last executing test programs: 905.127133ms ago: executing program 0 (id=1): syz_emit_ethernet(0x36, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr, @multicast1}, @timestamp}}}}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="07000000040000000802000001000000"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000021000000850000001b000000b700000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000740)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@dev, 0x0, 0x3c}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}, 0xe8) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e0000000300000000000004050006"], 0x70}}, 0x0) sendmmsg(r4, &(0x7f0000000180), 0x3ef, 0x0) 683.471067ms ago: executing program 2 (id=3): syz_genetlink_get_family_id$team(0x0, 0xffffffffffffffff) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="280000001400010025050000ffdbdf25021f07fd", @ANYRES32=r1, @ANYBLOB="08000200ac1414"], 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x20040000) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00'}) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) r5 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r5, &(0x7f0000000b00)={0xa, 0xfdfe, 0x100007, @remote, 0xa}, 0x1c) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, r5, 0x8, 0x0, 0x2, 0x0, {0xa, 0x0, 0xf9d, @private2={0xfc, 0x2, '\x00', 0x1}}}}, 0x32) writev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x34000}], 0x1) 607.008759ms ago: executing program 1 (id=2): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) getrusage(0xffffffffffffffff, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="07000000040000000802000001000000"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000021000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18) syz_mount_image$ext4(&(0x7f0000000540)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x88, &(0x7f0000000a00)={[{@nogrpid}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@nombcache}, {@nomblk_io_submit}, {@quota}, {@test_dummy_encryption}]}, 0x3, 0x438, &(0x7f0000000580)="$eJzs289rHFUcAPDv7GZT01+Jpf5oWjVaxeCPpElr7cGLouBBQdBDPcYkLbHbRpoItgSNIvUoBe/iUfAv8KQXUU8Fr3oXoUgurZ5WZncm2d1sfnaTrd3PByb5vpm3vPfNzNt9My8bQNcaSn8kEfsj4veI6K8VGysM1X7dXlqY/GdpYTKJSuXtv5NqvVtLC5N51fx1+/JCT0Th8ySOtmh37srVCxPl8vTlrDw6f/GD0bkrV5+fuThxfvr89KXxM2dOnRx78fT4C23JM83r1uDHs8eOvP7u9Tcnz15/75fvkjz/pjzaZGi9g09VKm1urrMO1MVJTwc7wpYUa8M0StXx3x/FWDl5/fHaZx3tHLCjKpVK5cG1Dy9WgHtYEp3uAdAZ+Qd9ev+bb7s09bgr3Hy5dgOU5n0722pHeqKQ1Sk13d+201BEnF389+t0i515DgEA0OCHdP7zXKv5XyHqnwsdzNZQBiLi/og4FBGnI+JwRDwQUa37UEQ8vMX2mxdJVs9/Dm4rr81K538vZWtbjfO/fPYXA8WsdKCafyk5N1OePpH1bDhKe9Ly2Dpt/Pjqb1+2PJA1kc//0i1tP58LZpX+6tnT+LKpifmJO8m53s1PIwZ7WuWfLK8EJBFxJCIGt9nGzDPfHlvr2NCG+a+jDetMlW8inq6d/8Voyj+XrL8+OXpflKdPjOZXxWq/3rj21lrt31H+bZCe/70tr//l/AeS+vXaua23ce2PL9a8p9k4/9bXf2/yTsO+jybm5y+PRfQmb9Q6Xb9/vKne+Er9NP/h463H/6FY+UscjYj0In4kIh6NiMeyvj8eEU9ExPHVqd3ozYKfX3ny/WpQ2k7+OyvNf2pL538l6I3mPa2D4oWfvm9odGAr+afn/1Q1Gs72bOb9bzP92t7VDAAAAP8/hYjYH0lhZDkuFEZGav/Dfzj2Fsqzc/PPnpv98NJU7TsCA1Eq5E+6+uueh45lt/V5ebypfDJ7bvxVsa9aHpmcLU91OnnocvvWGP+pP4ud7h2w43xfC7qX8Q/dy/iH7mX8Q/dqMf77OtEPYPe1+vz/pAP9AHZf0/i37AddxP0/dC/jH7qX8Q9daa4vNv6SvECwKojCXdENwQ4FnX5nAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaI//AgAA//9Lr+a0") openat(0xffffffffffffff9c, 0x0, 0x0, 0x7f) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000740)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) r8 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r8, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@dev, 0x0, 0x3c}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}, 0xe8) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[], 0x10}}, 0x0) sendmmsg(r7, &(0x7f0000000180), 0x3ef, 0x0) 453.163281ms ago: executing program 4 (id=20): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x5502000000000000}, 0x4000) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC_PROXY(r1, 0x0, 0xd2, 0x0, 0x0) setsockopt$MRT_ADD_MFC(r1, 0x0, 0xcc, &(0x7f0000000280)={@broadcast, @multicast1, 0x0, "7ea97ddb2ac127ffa5b7216fe75ebaa2855a422a8bf8ec7caf003751804500", 0x0, 0x0, 0x4, 0xfffffffe}, 0x3c) syz_genetlink_get_family_id$netlbl_cipso(0x0, 0xffffffffffffffff) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r3, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r3, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x6, 0x1, @vifc_lcl_addr=@local, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x3e, &(0x7f0000000140)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @source_quench={0x4, 0x0, 0x0, 0x0, {0x5, 0x4, 0x2, 0x10, 0x4, 0x64, 0x2, 0x5, 0x4b, 0xa7, @loopback, @dev={0xac, 0x14, 0x14, 0x35}}}}}}}, 0x0) 396.760003ms ago: executing program 4 (id=21): openat$pidfd(0xffffffffffffff9c, &(0x7f0000004f00), 0x256200, 0x0) 313.152044ms ago: executing program 3 (id=23): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001c00), r0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000001c40)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(r0, &(0x7f0000001d00)={0x0, 0x0, &(0x7f0000001cc0)={&(0x7f0000001c80)={0x1c, r2, 