Warning: Permanently added '[localhost]:54123' (ECDSA) to the list of known hosts.
2019/12/25 14:05:54 fuzzer started
2019/12/25 14:05:56 dialing manager at 10.0.2.10:41933
2019/12/25 14:05:56 syscalls: 2682
2019/12/25 14:05:56 code coverage: enabled
2019/12/25 14:05:56 comparison tracing: enabled
2019/12/25 14:05:56 extra coverage: enabled
2019/12/25 14:05:56 setuid sandbox: enabled
2019/12/25 14:05:56 namespace sandbox: enabled
2019/12/25 14:05:56 Android sandbox: /sys/fs/selinux/policy does not exist
2019/12/25 14:05:56 fault injection: enabled
2019/12/25 14:05:56 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/12/25 14:05:56 net packet injection: enabled
2019/12/25 14:05:56 net device setup: enabled
2019/12/25 14:05:56 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2019/12/25 14:05:56 devlink PCI setup: PCI device 0000:00:10.0 is not available
14:06:29 executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r1, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_vs\x00\x88\x8b\xe7\xbe\xc7\bD\xe5!\xc1\xaf\x05\xaaz6\xd7w \x00\x00\x00Q*\xe7ap\xfc\xfe\xf9-St\xaa\t\x8a\xb3\x04\a\vMZ\xfd\xf6\x1c\xd0j\x01S\xf4r\xd7\xeed\v\x82\xb7\x7f\xf5\x13+\xbb\xae\x1dp7-\x10\xc5\xad\x11\xb1\x88E\xae9}\xfa.\xae\xa6E')
sendfile(r0, r4, 0x0, 0x929c)

14:06:30 executing program 1:
r0 = gettid()
rt_sigprocmask(0x0, &(0x7f0000000000)={0xfffffffffffffffe}, 0x0, 0x8)
r1 = gettid()
tkill(r1, 0x1b)
r2 = getpid()
rt_tgsigqueueinfo(r2, r0, 0x22, &(0x7f0000000240))
r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000ff8)={0xfffffffffffffdb0}, 0x8, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
read(r3, &(0x7f00000001c0)=""/128, 0x614)

14:06:30 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x18, 0x16, 0x1, 0x0, 0x0, {0x1}, [@nested={0x4, 0x83}]}, 0x18}}, 0x0)

syzkaller login: [  178.051412][ T8005] IPVS: ftp: loaded support on port[0] = 21
[  178.087623][ T8007] IPVS: ftp: loaded support on port[0] = 21
[  178.248234][ T8009] IPVS: ftp: loaded support on port[0] = 21
14:06:30 executing program 3:
r0 = socket(0x2, 0x3, 0x100000001)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10)
sendto(r0, &(0x7f0000000600)="0400", 0x2, 0x8002, 0x0, 0x0)
write$binfmt_elf32(r0, &(0x7f0000000640)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38}}, 0x38)

