[....] Starting enhanced syslogd: rsyslogd[ 14.246296] audit: type=1400 audit(1572583250.209:4): avc: denied { syslog } for pid=1919 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.18' (ECDSA) to the list of known hosts. 2019/11/01 04:41:01 fuzzer started 2019/11/01 04:41:03 dialing manager at 10.128.0.26:46687 2019/11/01 04:41:03 syscalls: 1353 2019/11/01 04:41:03 code coverage: enabled 2019/11/01 04:41:03 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/11/01 04:41:03 extra coverage: extra coverage is not supported by the kernel 2019/11/01 04:41:03 setuid sandbox: enabled 2019/11/01 04:41:03 namespace sandbox: enabled 2019/11/01 04:41:03 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/01 04:41:03 fault injection: kernel does not have systematic fault injection support 2019/11/01 04:41:03 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/01 04:41:03 net packet injection: enabled 2019/11/01 04:41:03 net device setup: enabled 2019/11/01 04:41:03 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 04:41:32 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000100)={'bridge_slave_0\x00\x04'}) r1 = socket$inet6(0xa, 0x803, 0x20) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, 0x0, 0x0) accept$packet(0xffffffffffffffff, 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) socket$packet(0x11, 0x0, 0x300) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000140)="0800b5055e0bcfe87b0071") ioctl$sock_inet6_SIOCSIFADDR(r1, 0x8916, &(0x7f00000002c0)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x0, r2}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000080)={'bridge_slave_0\x00?', 0x22000000c0ffffff}) 04:41:32 executing program 0: r0 = gettid() chdir(0x0) flock(0xffffffffffffffff, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b67, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) prctl$PR_SET_MM(0x23, 0x0, &(0x7f0000ffe000/0x2000)=nil) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) ioctl$TIOCMSET(r1, 0x5418, 0x0) timerfd_create(0x0, 0x0) ioctl$TCGETX(0xffffffffffffffff, 0x5432, 0x0) tkill(r0, 0x1000000000016) 04:41:32 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000600)=ANY=[@ANYPTR64], 0xfe9d) write$cgroup_pid(r2, &(0x7f0000000000), 0xfffffea6) 04:41:32 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000880)=@nat={'nat\x00', 0x19, 0x2, 0x348, [0x20000280, 0x0, 0x0, 0x200002b0, 0x200002e0], 0x11, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff02000000030000000000000000007663616e30000000000000000000000062726964676530000000000000000000736974300000000000000000000000007465616d300000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaabb0000000000000000d8010000d801000010020000636f6d6d656e7400000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000003f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073746174697374696300000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa000000ffffffff000000001b0000000000000000007465616d5f736c6176655f310000000069726c616e300000000000000000000069726c616e3000e575dd73000000000073797a6b616c6c6572300000000000000180c2000000000000000000f646793b7b3900000000000000007000000070000000a8000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0000aa1cffffff00000000"]}, 0x3c0) 04:41:32 executing program 2: r0 = socket(0x1, 0x1, 0x0) sendmmsg$sock(r0, 0x0, 0x0, 0x0) r1 = gettid() prctl$PR_GET_TID_ADDRESS(0x28, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) setsockopt(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) tkill(r1, 0x1000000000016) 04:41:32 executing program 3: open(0x0, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) r0 = gettid() ptrace$peekuser(0x3, 0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) write$P9_RMKDIR(0xffffffffffffffff, 0x0, 