Extracting prog: 19m52.474306032s Minimizing prog: 10m58.776690344s Simplifying prog options: 0s Extracting C: 1m56.746816528s Simplifying C: 22m47.812792523s extracting reproducer from 45 programs testing a last program of every proc single: executing 10 programs separately with timeout 30s testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-sendmmsg$inet6-shutdown-setsockopt$inet_sctp6_SCTP_RTOINFO detailed listing: executing program 0: r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f0000000900)=[{{&(0x7f0000000000)={0xa, 0x10, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}}, 0x1c, &(0x7f0000000100)=[{&(0x7f0000000280)="18", 0x1}], 0x1}}], 0x1, 0x4000014) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f00000003c0)={0x0, 0x9, 0x1, 0xa04}, 0x10) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-setsockopt$SO_TIMESTAMP-connect$inet6-recvmmsg detailed listing: executing program 0: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000000)=0xfff7fe00, 0x4) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) recvmmsg(r0, &(0x7f0000000d40)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000400)=""/153, 0x99}], 0x1}, 0x9}], 0x1, 0x10000, 0x0) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_MSRS detailed listing: executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000200)={0x1, 0x0, [{0xc001001b}]}) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$audio-write-mmap$dsp-close detailed listing: executing program 0: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0) write(r0, &(0x7f0000000080)='i', 0x1) mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x100000b, 0x8012, r0, 0x0) close(r0) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_GSI_ROUTING detailed listing: executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, 0x0) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_GSI_ROUTING detailed listing: executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, 0x0) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): munmap-open-getdents detailed listing: executing program 0: munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r0 = open(&(0x7f00000000c0)='.\x00', 0x10000, 0x0) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-setsockopt$bt_BT_SECURITY-getsockopt$bt_l2cap_L2CAP_LM detailed listing: executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000080)={0x4}, 0x1f) getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000000), &(0x7f00000000c0)=0x4) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): munmap-open-getdents detailed listing: executing program 0: munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r0 = open(&(0x7f00000000c0)='.\x00', 0x10000, 0x0) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-setsockopt$bt_BT_SECURITY-getsockopt$bt_l2cap_L2CAP_LM detailed listing: executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000080)={0x4}, 0x1f) getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000000), &(0x7f00000000c0)=0x4) program did not crash single: failed to extract reproducer bisect: bisecting 45 programs with base timeout 30s testing program (duration=41s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4] detailed listing: executing program 1: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000000)={0xffffffffffffffff}, 0x106, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f00000000c0)={0x13, 0x10, 0xfa00, {0x0, r1, 0x1000000}}, 0x18) executing program 1: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000400)=[{0x6, 0x1, 0x2, 0x7fff7ffc}]}) syz_init_net_socket$llc(0x1a, 0x1, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) executing program 1: r0 = syz_open_dev$amidi(&(0x7f0000000000), 0x2, 0x0) r1 = dup(r0) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS32(r1, 0xc0245720, &(0x7f0000000040)={0x1}) executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000008c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0902000000000000000001000000050002000a00000014000700ff00000000000000000000000000000108000b00", @ANYRES8], 0x38}}, 0x0) executing program 1: r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x10) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000080)={0x4}, 0x1f) getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000000), &(0x7f00000000c0)=0x4) executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r0, 0x40384708, &(0x7f0000000040)={0xa9, 0x1, 0x9, 0x200, 0x1a, "3eccd2000500"}) executing program 3: r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) ioctl$PTP_PEROUT_REQUEST2(r0, 0xc0603d0f, &(0x7f0000000040)={{0x0, 0x20}}) executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) write$UHID_INPUT(r1, &(0x7f0000002080)={0xf, {"a2e3ad21e08eeb661b5de00987f70e06d038e7ff7fc6e5539b0d650e8b089b3f353b68090890e0878f0e1ac6e7049b3b43959b649a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07410936cd3b78130daa61d8e8041800005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c554336909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f6777478bc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5dc29a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f6435f7590000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9a53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02da93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d0300000000000000b378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d678746383074c6bc1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b3c7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0da42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006) executing program 3: socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) connect$rose(r1, 0x0, 0x0) executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000004, 0x11, r0, 0x6f000) executing program 3: munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r0 = open(&(0x7f00000000c0)='.