6 [ 386.009139][T12099] [ 386.011451][T12099] Uninit was stored to memory at: [ 386.016449][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 386.022143][T12099] __msan_chain_origin+0x50/0x90 [ 386.027054][T12099] __get_compat_msghdr+0x5be/0x890 [ 386.032159][T12099] get_compat_msghdr+0x108/0x270 [ 386.037070][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 386.041547][T12099] __sys_recvmmsg+0x4ca/0x510 [ 386.046195][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 386.052237][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 386.058363][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 386.063620][T12099] do_int80_syscall_32+0x1d/0x30 [ 386.068545][T12099] entry_INT80_compat+0x71/0x76 [ 386.073371][T12099] [ 386.075668][T12099] Uninit was stored to memory at: [ 386.080665][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 386.086355][T12099] __msan_chain_origin+0x50/0x90 [ 386.091283][T12099] __get_compat_msghdr+0x5be/0x890 [ 386.096390][T12099] get_compat_msghdr+0x108/0x270 [ 386.101313][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 386.105801][T12099] __sys_recvmmsg+0x4ca/0x510 [ 386.110463][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 386.116506][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 386.122643][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 386.127919][T12099] do_int80_syscall_32+0x1d/0x30 [ 386.132849][T12099] entry_INT80_compat+0x71/0x76 [ 386.137675][T12099] [ 386.139988][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 386.146638][T12099] do_recvmmsg+0xc5/0x1ee0 [ 386.151028][T12099] do_recvmmsg+0xc5/0x1ee0 [ 386.252289][T12099] not chained 710000 origins [ 386.256916][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 386.265581][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 386.275636][T12099] Call Trace: [ 386.278936][T12099] dump_stack+0x1df/0x240 [ 386.283277][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 386.289024][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 386.294142][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 386.299688][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 386.305763][T12099] ? _copy_from_user+0x15b/0x260 [ 386.310705][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 386.315825][T12099] __msan_chain_origin+0x50/0x90 [ 386.320766][T12099] __get_compat_msghdr+0x5be/0x890 [ 386.325897][T12099] get_compat_msghdr+0x108/0x270 [ 386.330847][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 386.335370][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 386.341183][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 386.346726][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 386.351860][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 386.357493][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 386.362805][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 386.367566][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 386.372333][T12099] __sys_recvmmsg+0x4ca/0x510 [ 386.377015][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 386.382735][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 386.388807][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 386.395046][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 386.401205][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 386.406498][T12099] do_int80_syscall_32+0x1d/0x30 [ 386.411434][T12099] entry_INT80_compat+0x71/0x76 [ 386.416279][T12099] RIP: 0023:0xf7f87549 [ 386.420333][T12099] Code: Bad RIP value. [ 386.424390][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 386.432798][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 386.440769][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 386.448736][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 386.456694][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 386.464641][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 386.472596][T12099] Uninit was stored to memory at: [ 386.477608][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 386.483313][T12099] __msan_chain_origin+0x50/0x90 [ 386.488239][T12099] __get_compat_msghdr+0x5be/0x890 [ 386.493336][T12099] get_compat_msghdr+0x108/0x270 [ 386.498257][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 386.502742][T12099] __sys_recvmmsg+0x4ca/0x510 [ 386.507391][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 386.513436][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 386.519565][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 386.524828][T12099] do_int80_syscall_32+0x1d/0x30 [ 386.529753][T12099] entry_INT80_compat+0x71/0x76 [ 386.534580][T12099] [ 386.536878][T12099] Uninit was stored to memory at: [ 386.541878][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 386.547577][T12099] __msan_chain_origin+0x50/0x90 [ 386.552502][T12099] __get_compat_msghdr+0x5be/0x890 [ 386.557596][T12099] get_compat_msghdr+0x108/0x270 [ 386.562516][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 386.567014][T12099] __sys_recvmmsg+0x4ca/0x510 [ 386.571676][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 386.577735][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 386.583883][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 386.589155][T12099] do_int80_syscall_32+0x1d/0x30 [ 386.594074][T12099] entry_INT80_compat+0x71/0x76 [ 386.598889][T12099] [ 386.601186][T12099] Uninit was stored to memory at: [ 386.606184][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 386.611877][T12099] __msan_chain_origin+0x50/0x90 [ 386.616786][T12099] __get_compat_msghdr+0x5be/0x890 [ 386.621871][T12099] get_compat_msghdr+0x108/0x270 [ 386.626783][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 386.631262][T12099] __sys_recvmmsg+0x4ca/0x510 [ 386.635911][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 386.641950][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 386.648085][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 386.653365][T12099] do_int80_syscall_32+0x1d/0x30 [ 386.658274][T12099] entry_INT80_compat+0x71/0x76 [ 386.663108][T12099] [ 386.665409][T12099] Uninit was stored to memory at: [ 386.670407][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 386.676097][T12099] __msan_chain_origin+0x50/0x90 [ 386.681021][T12099] __get_compat_msghdr+0x5be/0x890 [ 386.686131][T12099] get_compat_msghdr+0x108/0x270 [ 386.691055][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 386.695534][T12099] __sys_recvmmsg+0x4ca/0x510 [ 386.700188][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 386.706228][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 386.712361][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 386.717634][T12099] do_int80_syscall_32+0x1d/0x30 [ 386.722556][T12099] entry_INT80_compat+0x71/0x76 [ 386.727421][T12099] [ 386.729732][T12099] Uninit was stored to memory at: [ 386.734746][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 386.740442][T12099] __msan_chain_origin+0x50/0x90 [ 386.745357][T12099] __get_compat_msghdr+0x5be/0x890 [ 386.750456][T12099] get_compat_msghdr+0x108/0x270 [ 386.755380][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 386.759861][T12099] __sys_recvmmsg+0x4ca/0x510 [ 386.764510][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 386.770552][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 386.776686][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 386.781947][T12099] do_int80_syscall_32+0x1d/0x30 [ 386.786859][T12099] entry_INT80_compat+0x71/0x76 [ 386.791688][T12099] [ 386.794002][T12099] Uninit was stored to memory at: [ 386.799044][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 386.804735][T12099] __msan_chain_origin+0x50/0x90 [ 386.809656][T12099] __get_compat_msghdr+0x5be/0x890 [ 386.814757][T12099] get_compat_msghdr+0x108/0x270 [ 386.819674][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 386.824166][T12099] __sys_recvmmsg+0x4ca/0x510 [ 386.828835][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 386.834886][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 386.841022][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 386.846326][T12099] do_int80_syscall_32+0x1d/0x30 [ 386.851237][T12099] entry_INT80_compat+0x71/0x76 [ 386.856054][T12099] [ 386.858362][T12099] Uninit was stored to memory at: [ 386.863372][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 386.869075][T12099] __msan_chain_origin+0x50/0x90 [ 386.874007][T12099] __get_compat_msghdr+0x5be/0x890 [ 386.879146][T12099] get_compat_msghdr+0x108/0x270 [ 386.884059][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 386.888548][T12099] __sys_recvmmsg+0x4ca/0x510 [ 386.893211][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 386.899368][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 386.905508][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 386.910771][T12099] do_int80_syscall_32+0x1d/0x30 [ 386.915727][T12099] entry_INT80_compat+0x71/0x76 [ 386.920550][T12099] [ 386.922855][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 386.929514][T12099] do_recvmmsg+0xc5/0x1ee0 [ 386.933915][T12099] do_recvmmsg+0xc5/0x1ee0 [ 387.044602][T12099] not chained 720000 origins [ 387.049222][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 387.057884][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 387.067933][T12099] Call Trace: [ 387.071239][T12099] dump_stack+0x1df/0x240 [ 387.075577][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 387.081322][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 387.086434][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 387.091983][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 387.098054][T12099] ? _copy_from_user+0x15b/0x260 [ 387.102991][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 387.108101][T12099] __msan_chain_origin+0x50/0x90 [ 387.113049][T12099] __get_compat_msghdr+0x5be/0x890 [ 387.118177][T12099] get_compat_msghdr+0x108/0x270 [ 387.123131][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 387.127656][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 387.133467][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 387.139018][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 387.144134][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 387.149769][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 387.155061][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 387.159830][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 387.164598][T12099] __sys_recvmmsg+0x4ca/0x510 [ 387.169287][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 387.175012][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 387.181088][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 387.187330][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 387.193488][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 387.198779][T12099] do_int80_syscall_32+0x1d/0x30 [ 387.203718][T12099] entry_INT80_compat+0x71/0x76 [ 387.208565][T12099] RIP: 0023:0xf7f87549 [ 387.212618][T12099] Code: Bad RIP value. [ 387.216674][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 387.225085][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 387.233052][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 387.241010][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 387.248961][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 387.256904][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 387.264855][T12099] Uninit was stored to memory at: [ 387.269857][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 387.275546][T12099] __msan_chain_origin+0x50/0x90 [ 387.280461][T12099] __get_compat_msghdr+0x5be/0x890 [ 387.285544][T12099] get_compat_msghdr+0x108/0x270 [ 387.290455][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 387.294928][T12099] __sys_recvmmsg+0x4ca/0x510 [ 387.299591][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 387.305643][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 387.311772][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 387.317028][T12099] do_int80_syscall_32+0x1d/0x30 [ 387.321939][T12099] entry_INT80_compat+0x71/0x76 [ 387.326754][T12099] [ 387.329051][T12099] Uninit was stored to memory at: [ 387.334048][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 387.339748][T12099] __msan_chain_origin+0x50/0x90 [ 387.344671][T12099] __get_compat_msghdr+0x5be/0x890 [ 387.349756][T12099] get_compat_msghdr+0x108/0x270 [ 387.354664][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 387.359160][T12099] __sys_recvmmsg+0x4ca/0x510 [ 387.363820][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 387.369870][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 387.376009][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 387.381270][T12099] do_int80_syscall_32+0x1d/0x30 [ 387.386178][T12099] entry_INT80_compat+0x71/0x76 [ 387.390995][T12099] [ 387.393294][T12099] Uninit was stored to memory at: [ 387.398301][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 387.404005][T12099] __msan_chain_origin+0x50/0x90 [ 387.408928][T12099] __get_compat_msghdr+0x5be/0x890 [ 387.414022][T12099] get_compat_msghdr+0x108/0x270 [ 387.418942][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 387.423427][T12099] __sys_recvmmsg+0x4ca/0x510 [ 387.428078][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 387.434115][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 387.440256][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 387.445518][T12099] do_int80_syscall_32+0x1d/0x30 [ 387.450438][T12099] entry_INT80_compat+0x71/0x76 [ 387.455271][T12099] [ 387.457589][T12099] Uninit was stored to memory at: [ 387.462602][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 387.468296][T12099] __msan_chain_origin+0x50/0x90 [ 387.473210][T12099] __get_compat_msghdr+0x5be/0x890 [ 387.478303][T12099] get_compat_msghdr+0x108/0x270 [ 387.483224][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 387.487701][T12099] __sys_recvmmsg+0x4ca/0x510 [ 387.492347][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 387.498391][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 387.504531][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 387.509794][T12099] do_int80_syscall_32+0x1d/0x30 [ 387.514707][T12099] entry_INT80_compat+0x71/0x76 [ 387.519531][T12099] [ 387.521847][T12099] Uninit was stored to memory at: [ 387.526855][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 387.532545][T12099] __msan_chain_origin+0x50/0x90 [ 387.537468][T12099] __get_compat_msghdr+0x5be/0x890 [ 387.542563][T12099] get_compat_msghdr+0x108/0x270 [ 387.547475][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 