaf94e2b2c48e70d8453f832eecfb1de2a3f38a5c986de9e37737dac74db251d5e9ea2b8ed39e91a7a17d01b49f7aaff7c4c73c3484bdcab362838ed940035b270a3646ef55b9f070ae14466b3acef9f8b28fb938a237e2e068ae4a6bce4407b54cc14614c2cdf877f000000000000000000000000bdcf23144e6c16b9235552aed83b6428f34d88c258a9ad16386bba51b60838fb11bc193a206b5a25b7233b222e4e68e0d1e88f26b9a45b6c29469530a37ea92aaf421cdcc1f594ecfaff9a79b56f8b380380020000"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x57, 0x10, &(0x7f0000000000), 0xffffffffffffffc9, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000040)=r0, 0x4) syz_emit_ethernet(0xfdef, &(0x7f0000000040)=ANY=[@ANYBLOB="ffffffffffff0000000000000800450000300000000000889078ac1e00"], 0x0) 454.548433ms ago: executing program 4 (id=139): r0 = socket$inet(0x2b, 0x801, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000080)=0x5) poll(&(0x7f0000000140)=[{r0, 0x6040}, {r0, 0x40}], 0x2, 0xfffffdf9) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @remote}, 0x79) accept$inet(r0, &(0x7f0000000100), &(0x7f00000001c0)=0x10) 112.698829ms ago: executing program 2 (id=166): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_BSS(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x34, r2, 0x1, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_P2P_CTWINDOW={0x5, 0xa2, 0x7f}, @NL80211_ATTR_AP_ISOLATE={0x5, 0x60, 0x8d}, @NL80211_ATTR_BSS_SHORT_PREAMBLE={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x40420d0) 111.888109ms ago: executing program 2 (id=168): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x1b, &(0x7f00000006c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x17}}, @printk={@x, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 111.698729ms ago: executing program 0 (id=169): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000, @void, @value}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r0}, 0x10) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) close(r2) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) unshare(0x24060400) bpf$MAP_GET_NEXT_KEY(0x3, 0x0, 0x0) 111.564559ms ago: executing program 2 (id=170): r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7fffffff, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xd}}}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) 109.875768ms ago: executing program 0 (id=171): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=ANY=[@ANYBLOB="b700000010000000790000000000000040020000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x8, 0xb579, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x23) 95.192089ms ago: executing program 0 (id=172): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, 0x0, 0x0) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x20, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NODE={0xc, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0xffffffff}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x4000004) 87.314649ms ago: executing program 2 (id=173): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_COMPAT_GET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)={0xbc, 0x0, 0xb, 0x101, 0x0, 0x0, {0x3, 0x0, 0x8}, [@NFTA_COMPAT_NAME={0xa6, 0x1, '\x01\x92hx\xa6b\xa6\xc8\x92\xea\xc2\xba\xd2]l\x9fuD\x93F\x15\xe8DHT\xb9\x80\t,\x00\x00\x00\x00\x00\x00\x8f\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00;\x9c\xc3%6+\xa9\xbc\x85 kPC\x12\x93\x8c\xd8\xafJ *\xbeW\x8b\x06\xea\xa9\x127U\x83\\\xb2D\"\xc3t{\xa1}Uey\x11If\xd4Az\xa8\xb7\xad\xeby;\x9c\"\x9e(=\x8e\xc8u\xb7x\xc6\xf1\xfe1\xc7\xcd\x82.\xa2\xc3\x88\x83\xb1\x80\xb2\x93\x1a\x1d\xb6O\x1d\xdd\x91\x029b\v&\xebK\xccC\x90\x15\xd3\xff\xf7\xf4\x88,\x00\x00\x00\x00\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x4000000}, 0x40010) 50.087009ms ago: executing program 0 (id=174): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)=@migrate={0xa8, 0x21, 0x1, 0x0, 0x4, {{@in6=@private1, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@migrate={0x50, 0x11, [{@in6=@mcast2, @in=@private=0xa010100, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in=@rand_addr=0x6, 0x3c, 0x0, 0x0, 0x0, 0xa, 0x2}]}, @XFRMA_IF_ID={0x8, 0x1f, 0x2}]}, 0xa8}}, 0x0) 49.75046ms ago: executing program 2 (id=175): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x30, r1, 