0x1, 0x70bd2b, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x4008044) 280.437175ms ago: executing program 4 (id=24): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000005740)={0x5c, r0, 0x1, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_REKEY_DATA={0x40, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "fad57eae942d16fe"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0xfffffffd}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="7715643bb30fdfdc1e2d3b4028f93c4d"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="6a81bfadb68263c3f94e7af980d2c14b"}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x400c811}, 0x4004090) 204.923527ms ago: executing program 3 (id=25): r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000540), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_NEW_SEC_DEV(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000006c0)={0x20, r0, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x20}, 0x1, 0x0, 0x0, 0x6001}, 0x8010) 137.099607ms ago: executing program 4 (id=26): r0 = socket$netlink(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r1, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, 0x44, 0x8, 0x0, 0x0}}, 0x10) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000005c0)='sched_switch\x00'}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, 0x0, &(0x7f0000000080)='GPL\x00'}, 0x94) 136.961038ms ago: executing program 3 (id=27): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x54, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_MODE={0x6, 0x1, 0x2}, @IFLA_IPVLAN_MODE={0x6}, @IFLA_IPVLAN_MODE={0x6, 0x1, 0x1}]}}}, @IFLA_LINK={0x8, 0x5, r2}]}, 0x54}}, 0x0) 117.855908ms ago: executing program 3 (id=28): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000801200000008000300", @ANYRES32=r3, @ANYBLOB="0a0006000802110000dd0400080014"], 0x30}, 0x1, 0x0, 0x0, 0x4000044}, 0x0) 92.031728ms ago: executing program 4 (id=29): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000ac0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000b00)={0x28, r1, 0x1, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa}]}, 0x28}, 0x1, 0x0, 0x0, 0x46b2d3ba8e12a610}, 0x4000) 17.19567ms ago: executing program 3 (id=30): syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB='H\x00'], 0x48}}, 0x0) r0 = socket$inet6(0xa, 0x80003, 0x6) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0) 17.09322ms ago: executing program 4 (id=31): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0) sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000080)={0x1c, r2, 0xb97534d5fe9704cf, 0x0, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0xd1}, 0x8856) 5.89657ms ago: executing program 3 (id=32): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000440)={'tunl0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0xfffe, 0x0, 0x0, 0x0, 0x0, @loopback, @private=0xa010101}}}}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f3, &(0x7f0000000240)={'syztnl0\x00', &(0x7f0000000140)={'gretap0\x00', 0x0, 0x7800, 0x0, 0xc10, 0x8f2, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @empty}}}}) 0s ago: executing program 2 (id=33): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}]}, @NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_OP={0x8, 0x6, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xd4}}, 0x0) 0s ago: executing program 3 (id=35): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@multicast1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x4f}}, {{@in6=@mcast2, 0x404d3, 0x2b}, 0x0, @in=@empty}}, 0xe4) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000000ac1e000100000000000000000000000000000000000000000a0040"], 0xb8}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.147' (ED25519) to the list of known hosts. [ 19.798884][ T30] audit: type=1400 audit(1757060327.391:64): avc: denied { mounton } for pid=273 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 19.800029][ T273] cgroup: Unknown subsys name 'net' [ 19.802736][ T30] audit: type=1400 audit(1757060327.391:65): avc: denied { mount } for pid=273 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 19.807169][ T30] audit: type=1400 audit(1757060327.401:66): avc: denied { unmount } for pid=273 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 19.807319][ T273] cgroup: Unknown subsys name 'devices' [ 19.961243][ T273] cgroup: Unknown subsys name 'hugetlb' [ 19.966842][ T273] cgroup: Unknown subsys name 'rlimit' [ 20.163446][ T30] audit: type=1400 audit(1757060327.761:67): avc: denied { setattr } for pid=273 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 20.186582][ T30] audit: type=1400 audit(1757060327.761:68): avc: denied { mounton } for pid=273 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 20.211318][ T30] audit: type=1400 audit(1757060327.761:69): avc: denied { mount } for pid=273 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 20.216831][ T275] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 20.243160][ T30] audit: type=1400 audit(1757060327.841:70): avc: denied { relabelto } for pid=275 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.268588][ T30] audit: type=1400 audit(1757060327.841:71): avc: denied { write } for pid=275 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.316476][ T30] audit: type=1400 audit(1757060327.921:72): avc: denied { read } for pid=273 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.341984][ T30] audit: type=1400 audit(1757060327.921:73): avc: denied { open } for pid=273 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.342038][ T273] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 21.335452][ T281] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.342828][ T281] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.350257][ T281] device bridge_slave_0 entered promiscuous mode [ 21.357938][ T281] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.364988][ T281] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.372341][ T281] device bridge_slave_1 entered promiscuous mode [ 21.487511][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.494571][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.501924][ T288] device bridge_slave_0 entered promiscuous mode [ 21.508570][ T286] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.515635][ T286] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.522983][ T286] device bridge_slave_0 entered promiscuous mode [ 21.537071][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.544120][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.551461][ T288] device bridge_slave_1 entered promiscuous mode [ 21.558107][ T286] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.565188][ T286] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.572491][ T286] device bridge_slave_1 entered promiscuous mode [ 21.581242][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.588273][ T283] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.595718][ T283] device bridge_slave_0 entered promiscuous mode [ 21.613926][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.621154][ T283] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.628593][ T283] device bridge_slave_1 entered promiscuous mode [ 21.658323][ T282] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.665557][ T282] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.672931][ T282] device bridge_slave_0 entered promiscuous mode [ 21.691978][ T282] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.699018][ T282] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.706412][ T282] device bridge_slave_1 entered promiscuous mode [ 21.800750][ T281] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.807796][ T281] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.815082][ T281] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.822108][ T281] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.871931][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.878968][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.886241][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.893267][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.919429][ T286] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.926484][ T286] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.933750][ T286] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.940776][ T286] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.955821][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.962890][ T283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.970173][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.977188][ T283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.985365][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.992729][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.000381][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.007580][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.014857][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.022033][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.029138][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.036351][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.044030][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.051457][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.076795][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.084367][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.092745][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.099790][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.107175][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.115533][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.122603][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.130154][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.138356][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.145383][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.152823][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 