0xffffffffffffff3d) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) ioctl$TIOCSPTLCK(0xffffffffffffffff, 0x40045431, 0x0) setsockopt$netlink_NETLINK_RX_RING(0xffffffffffffffff, 0x10e, 0x6, 0x0, 0x0) lstat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)) getresgid(0x0, 0x0, &(0x7f0000000240)) fchownat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x100) fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000000)='system.posix_acl_default\x00', 0x0, 0x0, 0x4) tkill(r0, 0x1000000000016) 04:41:33 executing program 0: syz_open_procfs(0x0, &(0x7f0000000340)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd8\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|\x1c\xb0\xa6z\xd1\xa9\xb0\xfd`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7') 04:41:33 executing program 4: pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0x5, 0x0, 0x0) 04:41:33 executing program 0: syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='sched\x00') 04:41:33 executing program 4: r0 = syz_open_dev$sndtimer(&(0x7f0000000000)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000040)={{0x0, 0x1}}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00007e5000)={0xffffffffffffffff}) dup3(r1, r0, 0x0) 04:41:33 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f00000000c0)=0x2, 0x4) sendmsg(r0, &(0x7f0000013000)={&(0x7f0000000040)=@in6={0xa, 0x4e23, 0x0, @loopback}, 0x80, 0x0, 0x0, &(0x7f0000000540)=[{0x28, 0x29, 0x5, "21020201cb009f00"/17}], 0x28}, 0x0) 04:41:33 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) setsockopt$packet_int(r1, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x400000000008, 0x26d) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$inet6(r0, &(0x7f0000000300)="0503000045083e0001a003e8c52cf7c25975e697b02f08006b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) 04:41:33 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x800, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='hugetlb.2Y\x00\x00\x00_in_bytes\x00\x00\x00\x00\x00', 0x275a, 0x0) r4 = creat(&(0x7f0000000440)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) io_setup(0x8, &(0x7f0000000180)=0x0) io_submit(r6, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x3, 0x1, 0x0, r5, &(0x7f0000000000), 0x10000}]) fallocate(r3, 0x0, 0x0, 0x110001) ioctl$EXT4_IOC_MOVE_EXT(r3, 0xc028660f, &(0x7f0000000040)={0x0, r4}) 04:41:33 executing program 0: 04:41:33 executing program 1: 04:41:33 executing program 0: r0 = syz_open_dev$sndtimer(&(0x7f0000000140)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_GINFO(r0, 0x5452, &(0x7f0000000400)={{0x3}, 0x0, 0x0, 'id0\x00', 'timer1\x00'}) 04:41:33 executing program 2: 04:41:33 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f0000000980)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1, @in=@multicast1=0xe0000002, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@tmpl={0x44, 0x5, [{{@in=@broadcast}, 0x0, @in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}}]}]}, 0xfc}}, 0x0) 04:41:33 executing program 1: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) recvmmsg(r0, &(0x7f00000033c0)=[{{0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f00000002c0)=""/229, 0xe5}, {0x0}, {0x0}], 0x3}}, {{0x0, 0x0, 0x0}}], 0x2, 0x10020, 0x0) 04:41:33 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000b40)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00\xc7\xbal&\x1e\xab\ry\xab0\xe6\f<\xed_\xee\xe6\x1b\xc9\xb0\t\x81\xac\x03\xa8s+\x8di\xb7V\xde\x15\xd3,\xb4\xeb\xcfwz\x1b\xac\xf8\xff\xbd\xe4\xa2\x84\v\x17\xf4*\x14\x83\r\xe2>*\xd4{\xdcH\x1b_\xab&\x98\x1b\xd7\x9b\xe9\xd7A\xe2\xc4\xfc\x03\xc9^\xb8\xd4Z\xee\x98', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080)=0x200000000000000, 0x297ef) 04:41:33 executing program 3: 04:41:33 executing program 2: 04:41:33 executing