\x00', 0x10000, 0x0) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) executing program 32: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000080)={0x4}, 0x1f) getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000000), &(0x7f00000000c0)=0x4) executing program 33: munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r0 = open(&(0x7f00000000c0)='.\x00', 0x10000, 0x0) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) executing program 5: r0 = msgget$private(0x0, 0x204) msgsnd(r0, &(0x7f0000000080)={0x1}, 0x8, 0x800) msgrcv(r0, &(0x7f0000000100)={0x0, ""/47}, 0x37, 0x0, 0x5800) executing program 5: syz_usb_connect$printer(0x0, 0x0, 0x0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x16, &(0x7f00000002c0)=@string={0x16, 0x3, "3a482c9a15dd1f4319b13db58f5c4d6e6621010f"}}]}) r0 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$netlink(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="e0000000100009"], 0xe0}], 0x1}, 0x40040) executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) r0 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000840)='./file0\x00', &(0x7f0000000080), 0x18) utimensat(r0, 0x0, &(0x7f0000000880)={{0x0, 0xea60}, {0x0, 0x3ffffffe}}, 0x0) executing program 5: unshare(0x22020400) r0 = socket$vsock_stream(0x28, 0x1, 0x0) shutdown(r0, 0x8c5d47e95537ac9b) executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x8}) link(&(0x7f0000000080)='.\x00', &(0x7f00000000c0)='./file0\x00') executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, 0x0) executing program 34: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, 0x0) executing program 4: r0 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040), &(0x7f0000000080)) r1 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) read(r1, &(0x7f00000019c0)=""/4097, 0x1001) poll(&(0x7f0000000000)=[{r0, 0xd010}], 0x1, 0x9) executing program 0: r0 = socket$can_bcm(0x1d, 0x2, 0x2) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r2}, 0x10) executing program 0: syz_open_dev$vim2m(&(0x7f0000000080), 0x400000000000003, 0x2) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mremap(&(0x7f0000241000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f00000000c0)='./file0\x00') mount$fuse(0x0, &(0x7f0000000380)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x20000, 0x0) executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000280)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r1, 0xc018620c, &(0x7f0000000340)={0x2}) executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000440)=0x2, 0x4) executing program 0: r0 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe) pipe2$watch_queue(&(0x7f0000000040)={0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r0, r1, 0xa1) add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe) executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000019c0), r0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000001a00)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000001b00)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001a40)={0x24, r1, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x80) executing program 0: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0) write(r0, &(0x7f0000000080)='i', 0x1) mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x100000b, 0x8012, r0, 0x0) close(r0) executing program 4: r0 = openat$kvm(0xffffff9c, &(0x7f0000000000), 0x41, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f00000000c0)={0x1, 0x0, [{0x1dc, 0x0, 0x7}]}) executing program 2: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000000)=0xfff7fe00, 0x4) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) recvmmsg(r0, &(0x7f0000000d40)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000400)=""/153, 0x99}], 0x1}, 0x9}], 0x1, 0x10000, 0x0) executing program 6: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@mcast1, 0x20000300, 0x0, 0x2, 0x9, 0x0, 0x7}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000003c0)={@mcast1, 0x0, 0x0, 0x2, 0x1, 0x5, 0xb}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@dev={0xfe, 0x80, '\x00', 0x19}, 0x300, 0x0, 0x2, 0x2, 0x6, 0xb}, 0x20) executing program 6: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f00000001c0)={0x27, 0x0, 0x0, 0x2, 0x0, 0x9, "c46e9fd1a84b7fefa0bf2cca6beb9363a680b652a86bcf56a1b9f4e6b54cc6beca5462202c484c10ca5386103a5ccbe47b7b9aa6d8d701a3ba6a6c0ce8b978", 0x1}, 0x60) r1 = dup(r0) getpeername$unix(r1, 0x0, &(0x7f00000016c0)) executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) r1 = syz_open_dev$dri(&(0x7f00000008c0), 0x1, 0x400) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR(r0, 0xc01c64a3, &(0x7f00000002c0)={0x1, r2, 0xbf67, 0x4, 0x7, 0x100}) executing program 2: r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@local}) ioctl$IOCTL_VMCI_QUEUEPAIR_SETPF(r0, 0x7a9, 0x0) executing program 6: r0 = socket(0xa, 0x3, 0x87) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'hsr0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={@dev={0xfe, 0x80, '\x00', 0x2f}, 0x40, r1}) ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x8936, &(0x7f0000000000)) executing program 4: mount$fuse(0x0, 0x0, 0x0, 0x80, &(0x7f0000000040)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x8}}]}}) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'xfrm0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000080)="4d01000000000000000100e50414090b0092000000000000005ee4cc040c1e5fcc2eae7fc0dacea9ed192143db2c8381a3e349d8", 0x43, 0x81, &(0x7f0000000340)={0x11, 