387.551951][T12099] __sys_recvmmsg+0x4ca/0x510 [ 387.556599][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 387.562640][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 387.568768][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 387.574025][T12099] do_int80_syscall_32+0x1d/0x30 [ 387.579033][T12099] entry_INT80_compat+0x71/0x76 [ 387.583861][T12099] [ 387.586161][T12099] Uninit was stored to memory at: [ 387.591161][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 387.596850][T12099] __msan_chain_origin+0x50/0x90 [ 387.601762][T12099] __get_compat_msghdr+0x5be/0x890 [ 387.606846][T12099] get_compat_msghdr+0x108/0x270 [ 387.611758][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 387.616285][T12099] __sys_recvmmsg+0x4ca/0x510 [ 387.620944][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 387.626987][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 387.633124][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 387.638434][T12099] do_int80_syscall_32+0x1d/0x30 [ 387.643361][T12099] entry_INT80_compat+0x71/0x76 [ 387.648180][T12099] [ 387.650480][T12099] Uninit was stored to memory at: [ 387.655478][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 387.661171][T12099] __msan_chain_origin+0x50/0x90 [ 387.666253][T12099] __get_compat_msghdr+0x5be/0x890 [ 387.671338][T12099] get_compat_msghdr+0x108/0x270 [ 387.676263][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 387.680875][T12099] __sys_recvmmsg+0x4ca/0x510 [ 387.685537][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 387.691580][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 387.697720][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 387.702994][T12099] do_int80_syscall_32+0x1d/0x30 [ 387.707906][T12099] entry_INT80_compat+0x71/0x76 [ 387.712723][T12099] [ 387.715025][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 387.721676][T12099] do_recvmmsg+0xc5/0x1ee0 [ 387.726064][T12099] do_recvmmsg+0xc5/0x1ee0 [ 387.829570][T12099] not chained 730000 origins [ 387.834197][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 387.842861][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 387.852916][T12099] Call Trace: [ 387.856213][T12099] dump_stack+0x1df/0x240 [ 387.860557][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 387.866299][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 387.871416][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 387.876962][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 387.883035][T12099] ? _copy_from_user+0x15b/0x260 [ 387.887974][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 387.893101][T12099] __msan_chain_origin+0x50/0x90 [ 387.898059][T12099] __get_compat_msghdr+0x5be/0x890 [ 387.903190][T12099] get_compat_msghdr+0x108/0x270 [ 387.908146][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 387.912664][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 387.918477][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 387.924019][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 387.929131][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 387.934773][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 387.940062][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 387.944826][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 387.949600][T12099] __sys_recvmmsg+0x4ca/0x510 [ 387.954286][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 387.960011][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 387.966080][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 387.972327][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 387.978486][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 387.983779][T12099] do_int80_syscall_32+0x1d/0x30 [ 387.988716][T12099] entry_INT80_compat+0x71/0x76 [ 387.993562][T12099] RIP: 0023:0xf7f87549 [ 387.997616][T12099] Code: Bad RIP value. [ 388.001674][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 388.010078][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 388.018045][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 388.025990][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 388.033934][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 388.041880][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 388.049834][T12099] Uninit was stored to memory at: [ 388.054836][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 388.060528][T12099] __msan_chain_origin+0x50/0x90 [ 388.065441][T12099] __get_compat_msghdr+0x5be/0x890 [ 388.070537][T12099] get_compat_msghdr+0x108/0x270 [ 388.075459][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 388.079949][T12099] __sys_recvmmsg+0x4ca/0x510 [ 388.084611][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 388.090659][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 388.096792][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 388.102066][T12099] do_int80_syscall_32+0x1d/0x30 [ 388.106976][T12099] entry_INT80_compat+0x71/0x76 [ 388.111794][T12099] [ 388.114101][T12099] Uninit was stored to memory at: [ 388.119103][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 388.124814][T12099] __msan_chain_origin+0x50/0x90 [ 388.129730][T12099] __get_compat_msghdr+0x5be/0x890 [ 388.134819][T12099] get_compat_msghdr+0x108/0x270 [ 388.139732][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 388.144246][T12099] __sys_recvmmsg+0x4ca/0x510 [ 388.148909][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 388.154960][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 388.161089][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 388.166348][T12099] do_int80_syscall_32+0x1d/0x30 [ 388.171269][T12099] entry_INT80_compat+0x71/0x76 [ 388.176098][T12099] [ 388.178405][T12099] Uninit was stored to memory at: [ 388.183415][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 388.189120][T12099] __msan_chain_origin+0x50/0x90 [ 388.194046][T12099] __get_compat_msghdr+0x5be/0x890 [ 388.199248][T12099] get_compat_msghdr+0x108/0x270 [ 388.204159][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 388.208645][T12099] __sys_recvmmsg+0x4ca/0x510 [ 388.213305][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 388.219354][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 388.225493][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 388.230756][T12099] do_int80_syscall_32+0x1d/0x30 [ 388.235664][T12099] entry_INT80_compat+0x71/0x76 [ 388.240479][T12099] [ 388.242781][T12099] Uninit was stored to memory at: [ 388.247913][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 388.253618][T12099] __msan_chain_origin+0x50/0x90 [ 388.258535][T12099] __get_compat_msghdr+0x5be/0x890 [ 388.263618][T12099] get_compat_msghdr+0x108/0x270 [ 388.268538][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 388.273024][T12099] __sys_recvmmsg+0x4ca/0x510 [ 388.277682][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 388.283731][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 388.289871][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 388.295206][T12099] do_int80_syscall_32+0x1d/0x30 [ 388.300117][T12099] entry_INT80_compat+0x71/0x76 [ 388.304948][T12099] [ 388.307251][T12099] Uninit was stored to memory at: [ 388.312262][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 388.317954][T12099] __msan_chain_origin+0x50/0x90 [ 388.322865][T12099] __get_compat_msghdr+0x5be/0x890 [ 388.327959][T12099] get_compat_msghdr+0x108/0x270 [ 388.332881][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 388.337368][T12099] __sys_recvmmsg+0x4ca/0x510 [ 388.342027][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 388.348083][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 388.354219][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 388.359479][T12099] do_int80_syscall_32+0x1d/0x30 [ 388.364387][T12099] entry_INT80_compat+0x71/0x76 [ 388.369208][T12099] [ 388.371519][T12099] Uninit was stored to memory at: [ 388.376523][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 388.382213][T12099] __msan_chain_origin+0x50/0x90 [ 388.387273][T12099] __get_compat_msghdr+0x5be/0x890 [ 388.392370][T12099] get_compat_msghdr+0x108/0x270 [ 388.397424][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 388.401911][T12099] __sys_recvmmsg+0x4ca/0x510 [ 388.406559][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 388.412609][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 388.418750][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 388.424023][T12099] do_int80_syscall_32+0x1d/0x30 [ 388.428941][T12099] entry_INT80_compat+0x71/0x76 [ 388.433768][T12099] [ 388.436066][T12099] Uninit was stored to memory at: [ 388.441067][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 388.446758][T12099] __msan_chain_origin+0x50/0x90 [ 388.451674][T12099] __get_compat_msghdr+0x5be/0x890 [ 388.456757][T12099] get_compat_msghdr+0x108/0x270 [ 388.461670][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 388.466148][T12099] __sys_recvmmsg+0x4ca/0x510 [ 388.470799][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 388.476838][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 388.482966][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 388.488243][T12099] do_int80_syscall_32+0x1d/0x30 [ 388.493178][T12099] entry_INT80_compat+0x71/0x76 [ 388.498012][T12099] [ 388.500323][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 388.506972][T12099] do_recvmmsg+0xc5/0x1ee0 [ 388.511369][T12099] do_recvmmsg+0xc5/0x1ee0 [ 388.612959][T12099] not chained 740000 origins [ 388.617592][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 388.626255][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 388.636412][T12099] Call Trace: [ 388.639706][T12099] dump_stack+0x1df/0x240 [ 388.644043][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 388.649788][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 388.654899][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 388.660447][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 388.666517][T12099] ? _copy_from_user+0x15b/0x260 [ 388.671457][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 388.676572][T12099] __msan_chain_origin+0x50/0x90 [ 388.681521][T12099] __get_compat_msghdr+0x5be/0x890 [ 388.686654][T12099] get_compat_msghdr+0x108/0x270 [ 388.691612][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 388.696137][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 388.701950][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 388.707512][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 388.712651][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 388.718287][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 388.723572][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 388.728335][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 388.733102][T12099] __sys_recvmmsg+0x4ca/0x510 [ 388.737785][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 388.743509][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 388.749585][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 388.755822][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 388.761972][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 388.767261][T12099] do_int80_syscall_32+0x1d/0x30 [ 388.772197][T12099] entry_INT80_compat+0x71/0x76 [ 388.777041][T12099] RIP: 0023:0xf7f87549 [ 388.781098][T12099] Code: Bad RIP value. [ 388.785155][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 388.793561][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 388.801529][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 388.809499][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 388.817464][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 388.825415][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 388.833372][T12099] Uninit was stored to memory at: [ 388.838390][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 388.844114][T12099] __msan_chain_origin+0x50/0x90 [ 388.849048][T12099] __get_compat_msghdr+0x5be/0x890 [ 388.854146][T12099] get_compat_msghdr+0x108/0x270 [ 388.859070][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 388.863562][T12099] __sys_recvmmsg+0x4ca/0x510 [ 388.868224][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 388.874274][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 388.880401][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 388.885662][T12099] do_int80_syscall_32+0x1d/0x30 [ 388.890576][T12099] entry_INT80_compat+0x71/0x76 [ 388.895394][T12099] [ 388.897694][T12099] Uninit was stored to memory at: [ 388.902695][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 388.908398][T12099] __msan_chain_origin+0x50/0x90 [ 388.913324][T12099] __get_compat_msghdr+0x5be/0x890 [ 388.918530][T12099] get_compat_msghdr+0x108/0x270 [ 388.923453][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 388.927942][T12099] __sys_recvmmsg+0x4ca/0x510 [ 388.932604][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 388.938644][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 388.944773][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 388.950049][T12099] do_int80_syscall_32+0x1d/0x30 [ 388.954970][T12099] entry_INT80_compat+0x71/0x76 [ 388.959786][T12099] [ 388.962084][T12099] Uninit was stored to memory at: [ 388.967180][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 388.972882][T12099] __msan_chain_origin+0x50/0x90 [ 388.977797][T12099] __get_compat_msghdr+0x5be/0x890 [ 388.982881][T12099] get_compat_msghdr+0x108/0x270 [ 388.987804][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 388.992301][T12099] __sys_recvmmsg+0x4ca/0x510 [ 388.996960][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 389.002999][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 389.009136][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 389.014408][T12099] do_int80_syscall_32+0x1d/0x30 [ 389.019317][T12099] entry_INT80_compat+0x71/0x76 [ 389.024136][T12099] [ 389.026434][T12099] Uninit was stored to memory at: [ 389.031434][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 389.037127][T12099] __msan_chain_origin+0x50/0x90 [ 389.042040][T12099] __get_compat_msghdr+0x5be/0x890 [ 389.047135][T12099] get_compat_msghdr+0x108/0x270 [ 389.052059][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 389.056535][T12099] __sys_recvmmsg+0x4ca/0x510 [ 389.061188][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 389.067236][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 389.073377][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 389.078650][T12099] do_int80_syscall_32+0x1d/0x30 [ 389.083572][T12099] entry_INT80_compat+0x71/0x76 [ 