program 4: 04:41:33 executing program 3: 04:41:34 executing program 5: 04:41:34 executing program 2: 04:41:34 executing program 0: 04:41:34 executing program 3: 04:41:34 executing program 4: 04:41:34 executing program 4: 04:41:34 executing program 1: 04:41:34 executing program 3: 04:41:34 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) syz_genetlink_get_family_id$nbd(0x0) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0) r1 = dup(r0) setsockopt$packet_int(r1, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x400000000008, 0x26d) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$inet6(r0, &(0x7f0000000300)="0503000006023e0001a003e8c52cf7c25975e697b02f08006b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) 04:41:34 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000180)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) setsockopt$sock_int(r1, 0x1, 0xb, &(0x7f0000000000), 0x4) 04:41:34 executing program 4: 04:41:34 executing program 5: 04:41:34 executing program 3: 04:41:34 executing program 4: 04:41:34 executing program 5: 04:41:34 executing program 1: 04:41:34 executing program 0: 04:41:34 executing program 3: syzkaller login: [ 58.565191] audit: type=1400 audit(1572583294.529:5): avc: denied { create } for pid=2353 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 04:41:34 executing program 5: 04:41:34 executing program 4: [ 58.693580] audit: type=1400 audit(1572583294.659:6): avc: denied { write } for pid=2353 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 58.725488] audit: type=1400 audit(1572583294.689:7): avc: denied { read } for pid=2353 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 04:41:34 executing program 2: setfsuid(0x0) socket(0x0, 0x0, 0x0) setfsuid(0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) getuid() getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) setfsuid(0x0) geteuid() socket(0x0, 0x0, 0x0) write$P9_RGETATTR(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, 0x0) fstat(0xffffffffffffffff, &(0x7f0000000100)) write$P9_RGETATTR(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000009cc0)=[{{&(0x7f0000000000)={0x2, 0x4e23, @multicast2}, 0x10, 0x0}}], 0x1, 0x0) 04:41:34 executing program 0: 04:41:34 executing program 3: 04:41:34 executing program 1: 04:41:34 executing program 4: 04:41:34 executing program 5: 04:41:34 executing program 1: open(0x0, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2024c2, 0x0) ioctl(0xffffffffffffffff, 0xfffffffffffffc00, &(0x7f00000000c0)="98e8741b044d2161a1db5fb19a111675f503719a2b32b379cf322e6d1b5d6168625148ddf5f2225752938ac393d25d61a0e59b409d5e369fa18c9b8267b509dac0796b5e0d1bb6e15b90c82f2b80f38930ba859785b810cfbedfae76bdab80fe81a697d6e68607fd45b5feb3df35ad59c9b8f886eb4a675be05a1835a29d78f62d4f8f4c617a7392183417ea117f727f7a5d2afb17c16fa3f0905e59479e79024c2e4c8ca66d3ae48c494020bd80fb71b00ba247e3acf4b3f0a1bda7cfc48a223b0030e3040eb952b794047184e7d928d54bbba6182c6070010d48de65831421e6c8020d03f790f326") write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) r0 = gettid() ptrace$peekuser(0x3, 0x0, 0x0) getpid() tgkill(0x0, r0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) write$P9_RMKDIR(0xffffffffffffffff, 0x0, 0xffffffffffffff3d) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) setsockopt$netlink_NETLINK_RX_RING(0xffffffffffffffff, 0x10e, 0x6, 0x0, 0x0) clock_gettime(0x0, 0x0) tkill(r0, 0x1000000000016) 04:41:34 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) r2 = socket$inet6(0xa, 0x1, 0x8010000000000084) listen(r2, 0x4000000043) accept4(r2, 0x0, 0x0, 0x0) r3 = getpid() timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x989680}}, 0x0) tkill(r3, 0x800000015) 04:41:34 executing program 5: perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000000)={0x0, 