[  178.528122][ T8005] chnl_net:caif_netlink_parms(): no params data found
[  178.586424][ T8011] IPVS: ftp: loaded support on port[0] = 21
[  178.692880][ T8009] chnl_net:caif_netlink_parms(): no params data found
[  178.729158][ T8005] bridge0: port 1(bridge_slave_0) entered blocking state
[  178.740755][ T8005] bridge0: port 1(bridge_slave_0) entered disabled state
[  178.753678][ T8005] device bridge_slave_0 entered promiscuous mode
[  178.782234][ T8007] chnl_net:caif_netlink_parms(): no params data found
[  178.808745][ T8005] bridge0: port 2(bridge_slave_1) entered blocking state
[  178.822167][ T8005] bridge0: port 2(bridge_slave_1) entered disabled state
[  178.836145][ T8005] device bridge_slave_1 entered promiscuous mode
[  178.887208][ T8005] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  178.921979][ T8005] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  178.944291][ T8009] bridge0: port 1(bridge_slave_0) entered blocking state
[  178.957319][ T8009] bridge0: port 1(bridge_slave_0) entered disabled state
[  178.972425][ T8009] device bridge_slave_0 entered promiscuous mode
[  178.986473][ T8009] bridge0: port 2(bridge_slave_1) entered blocking state
[  178.995871][ T8009] bridge0: port 2(bridge_slave_1) entered disabled state
[  179.005730][ T8009] device bridge_slave_1 entered promiscuous mode
[  179.025594][ T8007] bridge0: port 1(bridge_slave_0) entered blocking state
[  179.036235][ T8007] bridge0: port 1(bridge_slave_0) entered disabled state
[  179.053432][ T8007] device bridge_slave_0 entered promiscuous mode
[  179.077162][ T8005] team0: Port device team_slave_0 added
[  179.085343][ T8007] bridge0: port 2(bridge_slave_1) entered blocking state
[  179.094079][ T8007] bridge0: port 2(bridge_slave_1) entered disabled state
[  179.104463][ T8007] device bridge_slave_1 entered promiscuous mode
[  179.121874][ T8009] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  179.137231][ T8009] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  179.150921][ T8005] team0: Port device team_slave_1 added
[  179.194838][ T8007] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  179.254120][ T8005] device hsr_slave_0 entered promiscuous mode
[  179.321992][ T8005] device hsr_slave_1 entered promiscuous mode
[  179.394733][ T8009] team0: Port device team_slave_0 added
[  179.414809][ T8009] team0: Port device team_slave_1 added
[  179.426897][ T8007] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  179.456135][ T8011] chnl_net:caif_netlink_parms(): no params data found
[  179.496137][ T8007] team0: Port device team_slave_0 added
[  179.517143][ T8007] team0: Port device team_slave_1 added
[  179.623664][ T8009] device hsr_slave_0 entered promiscuous mode
[  179.721095][ T8009] device hsr_slave_1 entered promiscuous mode
[  179.790778][ T8009] debugfs: Directory 'hsr0' with parent '/' already present!
[  179.811056][ T8011] bridge0: port 1(bridge_slave_0) entered blocking state
[  179.820210][ T8011] bridge0: port 1(bridge_slave_0) entered disabled state
[  179.830198][ T8011] device bridge_slave_0 entered promiscuous mode
[  179.846299][ T8011] bridge0: port 2(bridge_slave_1) entered blocking state
[  179.856058][ T8011] bridge0: port 2(bridge_slave_1) entered disabled state
[  179.865900][ T8011] device bridge_slave_1 entered promiscuous mode
[  179.983478][ T8007] device hsr_slave_0 entered promiscuous mode
[  180.040989][ T8007] device hsr_slave_1 entered promiscuous mode
[  180.120932][ T8007] debugfs: Directory 'hsr0' with parent '/' already present!
[  180.143615][ T8011] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  180.160239][ T8011] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  180.183908][ T8005] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  180.244157][ T8005] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  180.306204][ T8005] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  180.364082][ T8011] team0: Port device team_slave_0 added
[  180.378776][ T8011] team0: Port device team_slave_1 added
[  180.395516][ T8009] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  180.473558][ T8005] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  180.573820][ T8009] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  180.773037][ T8011] device hsr_slave_0 entered promiscuous mode
[  180.840994][ T8011] device hsr_slave_1 entered promiscuous mode
[  180.900737][ T8011] debugfs: Directory 'hsr0' with parent '/' already present!
[  180.909828][ T8009] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  180.982833][ T8009] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  181.042718][ T8007] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  181.156148][ T8007] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  181.242602][ T8007] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  181.312893][ T8007] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  181.422989][ T8011] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  181.505328][ T8011] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  181.593157][ T8011] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  181.682784][ T8011] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  181.847580][ T8005] 8021q: adding VLAN 0 to HW filter on device bond0
[  181.916641][ T3873] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  181.934920][ T3873] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  181.960109][ T8009] 8021q: adding VLAN 0 to HW filter on device bond0
[  181.979135][ T8005] 8021q: adding VLAN 0 to HW filter on device team0
[  182.006598][ T8011] 8021q: adding VLAN 0 to HW filter on device bond0
[  182.039502][ T8007] 8021q: adding VLAN 0 to HW filter on device bond0
[  182.054836][ T3396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  182.071440][ T3396] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  182.085447][ T3396] bridge0: port 1(bridge_slave_0) entered blocking state
[  182.097203][ T3396] bridge0: port 1(bridge_slave_0) entered forwarding state
[  182.128740][ T3396] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  182.144775][ T3396] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  182.158981][ T3396] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  182.176476][ T3396] bridge0: port 2(bridge_slave_1) entered blocking state
[  182.187721][ T3396] bridge0: port 2(bridge_slave_1) entered forwarding state
[  182.201504][ T3396] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  182.212448][ T3396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  182.224866][ T3396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  182.254435][ T3018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  182.269758][ T3018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  182.283570][ T3018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  182.296245][ T3018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  182.309846][ T3018] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  182.326594][ T3018] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  182.342590][ T8011] 8021q: adding VLAN 0 to HW filter on device team0