0x0, r1, 0x1, 0xe, 0x6, @random="645bcc77540e"}, 0x14) executing program 2: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000006c0), 0x48200, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0x2) setresuid(0xee01, 0xee00, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x11) executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_DEBUGREGS(r2, 0x4080aea2, &(0x7f00000016c0)={[0x1, 0x1000, 0x1, 0xd5d5c001], 0x89000000000000, 0x194}) executing program 6: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000001680)=[@register_looper], 0x0, 0x0, 0x0}) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0x6) executing program 6: r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r1}, 0x10) sendmsg$can_bcm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1, 0x8, 0x2, {}, {}, {0x2, 0x1, 0x1, 0x1}, 0x1, @can={{0x2, 0x1, 0x1, 0x1}, 0x1, 0x1, 0x0, 0x0, "68c76dee16687b11"}}, 0x48}, 0x1, 0x0, 0x0, 0x24000000}, 0x4000) executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000200)={0x1, 0x0, [{0xc001001b}]}) executing program 4: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000000)=0xfff7fe00, 0x4) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) recvmmsg(r0, &(0x7f0000000d40)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000400)=""/153, 0x99}], 0x1}, 0x9}], 0x1, 0x10000, 0x0) executing program 6: r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f0000000900)=[{{&(0x7f0000000000)={0xa, 0x10, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}}, 0x1c, &(0x7f0000000100)=[{&(0x7f0000000280)="18", 0x1}], 0x1}}], 0x1, 0x4000014) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f00000003c0)={0x0, 0x9, 0x1, 0xa04}, 0x10) program did not crash replaying the whole log did not cause a kernel crash single: executing 10 programs separately with timeout 1m40s testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-sendmmsg$inet6-shutdown-setsockopt$inet_sctp6_SCTP_RTOINFO detailed listing: executing program 0: r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f0000000900)=[{{&(0x7f0000000000)={0xa, 0x10, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}}, 0x1c, &(0x7f0000000100)=[{&(0x7f0000000280)="18", 0x1}], 0x1}}], 0x1, 0x4000014) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f00000003c0)={0x0, 0x9, 0x1, 0xa04}, 0x10) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-setsockopt$SO_TIMESTAMP-connect$inet6-recvmmsg detailed listing: executing program 0: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000000)=0xfff7fe00, 0x4) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) recvmmsg(r0, &(0x7f0000000d40)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000400)=""/153, 0x99}], 0x1}, 0x9}], 0x1, 0x10000, 0x0) program crashed: general protection fault in rds_tcp_accept_one single: successfully extracted reproducer found reproducer with 4 syscalls minimizing guilty program testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-setsockopt$SO_TIMESTAMP-connect$inet6 detailed listing: executing program 0: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000000)=0xfff7fe00, 0x4) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) program crashed: general protection fault in rds_tcp_accept_one testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-setsockopt$SO_TIMESTAMP detailed listing: executing program 0: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000000)=0xfff7fe00, 0x4) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-connect$inet6 detailed listing: executing program 0: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) program crashed: possible deadlock in inet6_getname testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): connect$inet6 detailed listing: executing program 0: connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-connect$inet6 detailed listing: executing program 0: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r0, 0x0, 0x0) program did not crash extracting C reproducer testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-connect$inet6 program crashed: general protection fault in rds_tcp_accept_one simplifying C reproducer testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-connect$inet6 program crashed: possible deadlock in inet6_getname testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-connect$inet6 program crashed: general protection fault in rds_tcp_accept_one testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-connect$inet6 program did not crash testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-connect$inet6 program did not crash testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-connect$inet6 program did not crash testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-connect$inet6 program crashed: general protection fault in rds_tcp_accept_one testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-connect$inet6 program crashed: inconsistent lock state in lock_sock_nested a never seen crash title: inconsistent lock state in lock_sock_nested, ignore testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-connect$inet6 program crashed: general protection fault in rds_tcp_accept_one testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-connect$inet6 program crashed: inconsistent lock state in lock_sock_nested a never seen crash title: inconsistent lock state in lock_sock_nested, ignore testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-connect$inet6 program crashed: inconsistent lock state in lock_sock_nested a never seen crash title: inconsistent lock state in lock_sock_nested, ignore testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-connect$inet6 program crashed: general protection fault in