0x5, 0x6, 0x800000, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0x14, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR={0x8, 0x15, 0xc9}, @NL80211_MESHCONF_CONNECTED_TO_AS={0x5}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x40810}, 0x40040c2) 49.381859ms ago: executing program 0 (id=176): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r0, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYRES32, @ANYBLOB, @ANYRES32], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0) r2 = socket(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0xffffffffffffffdb, 0x3, {0x6, 0x2}}}}]}, 0x44}}, 0x800) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=@newtfilter={0x484, 0x28, 0xd27, 0x1004001, 0x0, {0x0, 0x0, 0x0, r3, {0x9, 0x9}, {0x0, 0x9}, {0xd, 0xe}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x454, 0x2, [@TCA_CGROUP_EMATCHES={0x14, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0xc, 0x1, 0x0, 0x0, {{0x0, 0x9, 0x5}}}]}]}, @TCA_CGROUP_ACT={0x34, 0x1, [@m_skbedit={0x30, 0x11, 0x0, 0x0, {{0xc}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}, @TCA_CGROUP_POLICE={0x408, 0x2, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x8000, 0xa1a, 0x2, 0x8001, 0xfffff800, 0xffffffff, 0x6, 0x7, 0x4861, 0x831, 0x9, 0x3, 0x6, 0x6, 0x4, 0x8, 0xf, 0x8, 0x4, 0x2, 0x9, 0x0, 0x0, 0x3, 0x2, 0x7, 0x5, 0x7, 0x3ff, 0xe65d, 0x6, 0x1000, 0x401, 0x5, 0x6, 0x6, 0x9, 0x0, 0x7fff, 0x2b, 0x1, 0x7, 0x2, 0x7, 0x1, 0x7, 0x8, 0x80000001, 0x5, 0x5f2cc059, 0x9, 0x6dff, 0x7, 0x7, 0x3ff, 0x4a65, 0x40, 0xfffffffc, 0x5, 0x9469, 0x4, 0x1, 0x0, 0x68c, 0x3, 0x1ae7, 0xe48, 0x2, 0x2, 0x4, 0xfffffffc, 0x7, 0xf5, 0x98d, 0xffff, 0xc0, 0x1, 0x2, 0x8, 0x1, 0xb9c, 0x9, 0x7fffffff, 0x5dc4, 0x2, 0x100000, 0x68e, 0xc, 0x0, 0x994f, 0x4, 0x0, 0xfff, 0x8c8, 0x401, 0x3, 0x1, 0x2, 0x7, 0x80000001, 0x0, 0x9, 0x7f, 0x6, 0xeb6a, 0x7fff, 0x2, 0x976, 0x3, 0x7f, 0x9, 0x65d, 0x7, 0x5, 0x7, 0xc, 0xfa, 0x0, 0x1, 0x7, 0x3, 0x2, 0x0, 0xf, 0xe, 0xfffffff9, 0x0, 0x400, 0xf5, 0xa, 0xfffffffe, 0xfffffffb, 0xd, 0x9, 0xff, 0x3, 0x5dce04bf, 0x9, 0x4, 0x5, 0xd, 0x8, 0x7, 0xfffffff8, 0x0, 0x2, 0x10, 0x0, 0x1, 0x28, 0x3, 0x80000000, 0x4784, 0x7, 0x7, 0x4, 0x5, 0x6, 0x7, 0x9, 0x1714, 0x5, 0x4, 0x7, 0x1, 0xffffffff, 0xeaec4000, 0x7cf, 0x5, 0x100, 0x7, 0x0, 0x1, 0x0, 0xaec, 0x3596, 0xfffff511, 0xffffffff, 0x0, 0x3, 0x1, 0x1, 0x7, 0xb3, 0x80000001, 0x0, 0x5, 0x7, 0x6, 0x6, 0x2871, 0x0, 0x80000000, 0x8001, 0x5, 0x4, 0x2, 0x6, 0x8, 0x0, 0x3, 0x1, 0x981, 0xfff, 0xc, 0x4, 0x401, 0x4, 0x8, 0xbb1, 0x1, 0x0, 0xc, 0x40, 0x80000000, 0x6, 0xbe, 0x0, 0x9, 0x10000, 0x6, 0x33, 0x4, 0x400, 0x5c, 0x2, 0x1ff, 0x533, 0x2, 0x3, 0x5, 0x100, 0x7, 0x0, 0x3, 0xfffffffb, 0x6, 0x6, 0x2, 0x2, 0x1, 0x6, 0x416, 0xfc, 0x10001, 0x0, 0x80000000, 0x6, 0x9, 0xffffffc7, 0x9, 0x9816, 0x1, 0x4, 0x101, 0x6]}]}]}}]}, 0x484}, 0x1, 0x0, 0x0, 0x810}, 0x48c0) 422.48µs ago: executing program 2 (id=177): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@empty, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0xffffffffffffffff, 0x0, 0x0, 0x0, 0xfffffffffffff4f7}, {}, 0x0, 0x0, 0x0, 0x1}, {{@in=@multicast1, 0x4d6, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x3}}, 0xe8) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000"], 0xb8}}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc0000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$nl_xfrm(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000000ac13000100000000000000000000000000000000000000000a0042"], 0xb8}}, 0x0) 0s ago: executing program 0 (id=178): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={0x40, r2, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @assoc_resp={{{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1}, {0x4}, @broadcast, @device_a, @initial, {0x5, 0xff}}, 0x2021, 0x5c, @default, @void, @void}}]}, 0x40}, 0x1, 0x0, 0x0, 0xc0}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.61' (ED25519) to the list of known hosts. [ 21.105015][ T23] audit: type=1400 audit(1745210437.560:66): avc: denied { mounton } for pid=342 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 21.106767][ T342] cgroup1: Unknown subsys name 'net' [ 21.127493][ T23] audit: type=1400 audit(1745210437.560:67): avc: denied { mount } for pid=342 