[  182.359425][ T3873] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  182.373585][ T3873] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  182.391227][ T8007] 8021q: adding VLAN 0 to HW filter on device team0
[  182.406570][ T8009] 8021q: adding VLAN 0 to HW filter on device team0
[  182.437324][ T2584] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  182.456728][ T2584] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  182.475690][ T2584] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  182.493661][ T2584] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  182.515120][ T2584] bridge0: port 1(bridge_slave_0) entered blocking state
[  182.530918][ T2584] bridge0: port 1(bridge_slave_0) entered forwarding state
[  182.547869][ T2584] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  182.571534][ T2584] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  182.595295][ T2584] bridge0: port 2(bridge_slave_1) entered blocking state
[  182.619219][ T2584] bridge0: port 2(bridge_slave_1) entered forwarding state
[  182.639677][ T2584] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  182.664010][ T2584] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  182.686167][ T2584] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  182.716344][ T2584] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  182.746309][ T2584] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  182.768201][ T2584] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  182.789214][ T2584] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  182.810041][ T2584] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  182.831543][ T3396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  182.849058][ T3396] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  182.867548][ T3396] bridge0: port 1(bridge_slave_0) entered blocking state
[  182.881178][ T3396] bridge0: port 1(bridge_slave_0) entered forwarding state
[  182.902073][ T8005] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  182.918950][ T8005] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  182.929633][ T3396] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  182.942125][ T3396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  182.954369][ T3396] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  182.974594][ T3396] bridge0: port 1(bridge_slave_0) entered blocking state
[  182.989176][ T3396] bridge0: port 1(bridge_slave_0) entered forwarding state
[  183.008041][ T3396] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  183.023243][ T3396] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  183.038173][ T3396] bridge0: port 2(bridge_slave_1) entered blocking state
[  183.051902][ T3396] bridge0: port 2(bridge_slave_1) entered forwarding state
[  183.062622][ T3396] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  183.077800][ T3396] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  183.091176][ T3396] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  183.106073][ T3396] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  183.121993][ T3396] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  183.135042][ T3396] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  183.148831][ T3396] bridge0: port 2(bridge_slave_1) entered blocking state
[  183.159849][ T3396] bridge0: port 2(bridge_slave_1) entered forwarding state
[  183.172982][ T3396] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  183.183820][ T3396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  183.198669][ T3396] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  183.239347][ T8011] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  183.258868][ T8011] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  183.274945][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  183.288665][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  183.300961][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  183.315058][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  183.327544][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  183.352707][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  183.374082][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  183.398258][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  183.414719][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  183.429702][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  183.450297][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  183.486015][ T8009] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  183.518487][ T8009] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  183.549866][ T2584] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  183.579023][ T2584] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  183.594689][ T2584] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  183.628275][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  183.641364][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  183.651960][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  183.672541][ T3873] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  183.687415][ T3873] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  183.703345][ T3873] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  183.720483][ T3873] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  183.735973][ T3873] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  183.754123][ T3873] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  183.766808][ T3873] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  183.780372][ T3873] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  183.795149][ T3873] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  183.811081][ T3873] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  183.833434][ T8007] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  183.849833][ T8011] 8021q: adding VLAN 0 to HW filter on device batadv0
[  183.864599][ T3873] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  183.889496][ T8005] 8021q: adding VLAN 0 to HW filter on device batadv0
[  183.903677][ T2584] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  183.923540][ T2584] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  183.952043][ T8009] 8021q: adding VLAN 0 to HW filter on device batadv0
[  183.986222][ T8007] 8021q: adding VLAN 0 to HW filter on device batadv0
[  184.004247][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  184.019629][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
14:06:36 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
getsockopt$bt_BT_SNDMTU(r1, 0x112, 0xc, &(0x7f0000000000)=0x400, &(0x7f0000000080)=0x2)
socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = fcntl$dupfd(r2, 0x0, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
sendmsg(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)="24000000220007031dfffd946f610500000000000543000000000000421ba3a20400ff", 0x23}], 0x1}, 0x0)
r5 = socket(0x10, 0x80002, 0x0)
r6 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r6, 0x1000008912, &(0x7f00000001c0)="0805b5055e0bcfe8474071")
ioctl$sock_SIOCBRADDBR(r6, 0x89a0, &(0x7f00000000c0)='netdevsim0\x00')
sendmmsg$alg(r5, &(0x7f0000000180)=[{0x2, 0x1000000000000, &(0x7f0000000080), 0xe, &(0x7f0000000100)}], 0x492492492492642, 0x0)