389.088395][T12099] [ 389.090707][T12099] Uninit was stored to memory at: [ 389.095706][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 389.101400][T12099] __msan_chain_origin+0x50/0x90 [ 389.106311][T12099] __get_compat_msghdr+0x5be/0x890 [ 389.111503][T12099] get_compat_msghdr+0x108/0x270 [ 389.116414][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 389.120894][T12099] __sys_recvmmsg+0x4ca/0x510 [ 389.125544][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 389.131586][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 389.137722][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 389.142982][T12099] do_int80_syscall_32+0x1d/0x30 [ 389.147901][T12099] entry_INT80_compat+0x71/0x76 [ 389.152729][T12099] [ 389.155028][T12099] Uninit was stored to memory at: [ 389.160026][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 389.165721][T12099] __msan_chain_origin+0x50/0x90 [ 389.170647][T12099] __get_compat_msghdr+0x5be/0x890 [ 389.175747][T12099] get_compat_msghdr+0x108/0x270 [ 389.180696][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 389.185170][T12099] __sys_recvmmsg+0x4ca/0x510 [ 389.189830][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 389.195879][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 389.202005][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 389.207278][T12099] do_int80_syscall_32+0x1d/0x30 [ 389.212197][T12099] entry_INT80_compat+0x71/0x76 [ 389.217019][T12099] [ 389.219329][T12099] Uninit was stored to memory at: [ 389.224327][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 389.230036][T12099] __msan_chain_origin+0x50/0x90 [ 389.234948][T12099] __get_compat_msghdr+0x5be/0x890 [ 389.240032][T12099] get_compat_msghdr+0x108/0x270 [ 389.244942][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 389.249429][T12099] __sys_recvmmsg+0x4ca/0x510 [ 389.254090][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 389.260129][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 389.266257][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 389.271518][T12099] do_int80_syscall_32+0x1d/0x30 [ 389.276426][T12099] entry_INT80_compat+0x71/0x76 [ 389.281246][T12099] [ 389.283550][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 389.290198][T12099] do_recvmmsg+0xc5/0x1ee0 [ 389.294588][T12099] do_recvmmsg+0xc5/0x1ee0 [ 389.395288][T12099] not chained 750000 origins [ 389.399909][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 389.408573][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 389.418728][T12099] Call Trace: [ 389.422020][T12099] dump_stack+0x1df/0x240 [ 389.426359][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 389.432103][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 389.437218][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 389.442767][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 389.448842][T12099] ? _copy_from_user+0x15b/0x260 [ 389.453780][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 389.458891][T12099] __msan_chain_origin+0x50/0x90 [ 389.463834][T12099] __get_compat_msghdr+0x5be/0x890 [ 389.468962][T12099] get_compat_msghdr+0x108/0x270 [ 389.473907][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 389.478428][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 389.484240][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 389.489790][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 389.494899][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 389.500562][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 389.505853][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 389.510619][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 389.515385][T12099] __sys_recvmmsg+0x4ca/0x510 [ 389.520106][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 389.525832][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 389.531909][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 389.538263][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 389.544417][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 389.549712][T12099] do_int80_syscall_32+0x1d/0x30 [ 389.554650][T12099] entry_INT80_compat+0x71/0x76 [ 389.559493][T12099] RIP: 0023:0xf7f87549 [ 389.563660][T12099] Code: Bad RIP value. [ 389.567717][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 389.576126][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 389.584089][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 389.592051][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 389.600019][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 389.608059][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 389.616022][T12099] Uninit was stored to memory at: [ 389.621025][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 389.626728][T12099] __msan_chain_origin+0x50/0x90 [ 389.631655][T12099] __get_compat_msghdr+0x5be/0x890 [ 389.636877][T12099] get_compat_msghdr+0x108/0x270 [ 389.641803][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 389.646280][T12099] __sys_recvmmsg+0x4ca/0x510 [ 389.650943][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 389.657004][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 389.663147][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 389.668421][T12099] do_int80_syscall_32+0x1d/0x30 [ 389.673342][T12099] entry_INT80_compat+0x71/0x76 [ 389.678209][T12099] [ 389.680519][T12099] Uninit was stored to memory at: [ 389.685520][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 389.691276][T12099] __msan_chain_origin+0x50/0x90 [ 389.696192][T12099] __get_compat_msghdr+0x5be/0x890 [ 389.701280][T12099] get_compat_msghdr+0x108/0x270 [ 389.706190][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 389.710668][T12099] __sys_recvmmsg+0x4ca/0x510 [ 389.715317][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 389.721369][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 389.727507][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 389.732778][T12099] do_int80_syscall_32+0x1d/0x30 [ 389.737697][T12099] entry_INT80_compat+0x71/0x76 [ 389.742535][T12099] [ 389.744835][T12099] Uninit was stored to memory at: [ 389.749837][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 389.755570][T12099] __msan_chain_origin+0x50/0x90 [ 389.760604][T12099] __get_compat_msghdr+0x5be/0x890 [ 389.765690][T12099] get_compat_msghdr+0x108/0x270 [ 389.770604][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 389.775079][T12099] __sys_recvmmsg+0x4ca/0x510 [ 389.779735][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 389.785772][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 389.791900][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 389.797172][T12099] do_int80_syscall_32+0x1d/0x30 [ 389.802094][T12099] entry_INT80_compat+0x71/0x76 [ 389.806928][T12099] [ 389.809244][T12099] Uninit was stored to memory at: [ 389.814247][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 389.819946][T12099] __msan_chain_origin+0x50/0x90 [ 389.824862][T12099] __get_compat_msghdr+0x5be/0x890 [ 389.829961][T12099] get_compat_msghdr+0x108/0x270 [ 389.834888][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 389.839375][T12099] __sys_recvmmsg+0x4ca/0x510 [ 389.844033][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 389.850105][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 389.856256][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 389.861521][T12099] do_int80_syscall_32+0x1d/0x30 [ 389.866432][T12099] entry_INT80_compat+0x71/0x76 [ 389.871255][T12099] [ 389.873568][T12099] Uninit was stored to memory at: [ 389.878573][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 389.884268][T12099] __msan_chain_origin+0x50/0x90 [ 389.889185][T12099] __get_compat_msghdr+0x5be/0x890 [ 389.894270][T12099] get_compat_msghdr+0x108/0x270 [ 389.899183][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 389.903661][T12099] __sys_recvmmsg+0x4ca/0x510 [ 389.908438][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 389.914488][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 389.920616][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 389.925874][T12099] do_int80_syscall_32+0x1d/0x30 [ 389.930787][T12099] entry_INT80_compat+0x71/0x76 [ 389.935622][T12099] [ 389.937927][T12099] Uninit was stored to memory at: [ 389.942937][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 389.948641][T12099] __msan_chain_origin+0x50/0x90 [ 389.953564][T12099] __get_compat_msghdr+0x5be/0x890 [ 389.958659][T12099] get_compat_msghdr+0x108/0x270 [ 389.963582][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 389.968081][T12099] __sys_recvmmsg+0x4ca/0x510 [ 389.972749][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 389.978798][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 389.984939][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 389.990202][T12099] do_int80_syscall_32+0x1d/0x30 [ 389.995154][T12099] entry_INT80_compat+0x71/0x76 [ 389.999985][T12099] [ 390.002284][T12099] Uninit was stored to memory at: [ 390.007299][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 390.013002][T12099] __msan_chain_origin+0x50/0x90 [ 390.017915][T12099] __get_compat_msghdr+0x5be/0x890 [ 390.022998][T12099] get_compat_msghdr+0x108/0x270 [ 390.027920][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 390.032410][T12099] __sys_recvmmsg+0x4ca/0x510 [ 390.037074][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 390.043126][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 390.049266][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 390.054535][T12099] do_int80_syscall_32+0x1d/0x30 [ 390.059455][T12099] entry_INT80_compat+0x71/0x76 [ 390.064272][T12099] [ 390.066571][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 390.073218][T12099] do_recvmmsg+0xc5/0x1ee0 [ 390.077608][T12099] do_recvmmsg+0xc5/0x1ee0 [ 390.179776][T12099] not chained 760000 origins [ 390.184392][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 390.193050][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 390.203117][T12099] Call Trace: [ 390.206409][T12099] dump_stack+0x1df/0x240 [ 390.210743][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 390.216486][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 390.221596][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 390.227142][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 390.233216][T12099] ? _copy_from_user+0x15b/0x260 [ 390.238156][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 390.243265][T12099] __msan_chain_origin+0x50/0x90 [ 390.248214][T12099] __get_compat_msghdr+0x5be/0x890 [ 390.253340][T12099] get_compat_msghdr+0x108/0x270 [ 390.258295][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 390.262815][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 390.268625][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 390.274171][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 390.279281][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 390.284917][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 390.290208][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 390.294997][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 390.299773][T12099] __sys_recvmmsg+0x4ca/0x510 [ 390.304459][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 390.310189][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 390.316269][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 390.322522][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 390.328691][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 390.333987][T12099] do_int80_syscall_32+0x1d/0x30 [ 390.338924][T12099] entry_INT80_compat+0x71/0x76 [ 390.343773][T12099] RIP: 0023:0xf7f87549 [ 390.347831][T12099] Code: Bad RIP value. [ 390.351894][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 390.360301][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 390.368279][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 390.376226][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 390.384278][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 390.392224][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 390.400185][T12099] Uninit was stored to memory at: [ 390.405200][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 390.410902][T12099] __msan_chain_origin+0x50/0x90 [ 390.415818][T12099] __get_compat_msghdr+0x5be/0x890 [ 390.420921][T12099] get_compat_msghdr+0x108/0x270 [ 390.425848][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 390.430348][T12099] __sys_recvmmsg+0x4ca/0x510 [ 390.435000][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 390.441041][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 390.447170][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 390.452431][T12099] do_int80_syscall_32+0x1d/0x30 [ 390.457357][T12099] entry_INT80_compat+0x71/0x76 [ 390.462184][T12099] [ 390.464481][T12099] Uninit was stored to memory at: [ 390.469480][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 390.475172][T12099] __msan_chain_origin+0x50/0x90 [ 390.480135][T12099] __get_compat_msghdr+0x5be/0x890 [ 390.485219][T12099] get_compat_msghdr+0x108/0x270 [ 390.490151][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 390.494641][T12099] __sys_recvmmsg+0x4ca/0x510 [ 390.499308][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 390.505357][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 390.511486][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 390.516755][T12099] do_int80_syscall_32+0x1d/0x30 [ 390.521676][T12099] entry_INT80_compat+0x71/0x76 [ 390.526496][T12099] [ 390.528804][T12099] Uninit was stored to memory at: [ 390.533814][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 390.539519][T12099] __msan_chain_origin+0x50/0x90 [ 390.544441][T12099] __get_compat_msghdr+0x5be/0x890 [ 390.549526][T12099] get_compat_msghdr+0x108/0x270 [ 390.554436][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 390.558926][T12099] __sys_recvmmsg+0x4ca/0x510 [ 390.563585][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 390.569795][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 390.575938][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 390.581249][T12099] do_int80_syscall_32+0x1d/0x30 [ 390.586159][T12099] entry_INT80_compat+0x71/0x76 [ 390.590976][T12099] [ 390.593274][T12099] Uninit was stored to memory at: [ 390.598282][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 390.603987][T12099] __msan_chain_origin+0x50/0x90 [ 390.608912][T12099] __get_compat_msghdr+0x5be/0x890 [ 390.613995][T12099] get_compat_msghdr+0x108/0x270 [ 390.618918][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 