0xe2, &(0x7f00000000c0)={&(0x7f0000000100)={0x6c, r1, 0x5, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x58, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x2, [0x0, 0xc202]}, 0x8000}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @mcast1}}}}]}]}, 0x6c}}, 0x0) 04:41:34 executing program 4: 04:41:34 executing program 3: 04:41:34 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) setsockopt$packet_int(r1, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x400000000008, 0x26d) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$inet6(r0, &(0x7f0000000300)="0503000006023e0001a003e8c52cf7c25975e697b02f08006b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) 04:41:35 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) setsockopt$packet_int(r1, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x400000000008, 0x26d) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$inet6(r0, &(0x7f0000000300)="0503000006023e0001a003e8c52cf7c25975e697b02f08006b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) 04:41:35 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) setsockopt$packet_int(r1, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x400000000008, 0x26d) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$inet6(r0, &(0x7f0000000300)="0503000006023e0001a003e8c52cf7c25975e697b02f08006b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) 04:41:35 executing program 4: r0 = perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000000200)=0x7) setreuid(0x0, r2) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) 04:41:35 executing program 5: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x0, 0x0) ioctl$BLKTRACESTOP(r0, 0x1275, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf107, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x3a) connect$inet6(r1, &(0x7f0000000180)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) r2 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) ioctl$RTC_WIE_ON(0xffffffffffffffff, 0x700f) ftruncate(r2, 0x2007fff) sendfile(r1, r2, 0x0, 0x8482) r3 = creat(&(0x7f0000000180)='./bus\x00', 0x0) lseek(r3, 0x7ffffc, 0x0) ioctl$EXT4_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000040)=0x8) write$FUSE_NOTIFY_POLL(r3, &(0x7f0000000080)={0x18}, 0x18) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = socket(0x1000000010, 0x400000400080803, 0x0) r6 = dup(r5) write$cgroup_int(r6, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r6, 0x29, 0x22, &(0x7f0000001880)={{{@in=@remote, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f0000001700)=0xe8) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000280)={'lo\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xed\x1f', r7}) ioctl$sock_inet6_SIOCSIFADDR(r3, 0x8916, &(0x7f00000000c0)={@rand_addr="10ddfa1455659e359088f0459eab9352", 0x1f, r7}) 04:41:35 executing program 0: r0 = socket$inet6(0xa, 0x100000000000003, 0x3c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c) sendmmsg(r0, &(0x7f0000000240)=[{{0x0, 0x0, &(0x7f0000002d40), 0x2bc}}, {{0x0, 0x0, &(0x7f0000000040), 0x361, &(0x7f0000000140), 0x2b}}], 0x400045d, 0x0) 04:41:35 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3ea, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000b40)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00\xc7\xbal&\x1e\xab\ry\xab0\xe6\f<\xed_\xee\xe6\x1b\xc9\xb0\t\x81\xac\x03\xa8s+\x8di\xb7V\xde\x15\xd3,\xb4\xeb\xcfwz\x1b\xac\xf8\xff\xbd\xe4\xa2\x84\v\x17\xf4*\x14\x83\r\xe2>*\xd4{\xdcH\x1b_\xab&\x98\x1b\xd7\x9b\xe9\xd7A\xe2\xc4\xfc\x03\xc9^\xb8\xd4Z\xee\x98', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080)=0x9, 0x297ef) 04:41:35 executing program 0: socket(0x10, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) syz_open_procfs(0x0, 