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.133437][ T342] cgroup1: Unknown subsys name 'net_prio' [ 21.154589][ T23] audit: type=1400 audit(1745210437.590:68): avc: denied { read } for pid=146 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 21.161324][ T342] cgroup1: Unknown subsys name 'devices' [ 21.187777][ T23] audit: type=1400 audit(1745210437.640:69): avc: denied { unmount } for pid=342 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.351111][ T342] cgroup1: Unknown subsys name 'hugetlb' [ 21.356763][ T342] cgroup1: Unknown subsys name 'rlimit' [ 21.528289][ T23] audit: type=1400 audit(1745210437.990:70): avc: denied { setattr } for pid=342 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=10760 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 21.551503][ T23] audit: type=1400 audit(1745210437.990:71): avc: denied { mounton } for pid=342 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 21.558686][ T347] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 21.576247][ T23] audit: type=1400 audit(1745210437.990:72): avc: denied { mount } for pid=342 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 21.607330][ T23] audit: type=1400 audit(1745210438.050:73): avc: denied { relabelto } for pid=347 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.632583][ T23] audit: type=1400 audit(1745210438.050:74): avc: denied { write } for pid=347 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.661105][ T23] audit: type=1400 audit(1745210438.120:75): avc: denied { read } for pid=342 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.700395][ T342] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 22.499222][ T355] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.506188][ T355] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.513729][ T355] device bridge_slave_0 entered promiscuous mode [ 22.521771][ T355] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.528676][ T355] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.535807][ T355] device bridge_slave_1 entered promiscuous mode [ 22.556992][ T356] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.563890][ T356] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.571436][ T356] device bridge_slave_0 entered promiscuous mode [ 22.580955][ T356] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.587785][ T356] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.595240][ T356] device bridge_slave_1 entered promiscuous mode [ 22.685173][ T357] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.692114][ T357] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.699424][ T357] device bridge_slave_0 entered promiscuous mode [ 22.706227][ T357] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.713217][ T357] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.720570][ T357] device bridge_slave_1 entered promiscuous mode [ 22.755081][ T359] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.761982][ T359] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.769322][ T359] device bridge_slave_0 entered promiscuous mode [ 22.791376][ T359] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.798287][ T359] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.805440][ T359] device bridge_slave_1 entered promiscuous mode [ 22.834390][ T358] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.841316][ T358] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.848673][ T358] device bridge_slave_0 entered promiscuous mode [ 22.858142][ T358] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.864975][ T358] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.872394][ T358] device bridge_slave_1 entered promiscuous mode [ 22.943399][ T356] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.950262][ T356] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.957357][ T356] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.964157][ T356] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.972148][ T355] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.979000][ T355] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.986085][ T355] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.992882][ T355] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.050223][ T357] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.057586][ T357] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.064725][ T357] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.071487][ T357] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.084234][ T359] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.091620][ T359] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.098733][ T359] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.105507][ T359] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.129331][ T358] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.136259][ T358] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.143415][ T358] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.150169][ T358] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.189374][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.197014][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.205532][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.213892][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.222776][ T103] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.230945][ T103] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.237893][ T103] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.245129][ T103] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.252159][ T103] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.259229][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.267138][ T103] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.274220][ T103] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.281717][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.289053][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.318402][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.325830][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.333503][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.342701][ T103] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.349737][ T103] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.357124][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.373579][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.381090][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.389902][ T103] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.396747][ T103] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.404113][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.412649][ T103] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.419502][ T103] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.426746][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.435076][ T103] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.441918][ T103] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.454265][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.485157][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 23.494752][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.502938][ T103] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.509897][ T103] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.517613][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.526106][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.534190][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.542231][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.550105][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.558502][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.566216][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 23.574582][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.582617][ T103] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.589465][ T103] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.596940][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.605011][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.612970][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.621023][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.632350][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 23.640693][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.648895][ T103] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.655717][ T103] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.668422][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.676675][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.690155][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.698428][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.717070][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.725312][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.733538][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.741537][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.753716][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.762204][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.780008][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.787957][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.795996][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.804099][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.811954][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.819701][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.841168][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.849664][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.857729][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.866402][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.874304][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.882648][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.913911][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.922427][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.930492][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.938559][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.946463][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.954982][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.963515][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.971538][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.979325][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.987211][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.995264][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.003515][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.011840][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.019996][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.048640][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.056977][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.065773][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.075025][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.083940][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.092126][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.100501][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.108726][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.116795][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.125055][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.133198][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.141458][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.167555][ T359] request_module fs-gadgetfs succeeded, but still no fs? [ 24.175349][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.184060][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.193121][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.201485][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.216023][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.224620][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.253650][ T378] EXT4-fs (loop3): invalid first ino: 1 [ 24.494872][ T380] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpjquota=,errors=remount-ro, [ 24.540950][ T378] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 26.035335][ T400] xt_time: unknown flags 0xc [ 26.183730][ T393] syz.3.4 (393) used greatest stack depth: 22568 bytes left [ 26.200523][ T23] kauditd_printk_skb: 37 callbacks suppressed [ 26.200533][ T23] audit: type=1400 audit(1745210441.950:113): avc: denied { map_read map_write } for pid=395 comm="syz.2.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 26.296512][ T23] audit: type=1400 audit(1745210442.450:114): avc: denied { create } for pid=395 comm="syz.2.