22.170673][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.178023][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.186219][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.193238][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.200685][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.208791][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.215816][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.223310][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.231523][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.238534][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.262063][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.269988][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.277869][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.285995][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.308502][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.317423][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.325489][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.333073][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.341011][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.348954][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.359190][ T281] device veth0_vlan entered promiscuous mode [ 22.372857][ T281] device veth1_macvtap entered promiscuous mode [ 22.383544][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.391817][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.400106][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 22.407656][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.415104][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.424234][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.431727][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.445653][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.454043][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.462462][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 22.470790][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.478852][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.485874][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.493449][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.501849][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.510272][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 22.518494][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.526633][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.533664][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.541080][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.549308][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.561123][ T288] device veth0_vlan entered promiscuous mode [ 22.572570][ T288] device veth1_macvtap entered promiscuous mode [ 22.583864][ T282] device veth0_vlan entered promiscuous mode [ 22.590565][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.598947][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.607414][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.615843][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.623892][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.632002][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 22.640506][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.648552][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.655573][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.662983][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 22.671306][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.679347][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.686365][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.693788][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.701805][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.709760][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.717698][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.725691][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.733214][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.740787][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.748130][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.772578][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.780819][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.788719][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.796940][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.805067][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.813184][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.821156][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.829359][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.837739][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.846218][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.854450][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.862391][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.870363][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.877763][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.889773][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.897689][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.906177][ T286] device veth0_vlan