390.623405][T12099] __sys_recvmmsg+0x4ca/0x510 [ 390.628073][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 390.634158][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 390.640299][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 390.645572][T12099] do_int80_syscall_32+0x1d/0x30 [ 390.650481][T12099] entry_INT80_compat+0x71/0x76 [ 390.655297][T12099] [ 390.657602][T12099] Uninit was stored to memory at: [ 390.662613][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 390.668305][T12099] __msan_chain_origin+0x50/0x90 [ 390.673227][T12099] __get_compat_msghdr+0x5be/0x890 [ 390.678331][T12099] get_compat_msghdr+0x108/0x270 [ 390.683257][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 390.687743][T12099] __sys_recvmmsg+0x4ca/0x510 [ 390.692397][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 390.698450][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 390.704590][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 390.709852][T12099] do_int80_syscall_32+0x1d/0x30 [ 390.714761][T12099] entry_INT80_compat+0x71/0x76 [ 390.719584][T12099] [ 390.721894][T12099] Uninit was stored to memory at: [ 390.726903][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 390.732612][T12099] __msan_chain_origin+0x50/0x90 [ 390.737537][T12099] __get_compat_msghdr+0x5be/0x890 [ 390.742634][T12099] get_compat_msghdr+0x108/0x270 [ 390.747557][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 390.752047][T12099] __sys_recvmmsg+0x4ca/0x510 [ 390.756703][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 390.762753][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 390.768881][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 390.774138][T12099] do_int80_syscall_32+0x1d/0x30 [ 390.779056][T12099] entry_INT80_compat+0x71/0x76 [ 390.783884][T12099] [ 390.786187][T12099] Uninit was stored to memory at: [ 390.791191][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 390.796892][T12099] __msan_chain_origin+0x50/0x90 [ 390.801839][T12099] __get_compat_msghdr+0x5be/0x890 [ 390.806925][T12099] get_compat_msghdr+0x108/0x270 [ 390.811840][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 390.816314][T12099] __sys_recvmmsg+0x4ca/0x510 [ 390.820975][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 390.827040][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 390.833166][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 390.838434][T12099] do_int80_syscall_32+0x1d/0x30 [ 390.843365][T12099] entry_INT80_compat+0x71/0x76 [ 390.848188][T12099] [ 390.850493][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 390.857162][T12099] do_recvmmsg+0xc5/0x1ee0 [ 390.861672][T12099] do_recvmmsg+0xc5/0x1ee0 [ 390.963330][T12099] not chained 770000 origins [ 390.967956][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 390.976618][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 390.986668][T12099] Call Trace: [ 390.989968][T12099] dump_stack+0x1df/0x240 [ 390.994302][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 391.000047][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 391.005155][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 391.010702][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 391.016773][T12099] ? _copy_from_user+0x15b/0x260 [ 391.021712][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 391.026825][T12099] __msan_chain_origin+0x50/0x90 [ 391.031770][T12099] __get_compat_msghdr+0x5be/0x890 [ 391.036899][T12099] get_compat_msghdr+0x108/0x270 [ 391.041942][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 391.046462][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 391.052275][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 391.057820][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 391.062932][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 391.068569][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 391.073858][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 391.078619][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 391.083390][T12099] __sys_recvmmsg+0x4ca/0x510 [ 391.088079][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 391.093823][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 391.099898][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 391.106138][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 391.112298][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 391.117593][T12099] do_int80_syscall_32+0x1d/0x30 [ 391.122529][T12099] entry_INT80_compat+0x71/0x76 [ 391.127375][T12099] RIP: 0023:0xf7f87549 [ 391.131431][T12099] Code: Bad RIP value. [ 391.135491][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 391.143890][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 391.151837][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 391.159786][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 391.167736][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 391.175693][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 391.183643][T12099] Uninit was stored to memory at: [ 391.188655][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 391.194363][T12099] __msan_chain_origin+0x50/0x90 [ 391.199286][T12099] __get_compat_msghdr+0x5be/0x890 [ 391.205068][T12099] get_compat_msghdr+0x108/0x270 [ 391.209984][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 391.214460][T12099] __sys_recvmmsg+0x4ca/0x510 [ 391.219113][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 391.225150][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 391.231283][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 391.236553][T12099] do_int80_syscall_32+0x1d/0x30 [ 391.241474][T12099] entry_INT80_compat+0x71/0x76 [ 391.246292][T12099] [ 391.248596][T12099] Uninit was stored to memory at: [ 391.253611][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 391.259304][T12099] __msan_chain_origin+0x50/0x90 [ 391.264217][T12099] __get_compat_msghdr+0x5be/0x890 [ 391.269357][T12099] get_compat_msghdr+0x108/0x270 [ 391.274269][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 391.278747][T12099] __sys_recvmmsg+0x4ca/0x510 [ 391.283397][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 391.289436][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 391.295562][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 391.300823][T12099] do_int80_syscall_32+0x1d/0x30 [ 391.305733][T12099] entry_INT80_compat+0x71/0x76 [ 391.310552][T12099] [ 391.312855][T12099] Uninit was stored to memory at: [ 391.317854][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 391.323587][T12099] __msan_chain_origin+0x50/0x90 [ 391.328513][T12099] __get_compat_msghdr+0x5be/0x890 [ 391.333611][T12099] get_compat_msghdr+0x108/0x270 [ 391.338560][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 391.343034][T12099] __sys_recvmmsg+0x4ca/0x510 [ 391.347695][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 391.353746][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 391.359915][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 391.365172][T12099] do_int80_syscall_32+0x1d/0x30 [ 391.370091][T12099] entry_INT80_compat+0x71/0x76 [ 391.374924][T12099] [ 391.377224][T12099] Uninit was stored to memory at: [ 391.382222][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 391.387921][T12099] __msan_chain_origin+0x50/0x90 [ 391.392845][T12099] __get_compat_msghdr+0x5be/0x890 [ 391.397930][T12099] get_compat_msghdr+0x108/0x270 [ 391.402840][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 391.407325][T12099] __sys_recvmmsg+0x4ca/0x510 [ 391.411988][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 391.418026][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 391.424150][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 391.429409][T12099] do_int80_syscall_32+0x1d/0x30 [ 391.434318][T12099] entry_INT80_compat+0x71/0x76 [ 391.439136][T12099] [ 391.441434][T12099] Uninit was stored to memory at: [ 391.446432][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 391.452126][T12099] __msan_chain_origin+0x50/0x90 [ 391.457058][T12099] __get_compat_msghdr+0x5be/0x890 [ 391.462141][T12099] get_compat_msghdr+0x108/0x270 [ 391.467060][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 391.471544][T12099] __sys_recvmmsg+0x4ca/0x510 [ 391.476193][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 391.485013][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 391.491146][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 391.496407][T12099] do_int80_syscall_32+0x1d/0x30 [ 391.501318][T12099] entry_INT80_compat+0x71/0x76 [ 391.506136][T12099] [ 391.508443][T12099] Uninit was stored to memory at: [ 391.513454][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 391.519150][T12099] __msan_chain_origin+0x50/0x90 [ 391.524065][T12099] __get_compat_msghdr+0x5be/0x890 [ 391.529161][T12099] get_compat_msghdr+0x108/0x270 [ 391.534093][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 391.538586][T12099] __sys_recvmmsg+0x4ca/0x510 [ 391.543342][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 391.549384][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 391.555510][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 391.560767][T12099] do_int80_syscall_32+0x1d/0x30 [ 391.565676][T12099] entry_INT80_compat+0x71/0x76 [ 391.570493][T12099] [ 391.572793][T12099] Uninit was stored to memory at: [ 391.577794][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 391.583485][T12099] __msan_chain_origin+0x50/0x90 [ 391.588406][T12099] __get_compat_msghdr+0x5be/0x890 [ 391.593506][T12099] get_compat_msghdr+0x108/0x270 [ 391.598422][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 391.602898][T12099] __sys_recvmmsg+0x4ca/0x510 [ 391.607557][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 391.613622][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 391.619767][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 391.625026][T12099] do_int80_syscall_32+0x1d/0x30 [ 391.629937][T12099] entry_INT80_compat+0x71/0x76 [ 391.634768][T12099] [ 391.637079][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 391.643744][T12099] do_recvmmsg+0xc5/0x1ee0 [ 391.648134][T12099] do_recvmmsg+0xc5/0x1ee0 [ 391.751111][T12099] not chained 780000 origins [ 391.755754][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 391.764419][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 391.774469][T12099] Call Trace: [ 391.777762][T12099] dump_stack+0x1df/0x240 [ 391.782097][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 391.787842][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 391.792950][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 391.798499][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 391.804569][T12099] ? _copy_from_user+0x15b/0x260 [ 391.809510][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 391.814625][T12099] __msan_chain_origin+0x50/0x90 [ 391.819573][T12099] __get_compat_msghdr+0x5be/0x890 [ 391.824700][T12099] get_compat_msghdr+0x108/0x270 [ 391.829658][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 391.834180][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 391.839996][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 391.845539][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 391.850659][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 391.856300][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 391.861597][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 391.866366][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 391.871141][T12099] __sys_recvmmsg+0x4ca/0x510 [ 391.875825][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 391.881548][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 391.887635][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 391.893875][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 391.900131][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 391.905429][T12099] do_int80_syscall_32+0x1d/0x30 [ 391.910363][T12099] entry_INT80_compat+0x71/0x76 [ 391.915209][T12099] RIP: 0023:0xf7f87549 [ 391.919262][T12099] Code: Bad RIP value. [ 391.923323][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 391.931733][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 391.939699][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 391.947660][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 391.955606][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 391.963596][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 391.971553][T12099] Uninit was stored to memory at: [ 391.976565][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 391.982269][T12099] __msan_chain_origin+0x50/0x90 [ 391.987185][T12099] __get_compat_msghdr+0x5be/0x890 [ 391.992269][T12099] get_compat_msghdr+0x108/0x270 [ 391.997190][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 392.001676][T12099] __sys_recvmmsg+0x4ca/0x510 [ 392.006328][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 392.012367][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 392.018502][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 392.023773][T12099] do_int80_syscall_32+0x1d/0x30 [ 392.028685][T12099] entry_INT80_compat+0x71/0x76 [ 392.033501][T12099] [ 392.035800][T12099] Uninit was stored to memory at: [ 392.040798][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 392.046499][T12099] __msan_chain_origin+0x50/0x90 [ 392.051424][T12099] __get_compat_msghdr+0x5be/0x890 [ 392.056520][T12099] get_compat_msghdr+0x108/0x270 [ 392.061444][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 392.065919][T12099] __sys_recvmmsg+0x4ca/0x510 [ 392.070570][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 392.082428][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 392.088565][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 392.093871][T12099] do_int80_syscall_32+0x1d/0x30 [ 392.098805][T12099] entry_INT80_compat+0x71/0x76 [ 392.103638][T12099] [ 392.105936][T12099] Uninit was stored to memory at: [ 392.110935][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 392.116645][T12099] __msan_chain_origin+0x50/0x90 [ 392.121571][T12099] __get_compat_msghdr+0x5be/0x890 [ 392.126660][T12099] get_compat_msghdr+0x108/0x270 [ 392.131567][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 392.136043][T12099] __sys_recvmmsg+0x4ca/0x510 [ 392.140703][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 392.146763][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 392.152911][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 392.158196][T12099] do_int80_syscall_32+0x1d/0x30 [ 392.163122][T12099] entry_INT80_compat+0x71/0x76 [ 