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 26.319363][ T23] audit: type=1400 audit(1745210442.490:115): avc: denied { setopt } for pid=395 comm="syz.2.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 26.338791][ T23] audit: type=1400 audit(1745210442.560:116): avc: denied { setopt } for pid=379 comm="syz.4.5" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 26.357656][ T387] F2FS-fs (loop1): Found nat_bits in checkpoint [ 26.363148][ T23] audit: type=1400 audit(1745210442.560:117): avc: denied { write } for pid=379 comm="syz.4.5" name="file0" dev="loop4" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 26.387023][ T378] erofs: (device loop3): erofs_parse_options: Unrecognized mount option "ÿÿÿÿ" or missing value [ 26.390945][ T23] audit: type=1400 audit(1745210442.630:118): avc: denied { prog_load } for pid=389 comm="syz.0.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 26.416272][ T23] audit: type=1400 audit(1745210442.660:119): avc: denied { prog_run } for pid=389 comm="syz.0.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 26.423032][ T387] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 26.434995][ T23] audit: type=1400 audit(1745210442.720:120): avc: denied { write } for pid=389 comm="syz.0.1" name="tcp" dev="proc" ino=4026532441 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 26.442659][ T390] EXT4-fs (loop0): old and new quota format mixing [ 26.485519][ T23] audit: type=1400 audit(1745210442.930:121): avc: denied { write } for pid=376 comm="syz.3.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 26.533295][ T387] attempt to access beyond end of device [ 26.533295][ T387] loop1: rw=34817, want=79912, limit=40427 [ 26.547411][ T387] attempt to access beyond end of device [ 26.547411][ T387] loop1: rw=34817, want=81920, limit=40427 [ 26.551648][ T419] device bridge_slave_0 left promiscuous mode [ 26.619764][ T419] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.651048][ T419] device bridge_slave_1 left promiscuous mode [ 26.657558][ T419] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.674382][ T23] audit: type=1400 audit(1745210442.930:122): avc: denied { nlmsg_read } for pid=376 comm="syz.3.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 27.224696][ T355] attempt to access beyond end of device [ 27.224696][ T355] loop1: rw=2049, want=45104, limit=40427 [ 27.242627][ T426] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled [ 27.251976][ T426] EXT4-fs (loop2): Unrecognized mount option "fsname=$}^" or missing value [ 27.417867][ T438] EXT4-fs: Warning: mounting with data=journal disables delayed allocation and O_DIRECT support! [ 27.429084][ T438] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 27.439692][ T438] EXT4-fs (loop3): Unsupported blocksize for fs encryption [ 27.714617][ T450] netlink: 44 bytes leftover after parsing attributes in process `syz.4.19'. [ 27.772322][ T450] netlink: 28 bytes leftover after parsing attributes in process `syz.4.19'. [ 27.878927][ T459] netlink: 16 bytes leftover after parsing attributes in process `syz.3.8'. [ 28.410112][ T426] F2FS-fs (loop2): Wrong CP boundary, start(512) end(198144) blocks(1024) [ 28.428096][ T426] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock [ 28.457955][ T426] F2FS-fs (loop2): invalid crc value [ 28.512557][ T426] F2FS-fs (loop2): Found nat_bits in checkpoint [ 28.628590][ T426] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0 [ 28.635493][ T426] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 28.721526][ T426] F2FS-fs (loop2): sanity_check_inode: inode (ino=8) is with extra_attr, but extra_attr feature is off [ 28.997695][ T588] xt_SECMARK: invalid security context 'system_u:object_r:initctl_t:s0' [ 29.183939][ T613] tipc: Started in network mode [ 29.204129][ T613] tipc: Own node identity 068a7d01354c, cluster identity 4711 [ 29.229433][ T613] tipc: Enabled bearer , priority 0 [ 29.236120][ T618] syz.0.84 (618) used greatest stack depth: 21744 bytes left [ 29.280928][ T613] device syzkaller0 entered promiscuous mode [ 29.303955][ T609] tipc: Resetting bearer [ 29.321503][ T609] tipc: Disabling bearer [ 29.611421][ T677] Zero length message leads to an empty skb [ 29.617437][ T675] netlink: 40 bytes leftover after parsing