0x0) write$P9_RGETATTR(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000009cc0)=[{{&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, 0x0}}], 0x1, 0x0) 04:41:35 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00') ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40086602, 0x400007) r2 = dup(r0) setsockopt$packet_int(r2, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x400000000008, 0x26d) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$inet6(r0, &(0x7f0000000300)="0503000006023e0001a003e8c52cf7c25975e697b02f08006b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) 04:41:35 executing program 5: r0 = syz_open_dev$sndtimer(&(0x7f0000000140)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_GINFO(r0, 0x40485404, &(0x7f0000000400)={{0x3}, 0x0, 0x0, 'id0\x00', 'timer1\x00'}) 04:41:35 executing program 1: ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) creat(&(0x7f0000000300)='./file0\x00', 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0) r0 = gettid() tkill(r0, 0x3c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000d84000)={0xa, 0x2, 0xfffffffe, @ipv4={[], [], @loopback}}, 0x1c) sendto$inet6(r1, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) 04:41:35 executing program 1: r0 = syz_open_dev$sndtimer(&(0x7f0000000000)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000040)={{0x0, 0x1}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, 0x0) 04:41:35 executing program 5: r0 = socket$inet(0x10, 0x3, 0x6) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000000)="24000000120007031dfffd946fa283000f000a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 04:41:35 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) setsockopt$packet_int(r1, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x400000000008, 0x26d) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$inet6(r0, &(0x7f0000000300)="0503000006023e0001a003e8c52cf7c25975e697b02f08006b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) 04:41:35 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x2000000000000074, 0x4) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0x8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f0000000880)="3232ce2774e7a3797748648df71c7b4542839e347be35844e42ad67454cd5e140e0ab73493d6b6921681e5531e04d55fb1c26504e3e4738aac76780b5c23636981a31f6a58ef2103e7a145b11649eac6d4cc29a315faf899c2e35d08b1974199c08bf4798207b78d8d", 0x69, 0x20008080, 0x0, 0x0) [ 59.285149] kasan: CONFIG_KASAN_INLINE enabled [ 59.289615] kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN [ 59.302565] Modules linked in: [ 59.305884] CPU: 1 PID: 2469 Comm: syz-executor.5 Not tainted 4.4.174+ #4 [ 59.312801] task: ffff8800a4fe17c0 task.stack: ffff8801bf4d0000 [ 59.318848] RIP: 0010:[] [] __list_del_entry_valid+0x7c/0x1a0 [ 59.328089] RSP: 0018:ffff8801bf4d75d8 EFLAGS: 00010246 [ 59.333523] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff8800b432b810 [ 59.340783] RDX: 0000000000000000 RSI: ffffffff83ad85e0 RDI: ffff8800b432b818 [ 59.348042] RBP: ffff8801bf4d75f0 R08: 0000000000000000 R09: 1ffffffff075b0bd [ 59.355299] R10: 000000000075bf20 R11: 0000000000000000 R12: ffff8800b432b818 [ 59.362557] R13: ffff8800a67e4040 R14: ffff8800b432b7b9 R15: ffff8800b432b838 [ 59.369818] FS: 00007fd66ca66700(0000) GS:ffff8801db700000(0000) knlGS:0000000000000000 [ 59.378030] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 59.383900] CR2: 000000000075c000 CR3: 00000001d4a63000 CR4: 00000000001606b0 [ 59.391165] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 59.398770] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 59.406026] Stack: [ 59.408159] ffffffff82717d94 ffffffff8255c29c ffff8800b432b810 ffff8801bf4d7628 [ 59.416208] ffffffff8255c2a4 ffff8800b70c1100 ffff8800b432b810 ffff8800b474fc80 [ 