392.167941][T12099] [ 392.170241][T12099] Uninit was stored to memory at: [ 392.175242][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 392.180950][T12099] __msan_chain_origin+0x50/0x90 [ 392.185873][T12099] __get_compat_msghdr+0x5be/0x890 [ 392.190956][T12099] get_compat_msghdr+0x108/0x270 [ 392.195866][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 392.200344][T12099] __sys_recvmmsg+0x4ca/0x510 [ 392.204999][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 392.211037][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 392.217174][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 392.222450][T12099] do_int80_syscall_32+0x1d/0x30 [ 392.227363][T12099] entry_INT80_compat+0x71/0x76 [ 392.232181][T12099] [ 392.234478][T12099] Uninit was stored to memory at: [ 392.239478][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 392.245169][T12099] __msan_chain_origin+0x50/0x90 [ 392.250095][T12099] __get_compat_msghdr+0x5be/0x890 [ 392.255255][T12099] get_compat_msghdr+0x108/0x270 [ 392.260206][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 392.264680][T12099] __sys_recvmmsg+0x4ca/0x510 [ 392.269330][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 392.275368][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 392.281517][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 392.286787][T12099] do_int80_syscall_32+0x1d/0x30 [ 392.291708][T12099] entry_INT80_compat+0x71/0x76 [ 392.296532][T12099] [ 392.298848][T12099] Uninit was stored to memory at: [ 392.303857][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 392.309548][T12099] __msan_chain_origin+0x50/0x90 [ 392.314458][T12099] __get_compat_msghdr+0x5be/0x890 [ 392.319545][T12099] get_compat_msghdr+0x108/0x270 [ 392.324502][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 392.328980][T12099] __sys_recvmmsg+0x4ca/0x510 [ 392.333637][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 392.339677][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 392.345802][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 392.351098][T12099] do_int80_syscall_32+0x1d/0x30 [ 392.356011][T12099] entry_INT80_compat+0x71/0x76 [ 392.360846][T12099] [ 392.363160][T12099] Uninit was stored to memory at: [ 392.368160][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 392.373852][T12099] __msan_chain_origin+0x50/0x90 [ 392.378776][T12099] __get_compat_msghdr+0x5be/0x890 [ 392.383872][T12099] get_compat_msghdr+0x108/0x270 [ 392.388783][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 392.393263][T12099] __sys_recvmmsg+0x4ca/0x510 [ 392.397921][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 392.403974][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 392.410101][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 392.415362][T12099] do_int80_syscall_32+0x1d/0x30 [ 392.420271][T12099] entry_INT80_compat+0x71/0x76 [ 392.425086][T12099] [ 392.427394][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 392.434040][T12099] do_recvmmsg+0xc5/0x1ee0 [ 392.438440][T12099] do_recvmmsg+0xc5/0x1ee0 [ 392.545296][T12099] not chained 790000 origins [ 392.549916][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 392.558605][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 392.568657][T12099] Call Trace: [ 392.571958][T12099] dump_stack+0x1df/0x240 [ 392.576322][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 392.582072][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 392.587191][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 392.592737][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 392.598807][T12099] ? _copy_from_user+0x15b/0x260 [ 392.603745][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 392.608856][T12099] __msan_chain_origin+0x50/0x90 [ 392.613797][T12099] __get_compat_msghdr+0x5be/0x890 [ 392.618928][T12099] get_compat_msghdr+0x108/0x270 [ 392.623876][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 392.628396][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 392.634211][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 392.639755][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 392.644867][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 392.650505][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 392.655799][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 392.660563][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 392.665338][T12099] __sys_recvmmsg+0x4ca/0x510 [ 392.670140][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 392.675863][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 392.681949][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 392.688198][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 392.694356][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 392.699654][T12099] do_int80_syscall_32+0x1d/0x30 [ 392.704591][T12099] entry_INT80_compat+0x71/0x76 [ 392.709437][T12099] RIP: 0023:0xf7f87549 [ 392.713508][T12099] Code: Bad RIP value. [ 392.717568][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 392.725977][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 392.733945][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 392.741922][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 392.749890][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 392.757858][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 392.765822][T12099] Uninit was stored to memory at: [ 392.770827][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 392.776529][T12099] __msan_chain_origin+0x50/0x90 [ 392.781453][T12099] __get_compat_msghdr+0x5be/0x890 [ 392.786542][T12099] get_compat_msghdr+0x108/0x270 [ 392.791455][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 392.795929][T12099] __sys_recvmmsg+0x4ca/0x510 [ 392.800591][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 392.806650][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 392.812788][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 392.818060][T12099] do_int80_syscall_32+0x1d/0x30 [ 392.823083][T12099] entry_INT80_compat+0x71/0x76 [ 392.827925][T12099] [ 392.830321][T12099] Uninit was stored to memory at: [ 392.835319][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 392.841012][T12099] __msan_chain_origin+0x50/0x90 [ 392.845923][T12099] __get_compat_msghdr+0x5be/0x890 [ 392.851019][T12099] get_compat_msghdr+0x108/0x270 [ 392.855939][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 392.860419][T12099] __sys_recvmmsg+0x4ca/0x510 [ 392.865070][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 392.871116][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 392.877259][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 392.882548][T12099] do_int80_syscall_32+0x1d/0x30 [ 392.887523][T12099] entry_INT80_compat+0x71/0x76 [ 392.892342][T12099] [ 392.894644][T12099] Uninit was stored to memory at: [ 392.899649][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 392.905341][T12099] __msan_chain_origin+0x50/0x90 [ 392.910253][T12099] __get_compat_msghdr+0x5be/0x890 [ 392.915335][T12099] get_compat_msghdr+0x108/0x270 [ 392.920259][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 392.924863][T12099] __sys_recvmmsg+0x4ca/0x510 [ 392.929515][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 392.935553][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 392.941680][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 392.946952][T12099] do_int80_syscall_32+0x1d/0x30 [ 392.951871][T12099] entry_INT80_compat+0x71/0x76 [ 392.956693][T12099] [ 392.959010][T12099] Uninit was stored to memory at: [ 392.964010][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 392.969702][T12099] __msan_chain_origin+0x50/0x90 [ 392.974613][T12099] __get_compat_msghdr+0x5be/0x890 [ 392.979702][T12099] get_compat_msghdr+0x108/0x270 [ 392.984613][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 392.989097][T12099] __sys_recvmmsg+0x4ca/0x510 [ 392.993749][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 392.999787][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 393.005915][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 393.011174][T12099] do_int80_syscall_32+0x1d/0x30 [ 393.016083][T12099] entry_INT80_compat+0x71/0x76 [ 393.020905][T12099] [ 393.023203][T12099] Uninit was stored to memory at: [ 393.028202][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 393.033895][T12099] __msan_chain_origin+0x50/0x90 [ 393.038817][T12099] __get_compat_msghdr+0x5be/0x890 [ 393.043912][T12099] get_compat_msghdr+0x108/0x270 [ 393.048826][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 393.053303][T12099] __sys_recvmmsg+0x4ca/0x510 [ 393.057960][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 393.064012][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 393.070138][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 393.075398][T12099] do_int80_syscall_32+0x1d/0x30 [ 393.080308][T12099] entry_INT80_compat+0x71/0x76 [ 393.085125][T12099] [ 393.087478][T12099] Uninit was stored to memory at: [ 393.092479][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 393.098181][T12099] __msan_chain_origin+0x50/0x90 [ 393.103118][T12099] __get_compat_msghdr+0x5be/0x890 [ 393.108205][T12099] get_compat_msghdr+0x108/0x270 [ 393.113117][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 393.117606][T12099] __sys_recvmmsg+0x4ca/0x510 [ 393.122267][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 393.128309][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 393.134434][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 393.139698][T12099] do_int80_syscall_32+0x1d/0x30 [ 393.144606][T12099] entry_INT80_compat+0x71/0x76 [ 393.149422][T12099] [ 393.151721][T12099] Uninit was stored to memory at: [ 393.156729][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 393.162430][T12099] __msan_chain_origin+0x50/0x90 [ 393.167352][T12099] __get_compat_msghdr+0x5be/0x890 [ 393.172447][T12099] get_compat_msghdr+0x108/0x270 [ 393.177369][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 393.181855][T12099] __sys_recvmmsg+0x4ca/0x510 [ 393.186516][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 393.192569][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 393.198706][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 393.203973][T12099] do_int80_syscall_32+0x1d/0x30 [ 393.208883][T12099] entry_INT80_compat+0x71/0x76 [ 393.213698][T12099] [ 393.215995][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 393.222640][T12099] do_recvmmsg+0xc5/0x1ee0 [ 393.227029][T12099] do_recvmmsg+0xc5/0x1ee0 [ 393.328310][T12099] not chained 800000 origins [ 393.332934][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 393.341601][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 393.351649][T12099] Call Trace: [ 393.354943][T12099] dump_stack+0x1df/0x240 [ 393.359283][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 393.365030][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 393.370142][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 393.375685][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 393.381755][T12099] ? _copy_from_user+0x15b/0x260 [ 393.386693][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 393.391815][T12099] __msan_chain_origin+0x50/0x90 [ 393.396784][T12099] __get_compat_msghdr+0x5be/0x890 [ 393.401931][T12099] get_compat_msghdr+0x108/0x270 [ 393.406882][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 393.411402][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 393.417213][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 393.422755][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 393.427866][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 393.433498][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 393.438783][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 393.443547][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 393.448318][T12099] __sys_recvmmsg+0x4ca/0x510 [ 393.452999][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 393.458722][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 393.464793][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 393.471058][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 393.477220][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 393.482509][T12099] do_int80_syscall_32+0x1d/0x30 [ 393.487444][T12099] entry_INT80_compat+0x71/0x76 [ 393.492291][T12099] RIP: 0023:0xf7f87549 [ 393.496346][T12099] Code: Bad RIP value. [ 393.500404][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 393.508804][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 393.516758][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 393.524715][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 393.532660][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 393.540607][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 393.548705][T12099] Uninit was stored to memory at: [ 393.553708][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 393.559402][T12099] __msan_chain_origin+0x50/0x90 [ 393.564312][T12099] __get_compat_msghdr+0x5be/0x890 [ 393.569427][T12099] get_compat_msghdr+0x108/0x270 [ 393.574337][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 393.578824][T12099] __sys_recvmmsg+0x4ca/0x510 [ 393.583485][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 393.589524][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 393.595649][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 393.600910][T12099] do_int80_syscall_32+0x1d/0x30 [ 393.605820][T12099] entry_INT80_compat+0x71/0x76 [ 393.610642][T12099] [ 393.612963][T12099] Uninit was stored to memory at: [ 393.617988][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 393.623692][T12099] __msan_chain_origin+0x50/0x90 [ 393.628603][T12099] __get_compat_msghdr+0x5be/0x890 [ 393.633686][T12099] get_compat_msghdr+0x108/0x270 [ 393.638608][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 393.643112][T12099] __sys_recvmmsg+0x4ca/0x510 [ 393.647761][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 393.653814][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 393.659947][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 393.665207][T12099] do_int80_syscall_32+0x1d/0x30 [ 393.670127][T12099] entry_INT80_compat+0x71/0x76 [ 393.674943][T12099] [ 393.677264][T12099] Uninit was stored to memory at: [ 393.682275][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 393.687977][T12099] __msan_chain_origin+0x50/0x90 [ 393.693021][T12099] __get_compat_msghdr+0x5be/0x890 [ 393.698138][T12099] get_compat_msghdr+0x108/0x270 [ 393.703170][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 