14:06:36 executing program 1:
r0 = gettid()
rt_sigprocmask(0x0, &(0x7f0000000000)={0xfffffffffffffffe}, 0x0, 0x8)
r1 = gettid()
tkill(r1, 0x1b)
r2 = getpid()
rt_tgsigqueueinfo(r2, r0, 0x22, &(0x7f0000000240))
r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000ff8)={0xfffffffffffffdb0}, 0x8, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
read(r3, &(0x7f00000001c0)=""/128, 0x614)

14:06:36 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f0000000040)=0x100000001, 0x4)
bind$inet(r0, &(0x7f0000738ff0)={0x2, 0x4e21, @local}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000), 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000200), 0x88)
sendto$inet(r0, &(0x7f0000000640)="e046385738d0b6e2f17050c3002a9fe3e2f4bbc226e39bf35204d275a8fadde37aab3905bbacaf04d57fb246d660ea69d755b5fa4e9dcdda9919e7cfdd2fd6f2ffd8ca8b450d8b0646e2d9363d42c096c630e57a2bfd2c36cec695821437e9d3554f3eb5c048236b4b4adb7e302a1588fa2daa0101000000000000f38fe3b4bded81207efe8fd987bd3b2cc76b79deb96df13c5456630d4cfb858f6dbcdd4f199a5164ba2fde0014d7f98d9251bbc07bca2b6710308dddc540dfb44b0f9a5f27d73e1c33d091ce5c7f8e57291112231b051a2af634f381203b6b98cb0c0a1291bd094e861061a5a7cd4777d447690e4ce2c07c13e8be18014070681395d0b0c385e39ce7d422637255c6d13229f280b57064ba62d52e7bfe695f75de4854fdef56f93ca9d237175aa0197b0e6850bd4158666d28006da6a35362b29ed6895507ab4064c7fcece12dfb9411b1274080915c0d3a124ae1b77be2d7c8c9c86c4d7a7589d7fc9c922ac84b411d0c219816f586b6fc7d2452ff4c5eb64f913598968cfae6f30fb0dc0ee08865739ed8aef27a1d973860531ae8a8c5dd6263e690a5be08e6732a2d526a6455ab9a9fcd36140462021416cc8d43c5b09215d8e4c221ea58fc6974edb8e258c738811f523b25c3d94c91b7d080b5466cbe699b2123cac02430e01d4b57c0dc794268f9b172694745678fcc68c569d01e821113d76b090ac0740cd35f82bfc027bfd500904bc62e260dc9d60d1545396141cff61bf720d5aff18c58278cc2778eae68f3ead53a4adae3b68c5344c3a982939d84661a042622fc9414ee873a78548299340d8fdef879802c636400"/611, 0xffffffffffffffe3, 0x404c001, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x4000000000000004)
writev(r1, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c5602067fffffff81000000000000dca87086a5c000004f6400940005891550f4a8000000006700008000f0fffeffff09000080fff5dd00000010000100000c0900fcff0000040e05a5", 0x58}], 0x1)