rds_tcp_accept_one testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-connect$inet6 program crashed: inconsistent lock state in lock_sock_nested a never seen crash title: inconsistent lock state in lock_sock_nested, ignore testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-connect$inet6 program crashed: general protection fault in rds_tcp_accept_one testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:false IEEE802154:true Sysctl:false Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-connect$inet6 program crashed: inconsistent lock state in lock_sock_nested a never seen crash title: inconsistent lock state in lock_sock_nested, ignore testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-connect$inet6 program crashed: inconsistent lock state in lock_sock_nested a never seen crash title: inconsistent lock state in lock_sock_nested, ignore testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-connect$inet6 detailed listing: executing program 0: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) program crashed: inconsistent lock state in lock_sock_nested validation run: crashed=true testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-connect$inet6 detailed listing: executing program 0: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) program crashed: general protection fault in rds_tcp_accept_one validation run: crashed=true testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-connect$inet6 detailed listing: executing program 0: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) program crashed: inconsistent lock state in lock_sock_nested validation run: crashed=true reproducing took 59m28.727539307s repro crashed as (corrupted=false): ================================ WARNING: inconsistent lock state syzkaller #0 Not tainted -------------------------------- inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. kworker/u8:7/3518 [HC0[0]:SC1[3]:HE1:SE0] takes: ffff888067bb51e0 (k-sk_lock-AF_INET6){+.?.}-{0:0}, at: lock_sock include/net/sock.h:1709 [inline] ffff888067bb51e0 (k-sk_lock-AF_INET6){+.?.}-{0:0}, at: inet6_getname+0x15d/0x650 net/ipv6/af_inet6.c:533 {SOFTIRQ-ON-W} state was registered at: lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868 lock_sock_nested+0x48/0x100 net/core/sock.c:3780 lock_sock include/net/sock.h:1709 [inline] tcp_sock_set_nodelay+0x2a/0x180 net/ipv4/tcp.c:3718 rds_tcp_listen_init+0x168/0x410 net/rds/tcp_listen.c:404 rds_tcp_init_net+0x154/0x380 net/rds/tcp.c:568 ops_init+0x35c/0x5c0 net/core/net_namespace.c:137 __register_pernet_operations net/core/net_namespace.c:1312 [inline] register_pernet_operations+0x343/0x830 net/core/net_namespace.c:1389 register_pernet_device+0x2a/0x80 net/core/net_namespace.c:1476 rds_tcp_init+0xcf/0x170 net/rds/tcp.c:749 do_one_initcall+0x250/0x8d0 init/main.c:1382 do_initcall_level+0x104/0x190 init/main.c:1444 do_initcalls+0x59/0xa0 init/main.c:1460 kernel_init_freeable+0x2a6/0x3e0 init/main.c:1692 kernel_init+0x1d/0x1d0 init/main.c:1582 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 irq event stamp: 54204 hardirqs last enabled at (54204): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:178 [inline] hardirqs last enabled at (54204): [] _raw_spin_unlock_irqrestore+0x30/0x80 kernel/locking/spinlock.c:194 hardirqs last disabled at (54203): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:130 [inline] hardirqs last disabled at (54203): [] _raw_spin_lock_irqsave+0x1a/0x60 kernel/locking/spinlock.c:162 softirqs last enabled at (54114): [] local_bh_disable include/linux/bottom_half.h:20 [inline] softirqs last enabled at (54114): [] rcu_read_lock_bh include/linux/rcupdate.h:903 [inline] softirqs last enabled at (54114): [] __dev_queue_xmit+0x274/0x38a0 net/core/dev.c:4757 softirqs last disabled at (54115): [] do_softirq+0x76/0xd0 kernel/softirq.c:523 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(k-sk_lock-AF_INET6); lock(k-sk_lock-AF_INET6); *** DEADLOCK *** 12 locks held by kworker/u8:7/3518: #0: ffff888067b9b148 ((wq_completion)krds_cp_wq#0/0){+.+.}-{0:0}, at: process_one_work+0x855/0x1650 kernel/workqueue.c:3254 #1: ffffc9000bf7fc40 ((work_completion)(&(&cp->cp_send_w)->work)){+.+.}-{0:0}, at: process_one_work+0x87c/0x1650 kernel/workqueue.c:3255 #2: ffff888067bb5f20 (k-sk_lock-AF_INET6){+.?.}-{0:0}, at: lock_sock include/net/sock.h:1709 [inline] #2: ffff888067bb5f20 (k-sk_lock-AF_INET6){+.?.}-{0:0}, at: tcp_sock_set_cork+0x2c/0x2e0 net/ipv4/tcp.c:3694 #3: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline] #3: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline] #3: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: inet6_csk_xmit+0x1ee/0x750 net/ipv6/inet6_connection_sock.c:108 #4: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline] #4: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline] #4: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: ip6_xmit+0x2a1/0x1ac0 net/ipv6/ip6_output.c:287 #5: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline] #5: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline] #5: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: ip6_output+0x126/0x550 net/ipv6/ip6_output.c:235 #6: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: local_lock_acquire include/linux/local_lock_internal.h:46 [inline] #6: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: process_backlog+0x3eb/0x1950 net/core/dev.c:6613 #7: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline] #7: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline] #7: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: netif_receive_skb_internal net/core/dev.c:6338 [inline] #7: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: netif_receive_skb+0x102/0xc50 net/core/dev.c:6410 #8: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline] #8: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline] #8: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: nf_hook include/linux/netfilter.h:242 [inline] #8: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: NF_HOOK+0x9e/0x3c0 include/linux/netfilter.h:316 #9: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline] #9: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline] #9: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: ip6_input+0x23/0x270 net/ipv6/ip6_input.c:499 #10: ffff888067bb5160 (k-slock-AF_INET6/1){+.