entered promiscuous mode [ 22.917465][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.925067][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.932614][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.941031][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.949231][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.957631][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.970203][ T283] device veth0_vlan entered promiscuous mode [ 22.976812][ T281] request_module fs-gadgetfs succeeded, but still no fs? [ 22.983633][ T286] device veth1_macvtap entered promiscuous mode [ 22.997259][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.007724][ T283] device veth1_macvtap entered promiscuous mode [ 23.039842][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.048114][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.057920][ T337] tipc: Can't bind to reserved service type 1 [ 23.067639][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.076753][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.087198][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.103360][ T282] device veth1_macvtap entered promiscuous mode [ 23.124344][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.168706][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.183570][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.201129][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.209939][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.218897][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.227391][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.262385][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.295637][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.310176][ T359] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3'. [ 23.320688][ T366] netlink: 20 bytes leftover after parsing attributes in process `syz.3.14'. [ 23.371388][ T366] device vlan2 entered promiscuous mode [ 23.384255][ T366] device gretap0 entered promiscuous mode [ 23.560122][ T385] loop1: detected capacity change from 0 to 512 [ 23.595830][ T385] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 23.617105][ T385] EXT4-fs (loop1): Test dummy encryption mode enabled [ 23.623962][ T385] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 23.637024][ T385] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 23.677064][ T385] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2825: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 23.690341][ T385] EXT4-fs (loop1): 1 truncate cleaned up [ 23.696000][ T385] EXT4-fs (loop1): mounted filesystem without journal. Opts: nogrpid,min_batch_time=0x0000000000000004,debug_want_extra_isize=0x0000000000000068,nombcache,nomblk_io_submit,quota,test_dummy_encryption,,errors=continue. Quota mode: writeback. [ 23.978630][ T416] ================================================================== [ 23.986714][ T416] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 23.995930][ T416] Read of size 1 at addr ffff8881106fc3f8 by task syz.3.35/416 [ 24.003471][ T416] [ 24.005799][ T416] CPU: 1 PID: 416 Comm: syz.3.35 Not tainted syzkaller #0 [ 24.012894][ T416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 24.022950][ T416] Call Trace: [ 24.026214][ T416] [ 24.029130][ T416] __dump_stack+0x21/0x30 [ 24.033455][ T416] dump_stack_lvl+0xee/0x150 [ 24.038033][ T416] ? show_regs_print_info+0x20/0x20 [ 24.043219][ T416] ? load_image+0x3a0/0x3a0 [ 24.047708][ T416] ? unwind_get_return_address+0x4d/0x90 [ 24.053326][ T416] print_address_description+0x7f/0x2c0 [ 24.058857][ T416] ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 24.065341][ T416] kasan_report+0xf1/0x140 [ 24.069742][ T416] ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 24.076229][ T416] __asan_report_load1_noabort+0x14/0x20 [ 24.081847][ T416] xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 24.088163][ T416] xfrm_policy_inexact_insert_node+0x938/0xb50 [ 24.094300][ T416] ? xfrm_netlink_rcv+0x72/0x90 [ 24.099136][ T416] ? netlink_unicast+0x876/0xa40 [ 24.104059][ T416] ? netlink_sendmsg+0x86a/0xb70 [ 24.108981][ T416] ? ____sys_sendmsg+0x5a2/0x8c0 [ 24.113905][ T416] ? ___sys_sendmsg+0x1f0/0x260 [ 24.118747][ T416] ? x64_sys_call+0x4b/0x9a0 [ 24.123321][ T416] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 24.129375][ T416] xfrm_policy_inexact_alloc_chain+0x53a/0xb30 [ 24.135516][ T416] xfrm_policy_inexact_insert+0x70/0x1130 [ 24.141225][ T416] ? __get_hash_thresh+0x10c/0x420 [ 24.146320][ T416] ? policy_hash_bysel+0x110/0x4f0 [ 24.151423][ T416] xfrm_policy_insert+0x126/0x9a0 [ 24.156436][ T416] ? xfrm_policy_construct+0x54f/0x1f00 [ 24.161971][ T416] xfrm_add_policy+0x4d1/0x830 [ 24.166724][ T416] ? xfrm_dump_sa_done+0xc0/0xc0 [ 24.171648][ T416] xfrm_user_rcv_msg+0x45c/0x6e0 [ 24.176571][ T416] ? xfrm_netlink_rcv+0x90/0x90 [ 24.181411][ T416] ? avc_has_perm_noaudit+0x460/0x460 [ 24.186770][ T416] ? x64_sys_call+0x4b/0x9a0 [ 24.191344][ T416] ? selinux_nlmsg_lookup+0x237/0x4c0 [ 24.196701][ T416] netlink_rcv_skb+0x1e0/0x430 [ 24.201451][ T416] ? xfrm_netlink_rcv+0x90/0x90 [ 24.206286][ T416] ? netlink_ack+0xb60/0xb60 [ 24.210859][ T416] ? wait_for_completion_killable_timeout+0x10/0x10 [ 24.217436][ T416] ? __netlink_lookup+0x387/0x3b0 [ 24.222444][ T416] xfrm_netlink_rcv+0x72/0x90 [ 24.227107][ T416] netlink_unicast+0x876/0xa40 [ 24.231855][ T416] netlink_sendmsg+0x86a/0xb70 [ 24.236604][ T416] ? netlink_getsockopt+0x530/0x530 [ 24.241785][ T416] ? sock_alloc_file+0xba/0x260 [ 24.246622][ T416] ? security_socket_sendmsg+0x82/0xa0 [ 24.252066][ T416] ? netlink_getsockopt+0x530/0x530 [ 24.257248][ T416] ____sys_sendmsg+0x5a2/0x8c0 [ 24.261995][ T416] ? __sys_sendmsg_sock+0x40/0x40 [ 24.267005][ T416] ? import_iovec+0x7c/0xb0 [ 24.271492][ T416] ___sys_sendmsg+0x1f0/0x260 [ 24.276155][ T416] ? __sys_sendmsg+0x250/0x250 [ 24.280911][ T416] ? __fdget+0x1a1/0x230 [ 24.285188][ T416] __x64_sys_sendmsg+0x1e2/0x2a0 [ 24.290114][ T416] ? ___sys_sendmsg+0x260/0x260 [ 24.294952][ T416] ? __kasan_check_write+0x14/0x20 [ 24.300048][ T416] ? switch_fpu_return+0x15d/0x2c0 [ 24.305146][ T416] x64_sys_call+0x4b/0x9a0 [ 24.309549][ T416] do_syscall_64+0x4c/0xa0 [ 24.313948][ T416] ? clear_bhb_loop+0x50/0xa0 [ 24.318609][ T416] ? clear_bhb_loop+0x50/0xa0 [ 24.323270][ T416] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 24.329148][ T416] RIP: 0033:0x7f94fbf29be9 [ 24.333548][ T416] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 24.353138][ T416] RSP: 002b:00007f94fa992038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 24.361549][ T416] RAX: ffffffffffffffda RBX: 00007f94fc160fa0 RCX: 00007f94fbf29be9 [ 24.369508][ T416] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006 [ 24.377463][ T416] RBP: 00007f94fbface19 R08: 0000000000000000 R09: 0000000000000000 [ 24.385414][ T416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 24.393370][ T416] R13: 00007f94fc161038 R14: 00007f94fc160fa0 R15: 00007ffeffa574d8 [ 24.401329][ T416] [ 24.404330][ T416] [ 24.406633][ T416] Allocated by task 416: [ 24.410848][ T416] __kasan_kmalloc+0xda/0x110 [ 24.415522][ T416] __kmalloc+0x13d/0x2c0 [ 24.419747][ T416] sk_prot_alloc+0xed/0x320 [ 24.424234][ T416] sk_alloc+0x38/0x430 [ 24.428281][ T416] pfkey_create+0x12a/0x660 [ 24.432768][ T416] __sock_create+0x38d/0x7a0 [ 24.437348][ T416] __sys_socket+0xec/0x190 [ 24.441746][ T416] __x64_sys_socket+0x7a/0x90 [ 24.446407][ T416] x64_sys_call+0x8c5/0x9a0 [ 24.450898][ T416] do_syscall_64+0x4c/0xa0 [ 24.455302][ T416] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 24.461179][ T416] [ 24.463480][ T416] The buggy address belongs to the object at ffff8881106fc000 [ 24.463480][ T416] which belongs to the cache kmalloc-1k of size 1024 [ 24.477516][ T416] The buggy address is located 1016 bytes inside of [ 24.477516][ T416] 1024-byte region [ffff8881106fc000, ffff8881106fc400) [ 24.490956][ T416] The buggy address belongs to the page: [ 24.496580][ T416] page:ffffea000441be00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1106f8 [ 24.506800][ T416] head:ffffea000441be00 order:3 compound_mapcount:0 compound_pincount:0 [ 24.515106][ T416] flags: 0x4000000000010200(slab|head|zone=1) [ 24.521176][ T416] raw: 4000000000010200 ffffea00043d7800 0000000300000003 ffff888100043080 [ 24.529770][ T416] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 24.538349][ T416] page dumped because: kasan: bad access detected [ 24.544751][ T416] page_owner tracks the page as allocated [ 24.550446][ T416] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 107, ts 4177971829, free_ts 0 [ 24.568487][ T416] post_alloc_hook+0x192/0x1b0 [ 24.573244][ T416] prep_new_page+0x1c/0x110 [ 24.577730][ T416] get_page_from_freelist+0x2cc5/0x2d50 [ 24.583260][ T416] __alloc_pages+0x18f/0x440 [ 24.587834][ T416] new_slab+0xa1/0x4d0 [ 24.591893][ T416] ___slab_alloc+0x381/0x810 [ 24.596467][ T416] __slab_alloc+0x49/0x90 [ 24.600781][ T416] __kmalloc_track_caller+0x169/0x2c0 [ 24.606136][ T416] __alloc_skb+0x21a/0x740 [ 24.610539][ T416] netlink_sendmsg+0x602/0xb70 [ 24.615283][ T416] ____sys_sendmsg+0x5a2/0x8c0 [ 24.620030][ T416] ___sys_sendmsg+0x1f0/0x260 [ 24.624694][ T416] __x64_sys_sendmsg+0x1e2/0x2a0 [ 24.629613][ T416] x64_sys_call+0x4b/0x9a0 [ 24.634010][ T416] do_syscall_64+0x4c/0xa0 [ 24.638410][ T416] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 24.644289][ T416] page_owner free stack trace missing [ 24.649633][ T416] [ 24.651936][ T416] Memory state around the buggy address: [ 24.657543][ T416] ffff8881106fc280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.665582][ T416] ffff8881106fc300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.673621][ T416] >ffff8881106fc380: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 24.681656][ T416] ^ [ 24.689616][ T416] ffff8881106fc400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.697663][ T416] ffff8881106fc480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.705701][ T416] ================================================================== [ 24.713742][ T416] Disabling lock debugging due to kernel taint