14:06:36 executing program 3:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000001440)={0x2, 0x4e23, @multicast2}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x2200cf7d, &(0x7f0000e68000)={0x2, 0x4e23}, 0x10)
sendmsg$inet(r0, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000000180)="b851", 0x2}], 0x1}, 0x140000c9)
recvmsg(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000002540)=""/4107, 0x100b}], 0x1}, 0x0)

14:06:36 executing program 1:
socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
r3 = msgget$private(0x0, 0x0)
msgsnd(r3, &(0x7f0000000080)=ANY=[], 0x0, 0x0)
msgrcv(r3, &(0x7f0000000000)={0x0, ""/6}, 0xe, 0x2, 0x3800)

14:06:36 executing program 1:
socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
r3 = msgget$private(0x0, 0x0)
msgsnd(r3, &(0x7f0000000080)=ANY=[], 0x0, 0x0)
msgrcv(r3, &(0x7f0000000000)={0x0, ""/6}, 0xe, 0x2, 0x3800)

14:06:36 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x89f3, &(0x7f0000000140)='sit0\x00')

14:06:36 executing program 1:
socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
r3 = msgget$private(0x0, 0x0)
msgsnd(r3, &(0x7f0000000080)=ANY=[], 0x0, 0x0)
msgrcv(r3, &(0x7f0000000000)={0x0, ""/6}, 0xe, 0x2, 0x3800)

14:06:36 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$inet6(0xa, 0x800000000000002, 0x0)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr="ff3e6808e92b7abafc47d822996f60e4"}, 0x1c)
sendmmsg(r2, &(0x7f0000006d00), 0x1eb, 0x0)

14:06:36 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
shutdown(0xffffffffffffffff, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6)
dup(r0)
ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x800448d2, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x6c00000000000000)
perf_event_open(&(0x7f0000000040)={0x2, 0x75, 0xee67, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6)
dup(0xffffffffffffffff)
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x10000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0)
fchdir(r2)
syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r1, 0xc0406618, 0x0)
syz_genetlink_get_family_id$SEG6(&(0x7f00000000c0)='SEG6\x00')
umount2(&(0x7f0000000540)='./file0\x00', 0x4)

[  184.867877][    C0] hrtimer: interrupt took 34511 ns
14:06:37 executing program 0:

14:06:37 executing program 1:
socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
r3 = msgget$private(0x0, 0x0)
msgsnd(r3, &(0x7f0000000080)=ANY=[], 0x0, 0x0)
msgrcv(r3, &(0x7f0000000000)={0x0, ""/6}, 0xe, 0x2, 0x3800)