-.}-{3:3}, at: tcp_v6_rcv+0x269b/0x3110 net/ipv6/tcp_ipv6.c:1875 #11: ffff888067bb5388 (k-clock-AF_INET6){++.-}-{3:3}, at: rds_tcp_data_ready+0x113/0x9a0 net/rds/tcp_recv.c:320 stack backtrace: CPU: 0 UID: 0 PID: 3518 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 Workqueue: krds_cp_wq#0/0 rds_send_worker Call Trace: dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120 print_usage_bug+0x28b/0x2e0 kernel/locking/lockdep.c:4042 valid_state kernel/locking/lockdep.c:4056 [inline] mark_lock_irq+0x410/0x420 kernel/locking/lockdep.c:-1 mark_lock+0x115/0x190 kernel/locking/lockdep.c:4753 mark_usage kernel/locking/lockdep.c:-1 [inline] __lock_acquire+0x689/0x2cf0 kernel/locking/lockdep.c:5191 lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868 lock_sock_nested+0x48/0x100 net/core/sock.c:3780 lock_sock include/net/sock.h:1709 [inline] inet6_getname+0x15d/0x650 net/ipv6/af_inet6.c:533 rds_tcp_get_peer_sport net/rds/tcp_listen.c:70 [inline] rds_tcp_conn_slots_available+0x288/0x470 net/rds/tcp_listen.c:149 rds_recv_hs_exthdrs+0x60f/0x7c0 net/rds/recv.c:265 rds_recv_incoming+0x9f6/0x12d0 net/rds/recv.c:389 rds_tcp_data_recv+0x7f1/0xa40 net/rds/tcp_recv.c:243 __tcp_read_sock+0x196/0x970 net/ipv4/tcp.c:1702 rds_tcp_read_sock net/rds/tcp_recv.c:277 [inline] rds_tcp_data_ready+0x369/0x9a0 net/rds/tcp_recv.c:331 tcp_rcv_established+0x19f4/0x2740 net/ipv4/tcp_input.c:6675 tcp_v6_do_rcv+0x8eb/0x1ba0 net/ipv6/tcp_ipv6.c:1609 tcp_v6_rcv+0x2811/0x3110 net/ipv6/tcp_ipv6.c:1879 ip6_protocol_deliver_rcu+0xa73/0x1600 net/ipv6/ip6_input.c:438 ip6_input_finish+0x191/0x370 net/ipv6/ip6_input.c:489 NF_HOOK+0x336/0x3c0 include/linux/netfilter.h:318 ip6_input+0x16a/0x270 net/ipv6/ip6_input.c:500 ip_sabotage_in+0x1e1/0x270 net/bridge/br_netfilter_hooks.c:990 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline] nf_hook_slow+0xc5/0x220 net/netfilter/core.c:623 nf_hook include/linux/netfilter.h:273 [inline] NF_HOOK+0x21f/0x3c0 include/linux/netfilter.h:316 __netif_receive_skb_one_core net/core/dev.c:6152 [inline] __netif_receive_skb net/core/dev.c:6265 [inline] netif_receive_skb_internal net/core/dev.c:6351 [inline] netif_receive_skb+0x278/0xc50 net/core/dev.c:6410 NF_HOOK+0xa4/0x3a0 include/linux/netfilter.h:319 br_handle_frame_finish+0x14b2/0x1b40 net/bridge/br_input.c:-1 br_nf_hook_thresh+0x3dd/0x4c0 net/bridge/br_netfilter_hooks.c:-1 br_nf_pre_routing_finish_ipv6+0xa3a/0xd70 net/bridge/br_netfilter_ipv6.c:-1 NF_HOOK include/linux/netfilter.h:318 [inline] br_nf_pre_routing_ipv6+0x374/0x6f0 net/bridge/br_netfilter_ipv6.c:184 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline] nf_hook_bridge_pre net/bridge/br_input.c:291 [inline] br_handle_frame+0x1277/0x1510 net/bridge/br_input.c:442 __netif_receive_skb_core+0x98f/0x31a0 net/core/dev.c:6039 __netif_receive_skb_one_core net/core/dev.c:6150 [inline] __netif_receive_skb net/core/dev.c:6265 [inline] process_backlog+0x76d/0x1950 net/core/dev.c:6617 __napi_poll+0xae/0x340 net/core/dev.c:7681 napi_poll net/core/dev.c:7744 [inline] net_rx_action+0x627/0xf70 net/core/dev.c:7896 handle_softirqs+0x22a/0x870 kernel/softirq.c:626 do_softirq+0x76/0xd0 kernel/softirq.c:523 __local_bh_enable_ip+0xf8/0x130 kernel/softirq.c:450 local_bh_enable include/linux/bottom_half.h:33 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:924 [inline] __dev_queue_xmit+0x1e6c/0x38a0 net/core/dev.c:4859 NF_HOOK_COND include/linux/netfilter.h:307 [inline] ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247 NF_HOOK include/linux/netfilter.h:318 [inline] ip6_xmit+0x10f9/0x1ac0 net/ipv6/ip6_output.c:372 inet6_csk_xmit+0x4a5/0x750 net/ipv6/inet6_connection_sock.c:114 __tcp_transmit_skb+0x249b/0x43e0 net/ipv4/tcp_output.c:1693 tcp_transmit_skb net/ipv4/tcp_output.c:1711 [inline] tcp_write_xmit+0x16e8/0x6980 net/ipv4/tcp_output.c:3064 __tcp_push_pending_frames+0x97/0x380 net/ipv4/tcp_output.c:3247 tcp_push_pending_frames include/net/tcp.h:2276 [inline] __tcp_sock_set_cork net/ipv4/tcp.c:3688 [inline] tcp_sock_set_cork+0x186/0x2e0 net/ipv4/tcp.c:3695 rds_send_xmit+0x207e/0x28d0 net/rds/send.c:480 rds_send_worker+0x7d/0x2e0 net/rds/threads.c:200 process_one_work+0x949/0x1650 kernel/workqueue.c:3279 process_scheduled_works kernel/workqueue.c:3362 [inline] worker_thread+0xb46/0x1140 kernel/workqueue.c:3443 kthread+0x388/0x470 kernel/kthread.c:467 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 BUG: sleeping function called from invalid context at net/core/sock.c:3782 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3518, name: kworker/u8:7 preempt_count: 303, expected: 0 RCU nest depth: 7, expected: 0 INFO: lockdep is turned off. Preemption disabled at: [] local_bh_disable include/linux/bottom_half.h:20 [inline] [] rcu_read_lock_bh include/linux/rcupdate.h:903 [inline] [] __dev_queue_xmit+0x281/0x38a0 net/core/dev.c:4757 CPU: 0 UID: 0 PID: 3518 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 Workqueue: krds_cp_wq#0/0 rds_send_worker Call Trace: dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120 __might_resched+0x378/0x4d0 kernel/sched/core.c:8884 lock_sock_nested+0x5d/0x100 net/core/sock.c:3782 lock_sock include/net/sock.h:1709 [inline] inet6_getname+0x15d/0x650 net/ipv6/af_inet6.c:533 rds_tcp_get_peer_sport net/rds/tcp_listen.c:70 [inline] rds_tcp_conn_slots_available+0x288/0x470 net/rds/tcp_listen.c:149 rds_recv_hs_exthdrs+0x60f/0x7c0 net/rds/recv.c:265 rds_recv_incoming+0x9f6/0x12d0 net/rds/recv.c:389 rds_tcp_data_recv+0x7f1/0xa40 net/rds/tcp_recv.c:243 __tcp_read_sock+0x196/0x970 net/ipv4/tcp.c:1702 rds_tcp_read_sock net/rds/tcp_recv.c:277 [inline] rds_tcp_data_ready+0x369/0x9a0 net/rds/tcp_recv.c:331 tcp_rcv_established+0x19f4/0x2740 net/ipv4/tcp_input.c:6675 tcp_v6_do_rcv+0x8eb/0x1ba0 net/ipv6/tcp_ipv6.c:1609 tcp_v6_rcv+0x2811/0x3110 net/ipv6/tcp_ipv6.c:1879 ip6_protocol_deliver_rcu+0xa73/0x1600 net/ipv6/ip6_input.c:438 ip6_input_finish+0x191/0x370 net/ipv6/ip6_input.c:489 NF_HOOK+0x336/0x3c0 include/linux/netfilter.h:318 ip6_input+0x16a/0x270 net/ipv6/ip6_input.c:500 ip_sabotage_in+0x1e1/0x270 net/bridge/br_netfilter_hooks.c:990 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline] nf_hook_slow+0xc5/0x220 net/netfilter/core.c:623 nf_hook include/linux/netfilter.h:273 [inline] NF_HOOK+0x21f/0x3c0 include/linux/netfilter.h:316 __netif_receive_skb_one_core net/core/dev.c:6152 [inline] __netif_receive_skb net/core/dev.c:6265 [inline] netif_receive_skb_internal net/core/dev.c:6351 [inline] netif_receive_skb+0x278/0xc50 net/core/dev.c:6410 NF_HOOK+0xa4/0x3a0 include/linux/netfilter.h:319 br_handle_frame_finish+0x14b2/0x1b40 net/bridge/br_input.c:-1 br_nf_hook_thresh+0x3dd/0x4c0 net/bridge/br_netfilter_hooks.c:-1 br_nf_pre_routing_finish_ipv6+0xa3a/0xd70 net/bridge/br_netfilter_ipv6.c:-1 NF_HOOK include/linux/netfilter.h:318 [inline] br_nf_pre_routing_ipv6+0x374/0x6f0 net/bridge/br_netfilter_ipv6.c:184 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline] nf_hook_bridge_pre net/bridge/br_input.c:291 [inline] br_handle_frame+0x1277/0x1510 net/bridge/br_input.c:442 __netif_receive_skb_core+0x98f/0x31a0 net/core/dev.c:6039 __netif_receive_skb_one_core net/core/dev.c:6150 [inline] __netif_receive_skb net/core/dev.c:6265 [inline] process_backlog+0x76d/0x1950 net/core/dev.c:6617 __napi_poll+0xae/0x340 net/core/dev.c:7681 napi_poll net/core/dev.c:7744 [inline] net_rx_action+0x627/0xf70 net/core/dev.c:7896 handle_softirqs+0x22a/0x870 kernel/softirq.c:626 do_softirq+0x76/0xd0 kernel/softirq.c:523 __local_bh_enable_ip+0xf8/0x130 kernel/softirq.c:450 local_bh_enable include/linux/bottom_half.h:33 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:924 [inline] __dev_queue_xmit+0x1e6c/0x38a0 net/core/dev.c:4859 NF_HOOK_COND include/linux/netfilter.h:307 [inline] ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247 NF_HOOK include/linux/netfilter.h:318 [inline] ip6_xmit+0x10f9/0x1ac0 net/ipv6/ip6_output.c:372 inet6_csk_xmit+0x4a5/0x750 net/ipv6/inet6_connection_sock.c:114 __tcp_transmit_skb+0x249b/0x43e0 net/ipv4/tcp_output.c:1693 tcp_transmit_skb net/ipv4/tcp_output.c:1711 [inline] tcp_write_xmit+0x16e8/0x6980 net/ipv4/tcp_output.c:3064 __tcp_push_pending_frames+0x97/0x380 net/ipv4/tcp_output.c:3247 tcp_push_pending_frames include/net/tcp.h:2276 [inline] __tcp_sock_set_cork net/ipv4/tcp.c:3688 [inline] tcp_sock_set_cork+0x186/0x2e0 net/ipv4/tcp.c:3695 rds_send_xmit+0x207e/0x28d0 net/rds/send.c:480 rds_send_worker+0x7d/0x2e0 net/rds/threads.c:200 process_one_work+0x949/0x1650 kernel/workqueue.c:3279 process_scheduled_works kernel/workqueue.c:3362 [inline] worker_thread+0xb46/0x1140 kernel/workqueue.c:3443 kthread+0x388/0x470 kernel/kthread.c:467 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 final repro crashed as (corrupted=false): ================================ WARNING: inconsistent lock state syzkaller #0 Not tainted -------------------------------- inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. kworker/u8:7/3518 [HC0[0]:SC1[3]:HE1:SE0] takes: ffff888067bb51e0 (k-sk_lock-AF_INET6){+.?.}-{0:0}, at: lock_sock include/net/sock.h:1709 [inline] ffff888067bb51e0 (k-sk_lock-AF_INET6){+.?.}-{0:0}, at: inet6_getname+0x15d/0x650 net/ipv6/af_inet6.c:533 {SOFTIRQ-ON-W} state was registered at: lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868 lock_sock_nested+0x48/0x100 net/core/sock.c:3780 lock_sock include/net/sock.h:1709 [inline] tcp_sock_set_nodelay+0x2a/0x180 net/ipv4/tcp.c:3718 rds_tcp_listen_init+0x168/0x410 net/rds/tcp_listen.c:404 rds_tcp_init_net+0x154/0x380 net/rds/tcp.c:568 ops_init+0x35c/0x5c0 net/core/net_namespace.c:137 __register_pernet_operations net/core/net_namespace.c:1312 [inline] register_pernet_operations+0x343/0x830 net/core/net_namespace.c:1389 register_pernet_device+0x2a/0x80 net/core/net_namespace.c:1476 rds_tcp_init+0xcf/0x170 net/rds/tcp.c:749 do_one_initcall+0x250/0x8d0 init/main.c:1382 do_initcall_level+0x104/0x190 init/main.c:1444 do_initcalls+0x59/0xa0 init/main.c:1460 kernel_init_freeable+0x2a6/0x3e0 init/main.c:1692 kernel_init+0x1d/0x1d0 init/main.c:1582 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 irq event stamp: 54204 hardirqs last enabled at (54204): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:178 [inline] hardirqs last enabled at (54204): [] _raw_spin_unlock_irqrestore+0x30/0x80 kernel/locking/spinlock.c:194 hardirqs last disabled at (54203): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:130 [inline] hardirqs last disabled at (54203): [] _raw_spin_lock_irqsave+0x1a/0x60 kernel/locking/spinlock.c:162 softirqs last enabled at (54114): [] local_bh_disable include/linux/bottom_half.h:20 [inline] softirqs last enabled at (54114): [] rcu_read_lock_bh include/linux/rcupdate.h:903 [inline] softirqs last enabled at (54114): [] __dev_queue_xmit+0x274/0x38a0 net/core/dev.c:4757 softirqs last disabled at (54115): [] do_softirq+0x76/0xd0 kernel/softirq.c:523 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(k-sk_lock-AF_INET6); lock(k-sk_lock-AF_INET6); *** DEADLOCK *** 12 locks held by kworker/u8:7/3518: #0: ffff888067b9b148 ((wq_completion)krds_cp_wq#0/0){+.