attributes in process `syz.0.111'. [ 29.761378][ T697] tipc: Failed to remove local publication {66,4,134217730}/3329772097 [ 29.782507][ T697] tipc: Failed to remove local publication {66,4,4}/2387884706 [ 29.795058][ T697] tipc: Failed to remove local publication {66,4,4}/2387884706 [ 30.417850][ T814] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=8192 sclass=netlink_xfrm_socket pid=814 comm=syz.2.177 [ 30.437299][ T814] ================================================================== [ 30.445228][ T814] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x5b0/0x660 [ 30.454223][ T814] Read of size 1 at addr ffff8881ded56bd8 by task syz.2.177/814 [ 30.461677][ T814] [ 30.463853][ T814] CPU: 0 PID: 814 Comm: syz.2.177 Not tainted 5.4.290-syzkaller #0 [ 30.471660][ T814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 30.481562][ T814] Call Trace: [ 30.484687][ T814] dump_stack+0x1d8/0x241 [ 30.488857][ T814] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 30.494495][ T814] ? vprintk_func+0x189/0x1d0 [ 30.499093][ T814] ? printk+0xd1/0x111 [ 30.503008][ T814] ? xfrm_policy_inexact_list_reinsert+0x5b0/0x660 [ 30.509340][ T814] print_address_description+0x8c/0x600 [ 30.514712][ T814] ? panic+0x89d/0x89d [ 30.518613][ T814] ? stack_trace_save+0x118/0x1c0 [ 30.523472][ T814] ? xfrm_policy_inexact_list_reinsert+0x5b0/0x660 [ 30.529807][ T814] __kasan_report+0xf3/0x120 [ 30.534254][ T814] ? xfrm_policy_inexact_list_reinsert+0x5b0/0x660 [ 30.540573][ T814] kasan_report+0x30/0x60 [ 30.544736][ T814] __asan_report_load1_noabort+0x14/0x20 [ 30.550203][ T814] xfrm_policy_inexact_list_reinsert+0x5b0/0x660 [ 30.556364][ T814] ? __kasan_kmalloc+0x171/0x210 [ 30.561265][ T814] ? kasan_kmalloc+0x9/0x10 [ 30.565604][ T814] ? xfrm_policy_addr_delta+0x252/0x350 [ 30.570982][ T814] xfrm_policy_inexact_insert_node+0x923/0xb10 [ 30.576986][ T814] ? xfrm_policy_inexact_alloc_bin+0x5b7/0x1410 [ 30.583042][ T814] xfrm_policy_inexact_alloc_chain+0x4ec/0xaf0 [ 30.589036][ T814] xfrm_policy_inexact_insert+0x6a/0x1160 [ 30.594590][ T814] ? __kasan_check_write+0x14/0x20 [ 30.599530][ T814] ? _raw_spin_lock_bh+0xa4/0x1b0 [ 30.604392][ T814] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 30.609428][ T814] ? policy_hash_bysel+0x137/0x700 [ 30.614373][ T814] ? memcpy+0x49/0x60 [ 30.618190][ T814] xfrm_policy_insert+0xe7/0x940 [ 30.623318][ T814] xfrm_add_policy+0x4f2/0x980 [ 30.627918][ T814] ? cap_capable+0x1ce/0x270 [ 30.632340][ T814] ? xfrm_dump_sa_done+0xc0/0xc0 [ 30.637131][ T814] ? __nla_parse+0x41/0x50 [ 30.641388][ T814] xfrm_user_rcv_msg+0x689/0x9b0 [ 30.646139][ T814] ? xfrm_netlink_rcv+0x90/0x90 [ 30.650839][ T814] ? avc_has_perm+0x16f/0x260 [ 30.655338][ T814] ? __kmalloc_track_caller+0x10d/0x2c0 [ 30.660716][ T814] ? __alloc_skb+0xbc/0x4f0 [ 30.665064][ T814] netlink_rcv_skb+0x1d5/0x420 [ 30.669659][ T814] ? xfrm_netlink_rcv+0x90/0x90 [ 30.674383][ T814] ? nla_put_string+0x40/0x40 [ 30.678860][ T814] ? mutex_trylock+0xa0/0xa0 [ 30.683383][ T814] ? __netlink_lookup+0x385/0x3b0 [ 30.688245][ T814] xfrm_netlink_rcv+0x72/0x90 [ 30.692789][ T814] netlink_unicast+0x936/0xb20 [ 30.697388][ T814] ? netlink_detachskb+0x90/0x90 [ 30.702134][ T814] ? security_netlink_send+0x7b/0xa0 [ 30.707255][ T814] netlink_sendmsg+0xa46/0xd00 [ 30.711865][ T814] ? netlink_getsockopt+0x550/0x550 [ 30.716885][ T814] ? import_iovec+0x1bb/0x380 [ 30.721400][ T814] ? security_socket_sendmsg+0x82/0xb0 [ 30.726695][ T814] ? netlink_getsockopt+0x550/0x550 [ 30.731727][ T814] ____sys_sendmsg+0x5ac/0x8f0 [ 30.736339][ T814] ? _copy_from_user+0xaa/0xe0 [ 30.740928][ T814] ? __sys_sendmsg_sock+0x2b0/0x2b0 [ 30.745962][ T814] ? kmem_cache_alloc+0xe0/0x260 [ 30.750739][ T814] __sys_sendmsg+0x28b/0x380 [ 30.755161][ T814] ? ____sys_sendmsg+0x8f0/0x8f0 [ 30.759939][ T814] ? check_preemption_disabled+0x153/0x320 [ 30.765596][ T814] ? __do_page_fault+0x736/0xb90 [ 30.770350][ T814] ? __kasan_check_read+0x11/0x20 [ 30.775211][ T814] __x64_sys_sendmsg+0x7f/0x90 [ 30.779810][ T814] do_syscall_64+0xd8/0x170 [ 30.784150][ T814] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 30.789885][ T814] RIP: 0033:0x7f336decb169 [ 30.794128][ T814] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 