14:06:37 executing program 2:
r0 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r0, &(0x7f0000000180)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x24)
sendmmsg(0xffffffffffffffff, &(0x7f0000005c00)=[{{0x0, 0x8000000, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="100000001001000001000000ed58696d81c295beba33004e85d76029cabd3be24ff30d8a9a5e587ecb7859211e2f50688d9d189b2b750664c11478ef7edf0b5f5c0ccf407a74db88d55ca7251f02706d4d115ddb9189cf91b56270f48f6c0c786328ded2ca80484ae6d64cd31205a814c8c23e00c81d051672e5468353c087be40f552f142c26c885c819ea68da3dd2b447210474e17e4802a98513da13ccd8d0dca9b2a82e14259de5cc7af5e1e51f8"], 0x10}}], 0x2, 0x0)
sendmmsg(r0, &(0x7f0000005c00), 0x17c1ea0c475f298, 0x4009890)
close(r0)

14:06:37 executing program 2:
r0 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r0, &(0x7f0000000180)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x24)
sendmmsg(0xffffffffffffffff, &(0x7f0000005c00)=[{{0x0, 0x8000000, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="100000001001000001000000ed58696d81c295beba33004e85d76029cabd3be24ff30d8a9a5e587ecb7859211e2f50688d9d189b2b750664c11478ef7edf0b5f5c0ccf407a74db88d55ca7251f02706d4d115ddb9189cf91b56270f48f6c0c786328ded2ca80484ae6d64cd31205a814c8c23e00c81d051672e5468353c087be40f552f142c26c885c819ea68da3dd2b447210474e17e4802a98513da13ccd8d0dca9b2a82e14259de5cc7af5e1e51f8"], 0x10}}], 0x2, 0x0)
sendmmsg(r0, &(0x7f0000005c00), 0x17c1ea0c475f298, 0x4009890)
close(r0)

14:06:37 executing program 0:
r0 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r0, &(0x7f0000000180)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x24)
sendmmsg(0xffffffffffffffff, &(0x7f0000005c00)=[{{0x0, 0x8000000, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="100000001001000001000000ed58696d81c295beba33004e85d76029cabd3be24ff30d8a9a5e587ecb7859211e2f50688d9d189b2b750664c11478ef7edf0b5f5c0ccf407a74db88d55ca7251f02706d4d115ddb9189cf91b56270f48f6c0c786328ded2ca80484ae6d64cd31205a814c8c23e00c81d051672e5468353c087be40f552f142c26c885c819ea68da3dd2b447210474e17e4802a98513da13ccd8d0dca9b2a82e14259de5cc7af5e1e51f8"], 0x10}}], 0x2, 0x0)
sendmmsg(r0, &(0x7f0000005c00), 0x17c1ea0c475f298, 0x4009890)
close(r0)

14:06:37 executing program 1:
socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
r3 = msgget$private(0x0, 0x0)
msgrcv(r3, &(0x7f0000000000)={0x0, ""/6}, 0xe, 0x2, 0x3800)