59.424242] ffff8800b432b7b9 ffff8800b432b838 ffff8801bf4d7648 ffffffff825784e3 [ 59.432292] Call Trace: [ 59.434872] [] ? _raw_spin_lock_bh+0x44/0x50 [ 59.440925] [] ? xfrm_state_walk_done+0x7c/0x1e0 [ 59.447329] [] xfrm_state_walk_done+0x84/0x1e0 [ 59.453557] [] xfrm_dump_sa_done+0x73/0xa0 [ 59.459436] [] ? xfrm_get_policy+0x8c0/0x8c0 [ 59.465491] [] netlink_dump+0x76b/0xad0 [ 59.471112] [] __netlink_dump_start+0x4ca/0x750 [ 59.477423] [] ? __netlink_ns_capable+0xe2/0x130 [ 59.483821] [] xfrm_user_rcv_msg+0x556/0x630 [ 59.489875] [] ? xfrm_user_rcv_msg+0x630/0x630 [ 59.496101] [] ? xfrm_dump_sa_done+0xa0/0xa0 [ 59.502155] [] ? xfrm_user_rcv_msg+0x630/0x630 [ 59.508377] [] ? xfrm_get_policy+0x8c0/0x8c0 [ 59.514426] [] ? mark_held_locks+0xb1/0x100 [ 59.520391] [] ? xfrm_netlink_rcv+0x61/0x90 [ 59.526356] [] ? mutex_lock_nested+0x7dd/0xb80 04:41:35 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x84) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) write$binfmt_script(r0, &(0x7f000000a040)={'#! ', './file0', [{}], 0xa, "caa2192e"}, 0x10) 04:41:35 executing program 1: r0 = perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open$cgroup(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r0, 0xffffffffffffffff, r0, 0x0) 04:41:35 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3ea, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000b40)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00\xc7\xbal&\x1e\xab\ry\xab0\xe6\f<\xed_\xee\xe6\x1b\xc9\xb0\t\x81\xac\x03\xa8s+\x8di\xb7V\xde\x15\xd3,\xb4\xeb\xcfwz\x1b\xac\xf8\xff\xbd\xe4\xa2\x84\v\x17\xf4*\x14\x83\r\xe2>*\xd4{\xdcH\x1b_\xab&\x98\x1b\xd7\x9b\xe9\xd7A\xe2\xc4\xfc\x03\xc9^\xb8\xd4Z\xee\x98', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080)=0x1a00, 0x297ef) 04:41:35 executing program 3: 04:41:35 executing program 3: [ 59.532587] [] ? trace_hardirqs_on_caller+0x385/0x5a0 [ 59.539420] [] ? mutex_lock_nested+0x645/0xb80 [ 59.545648] [] ? xfrm_netlink_rcv+0x61/0x90 [ 59.551616] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 59.558366] [] ? mutex_trylock+0x500/0x500 [ 59.564246] [] netlink_rcv_skb+0xd4/0x2e0 [ 59.570039] [] ? xfrm_dump_sa_done+0xa0/0xa0 [ 59.576090] [] xfrm_netlink_rcv+0x70/0x90 [ 59.581880] [] netlink_unicast+0x4d7/0x700 [ 59.587746] [] ? netlink_sendskb+0x60/0x60 [ 59.593608] [] netlink_sendmsg+0x6b6/0xc80 [ 59.599468] [] ? nlmsg_notify+0x170/0x170 [ 59.605243] [] ? selinux_socket_sendmsg+0x3f/0x50 [ 59.611709] [] ? security_socket_sendmsg+0x8f/0xc0 [ 59.618262] [] ? nlmsg_notify+0x170/0x170 [ 59.624052] [] sock_sendmsg+0xbe/0x110 [ 59.629565] [] ___sys_sendmsg+0x769/0x890 [ 59.635338] [] ? copy_msghdr_from_user+0x550/0x550 [ 59.641904] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 59.648635] [] ? check_preemption_disabled+0x3c/0x200 [ 59.655453] [] ? check_preemption_disabled+0x3c/0x200 [ 59.662276] [] ? __fget+0x13b/0x370 [ 59.667573] [] ? __fget+0x162/0x370 [ 59.672827] [] ? __fget+0x47/0x370 [ 59.678006] [] ? __fget_light+0xa3/0x1f0 [ 59.683705] [] ? __fdget+0x1b/0x20 [ 59.688914] [] __sys_sendmsg+0xc5/0x160 [ 59.694515] [] ? SyS_shutdown+0x1a0/0x1a0 [ 59.700298] [] ? SyS_clock_gettime+0x118/0x1e0 [ 59.706595] [] ? SyS_clock_settime+0x220/0x220 [ 59.712847] [] SyS_sendmsg+0x2d/0x50 [ 59.718191] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 59.724739] Code: 00 ad de 4c 8b 01 49 39 c0 74 66 48 b8 00 02 00 00 00 00 ad de 48 39 c3 74 78 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 fb 00 00 00 48 8b 03 48 39 c8 75 74 49 8d 78 [ 59.751802] RIP [] __list_del_entry_valid+0x7c/0x1a0 [ 59.758660] RSP [ 59.762320] ---[ end trace 9c66cb21d123c8e1 ]--- [ 59.767125] Kernel panic - not syncing: Fatal exception in interrupt [ 59.774148] Kernel Offset: disabled [ 59.777755] Rebooting in 86400 seconds..