393.707649][T12099] __sys_recvmmsg+0x4ca/0x510 [ 393.712299][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 393.718346][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 393.724483][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 393.729754][T12099] do_int80_syscall_32+0x1d/0x30 [ 393.734679][T12099] entry_INT80_compat+0x71/0x76 [ 393.739495][T12099] [ 393.741793][T12099] Uninit was stored to memory at: [ 393.746792][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 393.752495][T12099] __msan_chain_origin+0x50/0x90 [ 393.757417][T12099] __get_compat_msghdr+0x5be/0x890 [ 393.762512][T12099] get_compat_msghdr+0x108/0x270 [ 393.767421][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 393.771912][T12099] __sys_recvmmsg+0x4ca/0x510 [ 393.776573][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 393.782623][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 393.788752][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 393.794011][T12099] do_int80_syscall_32+0x1d/0x30 [ 393.798929][T12099] entry_INT80_compat+0x71/0x76 [ 393.803761][T12099] [ 393.806066][T12099] Uninit was stored to memory at: [ 393.811082][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 393.816787][T12099] __msan_chain_origin+0x50/0x90 [ 393.821816][T12099] __get_compat_msghdr+0x5be/0x890 [ 393.826915][T12099] get_compat_msghdr+0x108/0x270 [ 393.831839][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 393.836328][T12099] __sys_recvmmsg+0x4ca/0x510 [ 393.840990][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 393.847042][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 393.853178][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 393.858457][T12099] do_int80_syscall_32+0x1d/0x30 [ 393.863382][T12099] entry_INT80_compat+0x71/0x76 [ 393.868197][T12099] [ 393.870498][T12099] Uninit was stored to memory at: [ 393.875498][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 393.881193][T12099] __msan_chain_origin+0x50/0x90 [ 393.886122][T12099] __get_compat_msghdr+0x5be/0x890 [ 393.891301][T12099] get_compat_msghdr+0x108/0x270 [ 393.896223][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 393.900710][T12099] __sys_recvmmsg+0x4ca/0x510 [ 393.905358][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 393.911399][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 393.917537][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 393.923763][T12099] do_int80_syscall_32+0x1d/0x30 [ 393.928673][T12099] entry_INT80_compat+0x71/0x76 [ 393.933490][T12099] [ 393.935788][T12099] Uninit was stored to memory at: [ 393.940789][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 393.946483][T12099] __msan_chain_origin+0x50/0x90 [ 393.951406][T12099] __get_compat_msghdr+0x5be/0x890 [ 393.956501][T12099] get_compat_msghdr+0x108/0x270 [ 393.961426][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 393.965902][T12099] __sys_recvmmsg+0x4ca/0x510 [ 393.970554][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 393.976605][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 393.982742][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 393.988001][T12099] do_int80_syscall_32+0x1d/0x30 [ 393.992911][T12099] entry_INT80_compat+0x71/0x76 [ 393.997733][T12099] [ 394.000045][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 394.006696][T12099] do_recvmmsg+0xc5/0x1ee0 [ 394.011082][T12099] do_recvmmsg+0xc5/0x1ee0 [ 394.112234][T12099] not chained 810000 origins [ 394.116856][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 394.125515][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 394.135563][T12099] Call Trace: [ 394.138857][T12099] dump_stack+0x1df/0x240 [ 394.143194][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 394.148936][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 394.154049][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 394.159598][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 394.165667][T12099] ? _copy_from_user+0x15b/0x260 [ 394.170603][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 394.175713][T12099] __msan_chain_origin+0x50/0x90 [ 394.180658][T12099] __get_compat_msghdr+0x5be/0x890 [ 394.185784][T12099] get_compat_msghdr+0x108/0x270 [ 394.190736][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 394.195253][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 394.201062][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 394.206608][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 394.211718][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 394.217349][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 394.222634][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 394.227398][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 394.232167][T12099] __sys_recvmmsg+0x4ca/0x510 [ 394.236854][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 394.242576][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 394.248652][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 394.254893][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 394.261143][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 394.266440][T12099] do_int80_syscall_32+0x1d/0x30 [ 394.271375][T12099] entry_INT80_compat+0x71/0x76 [ 394.276221][T12099] RIP: 0023:0xf7f87549 [ 394.280276][T12099] Code: Bad RIP value. [ 394.284334][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 394.292741][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 394.300703][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 394.308650][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 394.316608][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 394.324563][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 394.332515][T12099] Uninit was stored to memory at: [ 394.337521][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 394.343211][T12099] __msan_chain_origin+0x50/0x90 [ 394.348131][T12099] __get_compat_msghdr+0x5be/0x890 [ 394.353214][T12099] get_compat_msghdr+0x108/0x270 [ 394.358139][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 394.362625][T12099] __sys_recvmmsg+0x4ca/0x510 [ 394.367288][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 394.373338][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 394.379465][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 394.384734][T12099] do_int80_syscall_32+0x1d/0x30 [ 394.389651][T12099] entry_INT80_compat+0x71/0x76 [ 394.394468][T12099] [ 394.396772][T12099] Uninit was stored to memory at: [ 394.401784][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 394.407484][T12099] __msan_chain_origin+0x50/0x90 [ 394.412408][T12099] __get_compat_msghdr+0x5be/0x890 [ 394.417503][T12099] get_compat_msghdr+0x108/0x270 [ 394.422426][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 394.426922][T12099] __sys_recvmmsg+0x4ca/0x510 [ 394.431588][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 394.437631][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 394.443762][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 394.449041][T12099] do_int80_syscall_32+0x1d/0x30 [ 394.453950][T12099] entry_INT80_compat+0x71/0x76 [ 394.458768][T12099] [ 394.461068][T12099] Uninit was stored to memory at: [ 394.466077][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 394.471789][T12099] __msan_chain_origin+0x50/0x90 [ 394.476712][T12099] __get_compat_msghdr+0x5be/0x890 [ 394.481808][T12099] get_compat_msghdr+0x108/0x270 [ 394.486731][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 394.491221][T12099] __sys_recvmmsg+0x4ca/0x510 [ 394.495887][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 394.501937][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 394.508065][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 394.513322][T12099] do_int80_syscall_32+0x1d/0x30 [ 394.518233][T12099] entry_INT80_compat+0x71/0x76 [ 394.523049][T12099] [ 394.525369][T12099] Uninit was stored to memory at: [ 394.530369][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 394.536071][T12099] __msan_chain_origin+0x50/0x90 [ 394.541000][T12099] __get_compat_msghdr+0x5be/0x890 [ 394.546097][T12099] get_compat_msghdr+0x108/0x270 [ 394.551027][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 394.555499][T12099] __sys_recvmmsg+0x4ca/0x510 [ 394.560150][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 394.566200][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 394.572334][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 394.577606][T12099] do_int80_syscall_32+0x1d/0x30 [ 394.582530][T12099] entry_INT80_compat+0x71/0x76 [ 394.587354][T12099] [ 394.589665][T12099] Uninit was stored to memory at: [ 394.594697][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 394.600391][T12099] __msan_chain_origin+0x50/0x90 [ 394.605305][T12099] __get_compat_msghdr+0x5be/0x890 [ 394.610434][T12099] get_compat_msghdr+0x108/0x270 [ 394.615343][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 394.619821][T12099] __sys_recvmmsg+0x4ca/0x510 [ 394.624469][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 394.630510][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 394.636649][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 394.641922][T12099] do_int80_syscall_32+0x1d/0x30 [ 394.646841][T12099] entry_INT80_compat+0x71/0x76 [ 394.651674][T12099] [ 394.653987][T12099] Uninit was stored to memory at: [ 394.658996][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 394.664685][T12099] __msan_chain_origin+0x50/0x90 [ 394.669597][T12099] __get_compat_msghdr+0x5be/0x890 [ 394.674680][T12099] get_compat_msghdr+0x108/0x270 [ 394.679593][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 394.684067][T12099] __sys_recvmmsg+0x4ca/0x510 [ 394.688732][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 394.694785][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 394.700912][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 394.706187][T12099] do_int80_syscall_32+0x1d/0x30 [ 394.711108][T12099] entry_INT80_compat+0x71/0x76 [ 394.715930][T12099] [ 394.718240][T12099] Uninit was stored to memory at: [ 394.723245][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 394.728954][T12099] __msan_chain_origin+0x50/0x90 [ 394.733892][T12099] __get_compat_msghdr+0x5be/0x890 [ 394.738993][T12099] get_compat_msghdr+0x108/0x270 [ 394.743905][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 394.748384][T12099] __sys_recvmmsg+0x4ca/0x510 [ 394.753041][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 394.759081][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 394.765209][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 394.770469][T12099] do_int80_syscall_32+0x1d/0x30 [ 394.775429][T12099] entry_INT80_compat+0x71/0x76 [ 394.780249][T12099] [ 394.782558][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 394.789305][T12099] do_recvmmsg+0xc5/0x1ee0 [ 394.793698][T12099] do_recvmmsg+0xc5/0x1ee0 [ 394.896107][T12099] not chained 820000 origins [ 394.900737][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 394.909402][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 394.919465][T12099] Call Trace: [ 394.922759][T12099] dump_stack+0x1df/0x240 [ 394.927097][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 394.932845][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 394.937960][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 394.943508][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 394.949579][T12099] ? _copy_from_user+0x15b/0x260 [ 394.954517][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 394.959636][T12099] __msan_chain_origin+0x50/0x90 [ 394.964580][T12099] __get_compat_msghdr+0x5be/0x890 [ 394.969711][T12099] get_compat_msghdr+0x108/0x270 [ 394.974658][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 394.979183][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 394.985000][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 394.990543][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 394.995653][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 395.001288][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 395.006589][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 395.011362][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 395.016132][T12099] __sys_recvmmsg+0x4ca/0x510 [ 395.020812][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 395.026534][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 395.032605][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 395.038845][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 395.044999][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 395.050296][T12099] do_int80_syscall_32+0x1d/0x30 [ 395.055241][T12099] entry_INT80_compat+0x71/0x76 [ 395.060087][T12099] RIP: 0023:0xf7f87549 [ 395.064153][T12099] Code: Bad RIP value. [ 395.068222][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 395.076636][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 395.084597][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 395.092674][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 395.100627][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 395.108573][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 395.116535][T12099] Uninit was stored to memory at: [ 395.121551][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 395.127254][T12099] __msan_chain_origin+0x50/0x90 [ 395.132201][T12099] __get_compat_msghdr+0x5be/0x890 [ 395.137303][T12099] get_compat_msghdr+0x108/0x270 [ 395.142289][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 395.146784][T12099] __sys_recvmmsg+0x4ca/0x510 [ 395.151447][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 395.157503][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 395.163644][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 395.168906][T12099] do_int80_syscall_32+0x1d/0x30 [ 395.173829][T12099] entry_INT80_compat+0x71/0x76 [ 395.178651][T12099] [ 395.180953][T12099] Uninit was stored to memory at: [ 395.185968][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 395.191676][T12099] __msan_chain_origin+0x50/0x90 [ 395.196605][T12099] __get_compat_msghdr+0x5be/0x890 [ 395.201701][T12099] get_compat_msghdr+0x108/0x270 [ 395.206624][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 395.211118][T12099] __sys_recvmmsg+0x4ca/0x510 [ 395.215778][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 395.221829][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 395.227957][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 395.233215][T12099] do_int80_syscall_32+0x1d/0x30 [ 395.238135][T12099] entry_INT80_compat+0x71/0x76 [ 395.242967][T12099] [ 