+.}-{0:0}, at: process_one_work+0x855/0x1650 kernel/workqueue.c:3254 #1: ffffc9000bf7fc40 ((work_completion)(&(&cp->cp_send_w)->work)){+.+.}-{0:0}, at: process_one_work+0x87c/0x1650 kernel/workqueue.c:3255 #2: ffff888067bb5f20 (k-sk_lock-AF_INET6){+.?.}-{0:0}, at: lock_sock include/net/sock.h:1709 [inline] #2: ffff888067bb5f20 (k-sk_lock-AF_INET6){+.?.}-{0:0}, at: tcp_sock_set_cork+0x2c/0x2e0 net/ipv4/tcp.c:3694 #3: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline] #3: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline] #3: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: inet6_csk_xmit+0x1ee/0x750 net/ipv6/inet6_connection_sock.c:108 #4: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline] #4: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline] #4: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: ip6_xmit+0x2a1/0x1ac0 net/ipv6/ip6_output.c:287 #5: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline] #5: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline] #5: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: ip6_output+0x126/0x550 net/ipv6/ip6_output.c:235 #6: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: local_lock_acquire include/linux/local_lock_internal.h:46 [inline] #6: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: process_backlog+0x3eb/0x1950 net/core/dev.c:6613 #7: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline] #7: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline] #7: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: netif_receive_skb_internal net/core/dev.c:6338 [inline] #7: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: netif_receive_skb+0x102/0xc50 net/core/dev.c:6410 #8: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline] #8: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline] #8: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: nf_hook include/linux/netfilter.h:242 [inline] #8: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: NF_HOOK+0x9e/0x3c0 include/linux/netfilter.h:316 #9: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline] #9: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline] #9: ffffffff8e960320 (rcu_read_lock){....}-{1:3}, at: ip6_input+0x23/0x270 net/ipv6/ip6_input.c:499 #10: ffff888067bb5160 (k-slock-AF_INET6/1){+.-.}-{3:3}, at: tcp_v6_rcv+0x269b/0x3110 net/ipv6/tcp_ipv6.c:1875 #11: ffff888067bb5388 (k-clock-AF_INET6){++.-}-{3:3}, at: rds_tcp_data_ready+0x113/0x9a0 net/rds/tcp_recv.c:320 stack backtrace: CPU: 0 UID: 0 PID: 3518 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 Workqueue: krds_cp_wq#0/0 rds_send_worker Call Trace: dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120 print_usage_bug+0x28b/0x2e0 kernel/locking/lockdep.c:4042 valid_state kernel/locking/lockdep.c:4056 [inline] mark_lock_irq+0x410/0x420 kernel/locking/lockdep.c:-1 mark_lock+0x115/0x190 kernel/locking/lockdep.c:4753 mark_usage kernel/locking/lockdep.c:-1 [inline] __lock_acquire+0x689/0x2cf0 kernel/locking/lockdep.c:5191 lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868 lock_sock_nested+0x48/0x100 net/core/sock.c:3780 lock_sock include/net/sock.h:1709 [inline] inet6_getname+0x15d/0x650 net/ipv6/af_inet6.c:533 rds_tcp_get_peer_sport net/rds/tcp_listen.c:70 [inline] rds_tcp_conn_slots_available+0x288/0x470 net/rds/tcp_listen.c:149 rds_recv_hs_exthdrs+0x60f/0x7c0 net/rds/recv.c:265 rds_recv_incoming+0x9f6/0x12d0 net/rds/recv.c:389 rds_tcp_data_recv+0x7f1/0xa40 net/rds/tcp_recv.c:243 __tcp_read_sock+0x196/0x970 net/ipv4/tcp.c:1702 rds_tcp_read_sock net/rds/tcp_recv.c:277 [inline] rds_tcp_data_ready+0x369/0x9a0 net/rds/tcp_recv.c:331 tcp_rcv_established+0x19f4/0x2740 net/ipv4/tcp_input.c:6675 tcp_v6_do_rcv+0x8eb/0x1ba0 net/ipv6/tcp_ipv6.c:1609 tcp_v6_rcv+0x2811/0x3110 net/ipv6/tcp_ipv6.c:1879 ip6_protocol_deliver_rcu+0xa73/0x1600 net/ipv6/ip6_input.c:438 ip6_input_finish+0x191/0x370 net/ipv6/ip6_input.c:489 NF_HOOK+0x336/0x3c0 include/linux/netfilter.h:318 ip6_input+0x16a/0x270 net/ipv6/ip6_input.c:500 ip_sabotage_in+0x1e1/0x270 net/bridge/br_netfilter_hooks.c:990 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline] nf_hook_slow+0xc5/0x220 net/netfilter/core.c:623 nf_hook include/linux/netfilter.h:273 [inline] NF_HOOK+0x21f/0x3c0 include/linux/netfilter.h:316 __netif_receive_skb_one_core net/core/dev.c:6152 [inline] __netif_receive_skb net/core/dev.c:6265 [inline] netif_receive_skb_internal net/core/dev.c:6351 [inline] netif_receive_skb+0x278/0xc50 net/core/dev.c:6410 NF_HOOK+0xa4/0x3a0 include/linux/netfilter.h:319 br_handle_frame_finish+0x14b2/0x1b40 net/bridge/br_input.c:-1 br_nf_hook_thresh+0x3dd/0x4c0 net/bridge/br_netfilter_hooks.c:-1 br_nf_pre_routing_finish_ipv6+0xa3a/0xd70 net/bridge/br_netfilter_ipv6.c:-1 NF_HOOK include/linux/netfilter.h:318 [inline] br_nf_pre_routing_ipv6+0x374/0x6f0 net/bridge/br_netfilter_ipv6.c:184 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline] nf_hook_bridge_pre net/bridge/br_input.c:291 [inline] br_handle_frame+0x1277/0x1510 net/bridge/br_input.c:442 __netif_receive_skb_core+0x98f/0x31a0 net/core/dev.c:6039 __netif_receive_skb_one_core net/core/dev.c:6150 [inline] __netif_receive_skb net/core/dev.c:6265 [inline] process_backlog+0x76d/0x1950 net/core/dev.c:6617 __napi_poll+0xae/0x340 net/core/dev.c:7681 napi_poll net/core/dev.c:7744 [inline] net_rx_action+0x627/0xf70 net/core/dev.c:7896 handle_softirqs+0x22a/0x870 kernel/softirq.c:626 do_softirq+0x76/0xd0 kernel/softirq.c:523 __local_bh_enable_ip+0xf8/0x130 kernel/softirq.c:450 local_bh_enable include/linux/bottom_half.h:33 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:924 [inline] __dev_queue_xmit+0x1e6c/0x38a0 net/core/dev.c:4859 NF_HOOK_COND include/linux/netfilter.h:307 [inline] ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247 NF_HOOK include/linux/netfilter.h:318 [inline] ip6_xmit+0x10f9/0x1ac0 net/ipv6/ip6_output.c:372 inet6_csk_xmit+0x4a5/0x750 net/ipv6/inet6_connection_sock.c:114 __tcp_transmit_skb+0x249b/0x43e0 net/ipv4/tcp_output.c:1693 tcp_transmit_skb net/ipv4/tcp_output.c:1711 [inline] tcp_write_xmit+0x16e8/0x6980 net/ipv4/tcp_output.c:3064 __tcp_push_pending_frames+0x97/0x380 net/ipv4/tcp_output.c:3247 tcp_push_pending_frames include/net/tcp.h:2276 [inline] __tcp_sock_set_cork net/ipv4/tcp.c:3688 [inline] tcp_sock_set_cork+0x186/0x2e0 net/ipv4/tcp.c:3695 rds_send_xmit+0x207e/0x28d0 net/rds/send.c:480 rds_send_worker+0x7d/0x2e0 net/rds/threads.c:200 process_one_work+0x949/0x1650 kernel/workqueue.c:3279 process_scheduled_works kernel/workqueue.c:3362 [inline] worker_thread+0xb46/0x1140 kernel/workqueue.c:3443 kthread+0x388/0x470 kernel/kthread.c:467 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 BUG: sleeping function called from invalid context at net/core/sock.c:3782 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3518, name: kworker/u8:7 preempt_count: 303, expected: 0 RCU nest depth: 7, expected: 0 INFO: lockdep is turned off. Preemption disabled at: [] local_bh_disable include/linux/bottom_half.h:20 [inline] [] rcu_read_lock_bh include/linux/rcupdate.h:903 [inline] [] __dev_queue_xmit+0x281/0x38a0 net/core/dev.c:4757 CPU: 0 UID: 0 PID: 3518 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 Workqueue: krds_cp_wq#0/0 rds_send_worker Call Trace: dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120 __might_resched+0x378/0x4d0 kernel/sched/core.c:8884 lock_sock_nested+0x5d/0x100 net/core/sock.c:3782 lock_sock include/net/sock.h:1709 [inline] inet6_getname+0x15d/0x650 net/ipv6/af_inet6.c:533 rds_tcp_get_peer_sport net/rds/tcp_listen.c:70 [inline] rds_tcp_conn_slots_available+0x288/0x470 net/rds/tcp_listen.c:149 rds_recv_hs_exthdrs+0x60f/0x7c0 net/rds/recv.c:265 rds_recv_incoming+0x9f6/0x12d0 net/rds/recv.c:389 rds_tcp_data_recv+0x7f1/0xa40 net/rds/tcp_recv.c:243 __tcp_read_sock+0x196/0x970 net/ipv4/tcp.c:1702 rds_tcp_read_sock net/rds/tcp_recv.c:277 [inline] rds_tcp_data_ready+0x369/0x9a0 net/rds/tcp_recv.c:331 tcp_rcv_established+0x19f4/0x2740 net/ipv4/tcp_input.c:6675 tcp_v6_do_rcv+0x8eb/0x1ba0 net/ipv6/tcp_ipv6.c:1609 tcp_v6_rcv+0x2811/0x3110 net/ipv6/tcp_ipv6.c:1879 ip6_protocol_deliver_rcu+0xa73/0x1600 net/ipv6/ip6_input.c:438 ip6_input_finish+0x191/0x370 net/ipv6/ip6_input.c:489 NF_HOOK+0x336/0x3c0 include/linux/netfilter.h:318 ip6_input+0x16a/0x270 net/ipv6/ip6_input.c:500 ip_sabotage_in+0x1e1/0x270 net/bridge/br_netfilter_hooks.c:990 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline] nf_hook_slow+0xc5/0x220 net/netfilter/core.c:623 nf_hook include/linux/netfilter.h:273 [inline] NF_HOOK+0x21f/0x3c0 include/linux/netfilter.h:316 __netif_receive_skb_one_core net/core/dev.c:6152 [inline] __netif_receive_skb net/core/dev.c:6265 [inline] netif_receive_skb_internal net/core/dev.c:6351 [inline] netif_receive_skb+0x278/0xc50 net/core/dev.c:6410 NF_HOOK+0xa4/0x3a0 include/linux/netfilter.h:319 br_handle_frame_finish+0x14b2/0x1b40 net/bridge/br_input.c:-1 br_nf_hook_thresh+0x3dd/0x4c0 net/bridge/br_netfilter_hooks.c:-1 br_nf_pre_routing_finish_ipv6+0xa3a/0xd70 net/bridge/br_netfilter_ipv6.c:-1 NF_HOOK include/linux/netfilter.h:318 [inline] br_nf_pre_routing_ipv6+0x374/0x6f0 net/bridge/br_netfilter_ipv6.c:184 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline] nf_hook_bridge_pre net/bridge/br_input.c:291 [inline] br_handle_frame+0x1277/0x1510 net/bridge/br_input.c:442 __netif_receive_skb_core+0x98f/0x31a0 net/core/dev.c:6039 __netif_receive_skb_one_core net/core/dev.c:6150 [inline] __netif_receive_skb net/core/dev.c:6265 [inline] process_backlog+0x76d/0x1950 net/core/dev.c:6617 __napi_poll+0xae/0x340 net/core/dev.c:7681 napi_poll net/core/dev.c:7744 [inline] net_rx_action+0x627/0xf70 net/core/dev.c:7896 handle_softirqs+0x22a/0x870 kernel/softirq.c:626 do_softirq+0x76/0xd0 kernel/softirq.c:523 __local_bh_enable_ip+0xf8/0x130 kernel/softirq.c:450 local_bh_enable include/linux/bottom_half.h:33 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:924 [inline] __dev_queue_xmit+0x1e6c/0x38a0 net/core/dev.c:4859 NF_HOOK_COND include/linux/netfilter.h:307 [inline] ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247 NF_HOOK include/linux/netfilter.h:318 [inline] ip6_xmit+0x10f9/0x1ac0 net/ipv6/ip6_output.c:372 inet6_csk_xmit+0x4a5/0x750 net/ipv6/inet6_connection_sock.c:114 __tcp_transmit_skb+0x249b/0x43e0 net/ipv4/tcp_output.c:1693 tcp_transmit_skb net/ipv4/tcp_output.c:1711 [inline] tcp_write_xmit+0x16e8/0x6980 net/ipv4/tcp_output.c:3064 __tcp_push_pending_frames+0x97/0x380 net/ipv4/tcp_output.c:3247 tcp_push_pending_frames include/net/tcp.h:2276 [inline] __tcp_sock_set_cork net/ipv4/tcp.c:3688 [inline] tcp_sock_set_cork+0x186/0x2e0 net/ipv4/tcp.c:3695 rds_send_xmit+0x207e/0x28d0 net/rds/send.c:480 rds_send_worker+0x7d/0x2e0 net/rds/threads.c:200 process_one_work+0x949/0x1650 kernel/workqueue.c:3279 process_scheduled_works kernel/workqueue.c:3362 [inline] worker_thread+0xb46/0x1140 kernel/workqueue.c:3443 kthread+0x388/0x470 kernel/kthread.c:467 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245