[  204.523188][   T18] ------------[ cut here ]------------
[  204.553319][   T18] AppArmor WARN aa_sock_msg_perm: ((!sock)): 
[  204.555286][   T18] WARNING: CPU: 1 PID: 18 at security/apparmor/lsm.c:933 aa_sock_msg_perm.isra.0+0xdd/0x170
[  204.562722][   T18] Kernel panic - not syncing: panic_on_warn set ...
[  204.562722][   T18] CPU: 1 PID: 18 Comm: kworker/1:0 Not tainted 5.5.0-rc3-syzkaller #0
[  204.562722][   T18] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
[  204.562722][   T18] Workqueue: krxrpcd rxrpc_peer_keepalive_worker
[  204.562722][   T18] Call Trace:
[  204.872919][   T18]  dump_stack+0x197/0x210
[  204.872919][   T18]  ? aa_sock_msg_perm.isra.0+0xa0/0x170
[  204.872919][   T18]  panic+0x2e3/0x75c
[  204.872919][   T18]  ? add_taint.cold+0x16/0x16
[  204.872919][   T18]  ? __kasan_check_write+0x14/0x20
[  205.004729][   T18]  ? __warn.cold+0x14/0x3e
[  205.004729][   T18]  ? __warn+0xd9/0x1cf
[  205.004729][   T18]  ? aa_sock_msg_perm.isra.0+0xdd/0x170
[  205.004729][   T18]  __warn.cold+0x2f/0x3e
[  205.004729][   T18]  ? aa_sock_msg_perm.isra.0+0xdd/0x170
[  205.004729][   T18]  report_bug+0x289/0x300
[  205.004729][   T18]  do_error_trap+0x11b/0x200
[  205.004729][   T18]  do_invalid_op+0x37/0x50
[  205.004729][   T18]  ? aa_sock_msg_perm.isra.0+0xdd/0x170
[  205.004729][   T18]  invalid_op+0x23/0x30
[  205.004729][   T18] RIP: 0010:aa_sock_msg_perm.isra.0+0xdd/0x170
[  205.004729][   T18] Code: 89 ef e8 66 70 03 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 c6 c3 17 fe 48 c7 c6 e0 56 6a 88 48 c7 c7 20 41 6a 88 e8 22 6b e8 fd <0f> 0b e9 43 ff ff ff e8 a7 c3 17 fe 48 c7 c6 e0 56 6a 88 48 c7 c7
[  205.004729][   T18] RSP: 0018:ffffc900004cf9b0 EFLAGS: 00010286
[  205.004729][   T18] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  205.004729][   T18] RDX: 0000000000000000 RSI: ffffffff815e8b56 RDI: fffff52000099f28
[  205.004729][   T18] RBP: ffffc900004cf9d8 R08: ffff88802c6785c0 R09: fffffbfff1659bcc
[  205.004729][   T18] R10: fffffbfff1659bcb R11: ffffffff8b2cde5f R12: ffffc900004cfb20
[  205.004729][   T18] R13: ffffffff886a45c0 R14: 0000000000000002 R15: 000000000000001d
[  205.004729][   T18]  ? vprintk_func+0x86/0x189
[  205.004729][   T18]  apparmor_socket_sendmsg+0x2a/0x30
[  205.004729][   T18]  security_socket_sendmsg+0x77/0xc0
[  205.004729][   T18]  sock_sendmsg+0x45/0x130
[  205.004729][   T18]  kernel_sendmsg+0x44/0x50
[  205.004729][   T18]  rxrpc_send_keepalive+0x1ff/0x940
[  205.004729][   T18]  ? rxrpc_reject_packets+0xab0/0xab0
[  205.004729][   T18]  ? _raw_spin_unlock_bh+0x2c/0x30
[  205.004729][   T18]  ? __local_bh_enable_ip+0x15a/0x270
[  205.004729][   T18]  ? lockdep_hardirqs_on+0x421/0x5e0
[  205.004729][   T18]  ? rxrpc_peer_keepalive_worker+0x62e/0xd02
[  205.004729][   T18]  ? __local_bh_enable_ip+0x15a/0x270
[  205.004729][   T18]  rxrpc_peer_keepalive_worker+0x7be/0xd02
[  205.004729][   T18]  ? rxrpc_peer_add_rtt+0x650/0x650
[  205.004729][   T18]  ? rcu_read_lock_sched_held+0x9c/0xd0
[  205.004729][   T18]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[  205.004729][   T18]  ? trace_hardirqs_on+0x67/0x240
[  205.004729][   T18]  process_one_work+0x9af/0x1740
[  205.004729][   T18]  ? pwq_dec_nr_in_flight+0x320/0x320
[  205.004729][   T18]  ? lock_acquire+0x190/0x410
[  205.004729][   T18]  worker_thread+0x98/0xe40
[  205.004729][   T18]  kthread+0x361/0x430
[  205.004729][   T18]  ? process_one_work+0x1740/0x1740
[  205.004729][   T18]  ? kthread_mod_delayed_work+0x1f0/0x1f0
[  205.004729][   T18]  ret_from_fork+0x24/0x30
[  205.004729][   T18] Kernel Offset: disabled
[  205.004729][   T18] Rebooting in 86400 seconds..