395.245266][T12099] Uninit was stored to memory at: [ 395.250265][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 395.255964][T12099] __msan_chain_origin+0x50/0x90 [ 395.260890][T12099] __get_compat_msghdr+0x5be/0x890 [ 395.265986][T12099] get_compat_msghdr+0x108/0x270 [ 395.270908][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 395.275380][T12099] __sys_recvmmsg+0x4ca/0x510 [ 395.280076][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 395.286134][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 395.292275][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 395.297547][T12099] do_int80_syscall_32+0x1d/0x30 [ 395.302468][T12099] entry_INT80_compat+0x71/0x76 [ 395.308675][T12099] [ 395.310973][T12099] Uninit was stored to memory at: [ 395.315982][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 395.321682][T12099] __msan_chain_origin+0x50/0x90 [ 395.326594][T12099] __get_compat_msghdr+0x5be/0x890 [ 395.331676][T12099] get_compat_msghdr+0x108/0x270 [ 395.336595][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 395.341082][T12099] __sys_recvmmsg+0x4ca/0x510 [ 395.345742][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 395.351794][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 395.357932][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 395.363201][T12099] do_int80_syscall_32+0x1d/0x30 [ 395.368128][T12099] entry_INT80_compat+0x71/0x76 [ 395.372955][T12099] [ 395.375266][T12099] Uninit was stored to memory at: [ 395.380266][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 395.385970][T12099] __msan_chain_origin+0x50/0x90 [ 395.390894][T12099] __get_compat_msghdr+0x5be/0x890 [ 395.395989][T12099] get_compat_msghdr+0x108/0x270 [ 395.400912][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 395.405394][T12099] __sys_recvmmsg+0x4ca/0x510 [ 395.410044][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 395.416090][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 395.422241][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 395.427501][T12099] do_int80_syscall_32+0x1d/0x30 [ 395.432411][T12099] entry_INT80_compat+0x71/0x76 [ 395.437235][T12099] [ 395.439548][T12099] Uninit was stored to memory at: [ 395.444634][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 395.450324][T12099] __msan_chain_origin+0x50/0x90 [ 395.455235][T12099] __get_compat_msghdr+0x5be/0x890 [ 395.460333][T12099] get_compat_msghdr+0x108/0x270 [ 395.465254][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 395.469731][T12099] __sys_recvmmsg+0x4ca/0x510 [ 395.474380][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 395.480431][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 395.486558][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 395.491821][T12099] do_int80_syscall_32+0x1d/0x30 [ 395.496742][T12099] entry_INT80_compat+0x71/0x76 [ 395.501573][T12099] [ 395.503879][T12099] Uninit was stored to memory at: [ 395.508880][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 395.514582][T12099] __msan_chain_origin+0x50/0x90 [ 395.519506][T12099] __get_compat_msghdr+0x5be/0x890 [ 395.524595][T12099] get_compat_msghdr+0x108/0x270 [ 395.529517][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 395.534000][T12099] __sys_recvmmsg+0x4ca/0x510 [ 395.538653][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 395.544691][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 395.550822][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 395.556091][T12099] do_int80_syscall_32+0x1d/0x30 [ 395.561013][T12099] entry_INT80_compat+0x71/0x76 [ 395.565837][T12099] [ 395.568154][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 395.574816][T12099] do_recvmmsg+0xc5/0x1ee0 [ 395.579210][T12099] do_recvmmsg+0xc5/0x1ee0 [ 395.680579][T12099] not chained 830000 origins [ 395.685209][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 395.693874][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 395.703927][T12099] Call Trace: [ 395.707225][T12099] dump_stack+0x1df/0x240 [ 395.711564][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 395.717311][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 395.722433][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 395.727989][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 395.734068][T12099] ? _copy_from_user+0x15b/0x260 [ 395.739444][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 395.744559][T12099] __msan_chain_origin+0x50/0x90 [ 395.749510][T12099] __get_compat_msghdr+0x5be/0x890 [ 395.754642][T12099] get_compat_msghdr+0x108/0x270 [ 395.759592][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 395.764120][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 395.769933][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 395.775476][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 395.780594][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 395.786234][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 395.791525][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 395.796287][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 395.801053][T12099] __sys_recvmmsg+0x4ca/0x510 [ 395.805736][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 395.811461][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 395.817536][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 395.823779][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 395.829936][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 395.835237][T12099] do_int80_syscall_32+0x1d/0x30 [ 395.840177][T12099] entry_INT80_compat+0x71/0x76 [ 395.845038][T12099] RIP: 0023:0xf7f87549 [ 395.849095][T12099] Code: Bad RIP value. [ 395.853151][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 395.861555][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 395.869525][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 395.877493][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 395.885461][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 395.893433][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 395.901411][T12099] Uninit was stored to memory at: [ 395.906442][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 395.912160][T12099] __msan_chain_origin+0x50/0x90 [ 395.917102][T12099] __get_compat_msghdr+0x5be/0x890 [ 395.922213][T12099] get_compat_msghdr+0x108/0x270 [ 395.927152][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 395.931655][T12099] __sys_recvmmsg+0x4ca/0x510 [ 395.936328][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 395.942393][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 395.948546][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 395.953826][T12099] do_int80_syscall_32+0x1d/0x30 [ 395.958757][T12099] entry_INT80_compat+0x71/0x76 [ 395.963590][T12099] [ 395.965911][T12099] Uninit was stored to memory at: [ 395.970934][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 395.976653][T12099] __msan_chain_origin+0x50/0x90 [ 395.981591][T12099] __get_compat_msghdr+0x5be/0x890 [ 395.986714][T12099] get_compat_msghdr+0x108/0x270 [ 395.991650][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 395.996155][T12099] __sys_recvmmsg+0x4ca/0x510 [ 396.000832][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 396.006898][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 396.013051][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 396.018333][T12099] do_int80_syscall_32+0x1d/0x30 [ 396.023267][T12099] entry_INT80_compat+0x71/0x76 [ 396.028104][T12099] [ 396.030425][T12099] Uninit was stored to memory at: [ 396.035452][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 396.041174][T12099] __msan_chain_origin+0x50/0x90 [ 396.046113][T12099] __get_compat_msghdr+0x5be/0x890 [ 396.051347][T12099] get_compat_msghdr+0x108/0x270 [ 396.056284][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 396.060785][T12099] __sys_recvmmsg+0x4ca/0x510 [ 396.065455][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 396.071520][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 396.077669][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 396.082952][T12099] do_int80_syscall_32+0x1d/0x30 [ 396.087887][T12099] entry_INT80_compat+0x71/0x76 [ 396.092726][T12099] [ 396.095043][T12099] Uninit was stored to memory at: [ 396.100069][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 396.105787][T12099] __msan_chain_origin+0x50/0x90 [ 396.110730][T12099] __get_compat_msghdr+0x5be/0x890 [ 396.115839][T12099] get_compat_msghdr+0x108/0x270 [ 396.120774][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 396.125273][T12099] __sys_recvmmsg+0x4ca/0x510 [ 396.129943][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 396.136007][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 396.142160][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 396.147451][T12099] do_int80_syscall_32+0x1d/0x30 [ 396.152385][T12099] entry_INT80_compat+0x71/0x76 [ 396.157218][T12099] [ 396.159536][T12099] Uninit was stored to memory at: [ 396.164561][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 396.170373][T12099] __msan_chain_origin+0x50/0x90 [ 396.175313][T12099] __get_compat_msghdr+0x5be/0x890 [ 396.180425][T12099] get_compat_msghdr+0x108/0x270 [ 396.185360][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 396.189863][T12099] __sys_recvmmsg+0x4ca/0x510 [ 396.194534][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 396.200711][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 396.206865][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 396.212152][T12099] do_int80_syscall_32+0x1d/0x30 [ 396.217083][T12099] entry_INT80_compat+0x71/0x76 [ 396.221917][T12099] [ 396.224237][T12099] Uninit was stored to memory at: [ 396.229269][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 396.234989][T12099] __msan_chain_origin+0x50/0x90 [ 396.239923][T12099] __get_compat_msghdr+0x5be/0x890 [ 396.245037][T12099] get_compat_msghdr+0x108/0x270 [ 396.249980][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 396.254485][T12099] __sys_recvmmsg+0x4ca/0x510 [ 396.259160][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 396.265228][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 396.271471][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 396.276754][T12099] do_int80_syscall_32+0x1d/0x30 [ 396.281688][T12099] entry_INT80_compat+0x71/0x76 [ 396.286524][T12099] [ 396.288842][T12099] Uninit was stored to memory at: [ 396.293863][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 396.299577][T12099] __msan_chain_origin+0x50/0x90 [ 396.304517][T12099] __get_compat_msghdr+0x5be/0x890 [ 396.309628][T12099] get_compat_msghdr+0x108/0x270 [ 396.314561][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 396.319066][T12099] __sys_recvmmsg+0x4ca/0x510 [ 396.323735][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 396.329800][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 396.335979][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 396.341265][T12099] do_int80_syscall_32+0x1d/0x30 [ 396.346197][T12099] entry_INT80_compat+0x71/0x76 [ 396.351033][T12099] [ 396.353354][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 396.360025][T12099] do_recvmmsg+0xc5/0x1ee0 [ 396.364440][T12099] do_recvmmsg+0xc5/0x1ee0 [ 396.517546][T12099] not chained 840000 origins [ 396.522169][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 396.530815][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 396.540849][T12099] Call Trace: [ 396.544122][T12099] dump_stack+0x1df/0x240 [ 396.548495][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 396.554210][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 396.559308][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 396.564842][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 396.570887][T12099] ? _copy_from_user+0x15b/0x260 [ 396.575800][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 396.580888][T12099] __msan_chain_origin+0x50/0x90 [ 396.585818][T12099] __get_compat_msghdr+0x5be/0x890 [ 396.590925][T12099] get_compat_msghdr+0x108/0x270 [ 396.595842][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 396.600327][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 396.606126][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 396.611660][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 396.616750][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 396.622359][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 396.627639][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 396.632390][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 396.637134][T12099] __sys_recvmmsg+0x4ca/0x510 [ 396.641793][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 396.647504][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 396.653562][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 396.659781][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 396.665924][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 396.671216][T12099] do_int80_syscall_32+0x1d/0x30 [ 396.676144][T12099] entry_INT80_compat+0x71/0x76 [ 396.680979][T12099] RIP: 0023:0xf7f87549 [ 396.685029][T12099] Code: Bad RIP value. [ 396.689072][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 396.697465][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 396.705422][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 396.713391][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 396.721349][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 396.729308][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 396.737274][T12099] Uninit was stored to memory at: [ 396.742284][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 396.747992][T12099] __msan_chain_origin+0x50/0x90 [ 396.752919][T12099] __get_compat_msghdr+0x5be/0x890 [ 396.758014][T12099] get_compat_msghdr+0x108/0x270 [ 396.762927][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 396.767420][T12099] __sys_recvmmsg+0x4ca/0x510 [ 396.772084][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 396.778135][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 396.784289][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 396.789575][T12099] do_int80_syscall_32+0x1d/0x30 [ 396.794496][T12099] entry_INT80_compat+0x71/0x76 [ 396.799316][T12099] [ 396.801618][T12099] Uninit was stored to memory at: [ 396.806630][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 396.812352][T12099] __msan_chain_origin+0x50/0x90 [ 396.817297][T12099] __get_compat_msghdr+0x5be/0x890 [ 396.822401][T12099] get_compat_msghdr+0x108/0x270 [ 396.827365][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 