30.813569][ T814] RSP: 002b:00007f336c534038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 30.822161][ T814] RAX: ffffffffffffffda RBX: 00007f336e0f2fa0 RCX: 00007f336decb169 [ 30.830060][ T814] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000007 [ 30.837875][ T814] RBP: 00007f336df4da68 R08: 0000000000000000 R09: 0000000000000000 [ 30.845680][ T814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 30.853498][ T814] R13: 0000000000000000 R14: 00007f336e0f2fa0 R15: 00007ffcd3fbed18 [ 30.861306][ T814] [ 30.863468][ T814] Allocated by task 814: [ 30.867566][ T814] __kasan_kmalloc+0x171/0x210 [ 30.872159][ T814] kasan_kmalloc+0x9/0x10 [ 30.876318][ T814] __kmalloc+0x129/0x2e0 [ 30.880398][ T814] sk_prot_alloc+0xc2/0x440 [ 30.884736][ T814] sk_alloc+0x39/0x310 [ 30.888643][ T814] pfkey_create+0x12c/0x650 [ 30.892981][ T814] __sock_create+0x3ce/0x790 [ 30.897842][ T814] __sys_socket+0x132/0x370 [ 30.902270][ T814] __x64_sys_socket+0x7a/0x90 [ 30.906781][ T814] do_syscall_64+0xd8/0x170 [ 30.911124][ T814] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 30.916845][ T814] [ 30.919128][ T814] Freed by task 202: [ 30.922843][ T814] __kasan_slab_free+0x1b5/0x270 [ 30.928133][ T814] kasan_slab_free+0xe/0x10 [ 30.932477][ T814] kfree+0x123/0x360 [ 30.936211][ T814] skb_release_data+0x525/0x650 [ 30.940892][ T814] consume_skb+0xac/0x2a0 [ 30.945062][ T814] skb_free_datagram+0x28/0xe0 [ 30.949785][ T814] unix_dgram_recvmsg+0xbeb/0x1120 [ 30.954728][ T814] sock_read_iter+0x34e/0x430 [ 30.959237][ T814] __vfs_read+0x5cd/0x730 [ 30.963410][ T814] vfs_read+0x14c/0x370 [ 30.967391][ T814] ksys_read+0x199/0x2c0 [ 30.971474][ T814] __x64_sys_read+0x7b/0x90 [ 30.975812][ T814] do_syscall_64+0xd8/0x170 [ 30.980244][ T814] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 30.985962][ T814] [ 30.988134][ T814] The buggy address belongs to the object at ffff8881ded56800 [ 30.988134][ T814] which belongs to the cache kmalloc-1k of size 1024 [ 31.002261][ T814] The buggy address is located 984 bytes inside of [ 31.002261][ T814] 1024-byte region [ffff8881ded56800, ffff8881ded56c00) [ 31.015438][ T814] The buggy address belongs to the page: [ 31.020922][ T814] page:ffffea00077b5400 refcount:1 mapcount:0 mapping:ffff8881f5c02280 index:0x0 compound_mapcount: 0 [ 31.031675][ T814] flags: 0x8000000000010200(slab|head) [ 31.036972][ T814] raw: 8000000000010200 ffffea00077b4e00 0000000600000006 ffff8881f5c02280 [ 31.045388][ T814] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 31.053803][ T814] page dumped because: kasan: bad access detected [ 31.060063][ T814] page_owner tracks the page as allocated [ 31.065613][ T814] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC) [ 31.080459][ T814] prep_new_page+0x192/0x370 [ 31.084879][ T814] get_page_from_freelist+0x2d13/0x2d90 [ 31.090257][ T814] __alloc_pages_nodemask+0x393/0x840 [ 31.095470][ T814] alloc_slab_page+0x3b/0x400 [ 31.099980][ T814] new_slab+0x98/0x430 [ 31.103885][ T814] ___slab_alloc+0x2e0/0x460 [ 31.108308][ T814] __slab_alloc+0x63/0xa0 [ 31.112479][ T814] __kmalloc_track_caller+0x17f/0x2c0 [ 31.117682][ T814] __alloc_skb+0xbc/0x4f0 [ 31.121850][ T814] sk_stream_alloc_skb+0x1f5/0xa80 [ 31.126808][ T814] tcp_sendmsg_locked+0xe07/0x3810 [ 31.131752][ T814] tcp_sendmsg+0x2f/0x50 [ 31.135952][ T814] inet_sendmsg+0xa1/0xc0 [ 31.140116][ T814] sock_write_iter+0x344/0x470 [ 31.144796][ T814] __vfs_write+0x5d3/0x750 [ 31.149044][ T814] vfs_write+0x1f2/0x4e0 [ 31.153157][ T814] page_owner free stack trace missing [ 31.158326][ T814] [ 31.160493][ T814] Memory state around the buggy address: [ 31.165972][ T814] ffff8881ded56a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.174210][ T814] ffff8881ded56b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.182092][ T814] >ffff8881ded56b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 31.190078][ T814] ^ [ 31.196849][ T814] ffff8881ded56c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.204751][ T814] ffff8881ded56c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.212636][ T814] ================================================================== [ 31.220540][ T814] Disabling lock debugging due to kernel taint