396.831847][T12099] __sys_recvmmsg+0x4ca/0x510 [ 396.836513][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 396.842569][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 396.848706][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 396.853971][T12099] do_int80_syscall_32+0x1d/0x30 [ 396.858885][T12099] entry_INT80_compat+0x71/0x76 [ 396.863742][T12099] [ 396.866045][T12099] Uninit was stored to memory at: [ 396.871047][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 396.876756][T12099] __msan_chain_origin+0x50/0x90 [ 396.881681][T12099] __get_compat_msghdr+0x5be/0x890 [ 396.886780][T12099] get_compat_msghdr+0x108/0x270 [ 396.891706][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 396.896197][T12099] __sys_recvmmsg+0x4ca/0x510 [ 396.900866][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 396.906910][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 396.913083][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 396.918369][T12099] do_int80_syscall_32+0x1d/0x30 [ 396.923289][T12099] entry_INT80_compat+0x71/0x76 [ 396.928109][T12099] [ 396.930413][T12099] Uninit was stored to memory at: [ 396.935424][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 396.941135][T12099] __msan_chain_origin+0x50/0x90 [ 396.946104][T12099] __get_compat_msghdr+0x5be/0x890 [ 396.951196][T12099] get_compat_msghdr+0x108/0x270 [ 396.956128][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 396.960617][T12099] __sys_recvmmsg+0x4ca/0x510 [ 396.965323][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 396.971365][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 396.977505][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 396.982791][T12099] do_int80_syscall_32+0x1d/0x30 [ 396.987714][T12099] entry_INT80_compat+0x71/0x76 [ 396.992541][T12099] [ 396.994842][T12099] Uninit was stored to memory at: [ 396.999853][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 397.005566][T12099] __msan_chain_origin+0x50/0x90 [ 397.010493][T12099] __get_compat_msghdr+0x5be/0x890 [ 397.015590][T12099] get_compat_msghdr+0x108/0x270 [ 397.020514][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 397.024991][T12099] __sys_recvmmsg+0x4ca/0x510 [ 397.029656][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 397.035718][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 397.041859][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 397.047126][T12099] do_int80_syscall_32+0x1d/0x30 [ 397.052039][T12099] entry_INT80_compat+0x71/0x76 [ 397.056861][T12099] [ 397.059173][T12099] Uninit was stored to memory at: [ 397.064175][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 397.069868][T12099] __msan_chain_origin+0x50/0x90 [ 397.074781][T12099] __get_compat_msghdr+0x5be/0x890 [ 397.079870][T12099] get_compat_msghdr+0x108/0x270 [ 397.084787][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 397.089267][T12099] __sys_recvmmsg+0x4ca/0x510 [ 397.093918][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 397.099964][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 397.106101][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 397.111380][T12099] do_int80_syscall_32+0x1d/0x30 [ 397.116307][T12099] entry_INT80_compat+0x71/0x76 [ 397.121185][T12099] [ 397.123489][T12099] Uninit was stored to memory at: [ 397.128499][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 397.134196][T12099] __msan_chain_origin+0x50/0x90 [ 397.139127][T12099] __get_compat_msghdr+0x5be/0x890 [ 397.144233][T12099] get_compat_msghdr+0x108/0x270 [ 397.149151][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 397.153752][T12099] __sys_recvmmsg+0x4ca/0x510 [ 397.158416][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 397.164468][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 397.170596][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 397.175868][T12099] do_int80_syscall_32+0x1d/0x30 [ 397.180790][T12099] entry_INT80_compat+0x71/0x76 [ 397.185615][T12099] [ 397.187921][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 397.194579][T12099] do_recvmmsg+0xc5/0x1ee0 [ 397.198981][T12099] do_recvmmsg+0xc5/0x1ee0 [ 397.317100][T12099] not chained 850000 origins [ 397.321750][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 397.330415][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 397.340466][T12099] Call Trace: [ 397.343770][T12099] dump_stack+0x1df/0x240 [ 397.348109][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 397.353859][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 397.358972][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 397.364524][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 397.370599][T12099] ? _copy_from_user+0x15b/0x260 [ 397.375538][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 397.380653][T12099] __msan_chain_origin+0x50/0x90 [ 397.385599][T12099] __get_compat_msghdr+0x5be/0x890 [ 397.390738][T12099] get_compat_msghdr+0x108/0x270 [ 397.395696][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 397.400214][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 397.406029][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 397.411576][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 397.416692][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 397.422332][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 397.427702][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 397.432487][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 397.437261][T12099] __sys_recvmmsg+0x4ca/0x510 [ 397.441951][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 397.447680][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 397.453755][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 397.459998][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 397.466160][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 397.471461][T12099] do_int80_syscall_32+0x1d/0x30 [ 397.476406][T12099] entry_INT80_compat+0x71/0x76 [ 397.481252][T12099] RIP: 0023:0xf7f87549 [ 397.485307][T12099] Code: Bad RIP value. [ 397.489366][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 397.497893][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 397.505863][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 397.513833][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 397.521811][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 397.529780][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 397.537759][T12099] Uninit was stored to memory at: [ 397.542789][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 397.548509][T12099] __msan_chain_origin+0x50/0x90 [ 397.553449][T12099] __get_compat_msghdr+0x5be/0x890 [ 397.558560][T12099] get_compat_msghdr+0x108/0x270 [ 397.563503][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 397.568010][T12099] __sys_recvmmsg+0x4ca/0x510 [ 397.572691][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 397.578755][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 397.584912][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 397.590199][T12099] do_int80_syscall_32+0x1d/0x30 [ 397.595137][T12099] entry_INT80_compat+0x71/0x76 [ 397.599976][T12099] [ 397.602296][T12099] Uninit was stored to memory at: [ 397.607333][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 397.613053][T12099] __msan_chain_origin+0x50/0x90 [ 397.617994][T12099] __get_compat_msghdr+0x5be/0x890 [ 397.623152][T12099] get_compat_msghdr+0x108/0x270 [ 397.628094][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 397.632605][T12099] __sys_recvmmsg+0x4ca/0x510 [ 397.637279][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 397.643346][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 397.649498][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 397.654784][T12099] do_int80_syscall_32+0x1d/0x30 [ 397.659720][T12099] entry_INT80_compat+0x71/0x76 [ 397.664557][T12099] [ 397.666888][T12099] Uninit was stored to memory at: [ 397.671912][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 397.677632][T12099] __msan_chain_origin+0x50/0x90 [ 397.682572][T12099] __get_compat_msghdr+0x5be/0x890 [ 397.687703][T12099] get_compat_msghdr+0x108/0x270 [ 397.692644][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 397.697146][T12099] __sys_recvmmsg+0x4ca/0x510 [ 397.701859][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 397.707922][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 397.714082][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 397.719372][T12099] do_int80_syscall_32+0x1d/0x30 [ 397.724306][T12099] entry_INT80_compat+0x71/0x76 [ 397.729143][T12099] [ 397.731467][T12099] Uninit was stored to memory at: [ 397.736621][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 397.742358][T12099] __msan_chain_origin+0x50/0x90 [ 397.747309][T12099] __get_compat_msghdr+0x5be/0x890 [ 397.752422][T12099] get_compat_msghdr+0x108/0x270 [ 397.757371][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 397.761889][T12099] __sys_recvmmsg+0x4ca/0x510 [ 397.766566][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 397.772632][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 397.778785][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 397.784065][T12099] do_int80_syscall_32+0x1d/0x30 [ 397.789005][T12099] entry_INT80_compat+0x71/0x76 [ 397.793844][T12099] [ 397.796163][T12099] Uninit was stored to memory at: [ 397.801190][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 397.811252][T12099] __msan_chain_origin+0x50/0x90 [ 397.816201][T12099] __get_compat_msghdr+0x5be/0x890 [ 397.821321][T12099] get_compat_msghdr+0x108/0x270 [ 397.826268][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 397.830776][T12099] __sys_recvmmsg+0x4ca/0x510 [ 397.835457][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 397.841652][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 397.847816][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 397.853113][T12099] do_int80_syscall_32+0x1d/0x30 [ 397.858057][T12099] entry_INT80_compat+0x71/0x76 [ 397.862897][T12099] [ 397.865220][T12099] Uninit was stored to memory at: [ 397.870244][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 397.875968][T12099] __msan_chain_origin+0x50/0x90 [ 397.880912][T12099] __get_compat_msghdr+0x5be/0x890 [ 397.886026][T12099] get_compat_msghdr+0x108/0x270 [ 397.890962][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 397.895465][T12099] __sys_recvmmsg+0x4ca/0x510 [ 397.900141][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 397.906211][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 397.912367][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 397.917677][T12099] do_int80_syscall_32+0x1d/0x30 [ 397.922600][T12099] entry_INT80_compat+0x71/0x76 [ 397.927433][T12099] [ 397.929747][T12099] Uninit was stored to memory at: [ 397.934758][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 397.940471][T12099] __msan_chain_origin+0x50/0x90 [ 397.945408][T12099] __get_compat_msghdr+0x5be/0x890 [ 397.950509][T12099] get_compat_msghdr+0x108/0x270 [ 397.955435][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 397.959926][T12099] __sys_recvmmsg+0x4ca/0x510 [ 397.964578][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 397.970625][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 397.976769][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 397.982034][T12099] do_int80_syscall_32+0x1d/0x30 [ 397.986953][T12099] entry_INT80_compat+0x71/0x76 [ 397.991785][T12099] [ 397.994093][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 398.000764][T12099] do_recvmmsg+0xc5/0x1ee0 [ 398.005159][T12099] do_recvmmsg+0xc5/0x1ee0 [ 398.099861][T12099] not chained 860000 origins [ 398.104482][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 398.113143][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 398.123194][T12099] Call Trace: [ 398.126479][T12099] dump_stack+0x1df/0x240 [ 398.130803][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 398.136535][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 398.141651][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 398.147188][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 398.153235][T12099] ? _copy_from_user+0x15b/0x260 [ 398.158151][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 398.163243][T12099] __msan_chain_origin+0x50/0x90 [ 398.168167][T12099] __get_compat_msghdr+0x5be/0x890 [ 398.173263][T12099] get_compat_msghdr+0x108/0x270 [ 398.178197][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 398.182699][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 398.188533][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 398.194059][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 398.199153][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 398.204765][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 398.210032][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 398.215655][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 398.220413][T12099] __sys_recvmmsg+0x4ca/0x510 [ 398.225111][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 398.230812][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 398.236877][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 398.243119][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 398.249255][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 398.254523][T12099] do_int80_syscall_32+0x1d/0x30 [ 398.259440][T12099] entry_INT80_compat+0x71/0x76 [ 398.264264][T12099] RIP: 0023:0xf7f87549 [ 398.268302][T12099] Code: Bad RIP value. [ 398.272346][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 398.280753][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 398.288709][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 398.296679][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 398.304652][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 398.312605][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 398.320570][T12099] Uninit was stored to memory at: [ 398.325598][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 398.331307][T12099] __msan_chain_origin+0x50/0x90 [ 398.336245][T12099] __get_compat_msghdr+0x5be/0x890 [ 398.341346][T12099] get_compat_msghdr+0x108/0x270 [ 398.346272][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 398.350764][T12099] __sys_recvmmsg+0x4ca/0x510 [ 398.355427][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 398.361482][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 398.367615][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 398.372876][T12099] do_int80_syscall_32+0x1d/0x30 [ 398.377802][T12099] entry_INT80_compat+0x71/0x76 [ 398.382631][T12099] [ 398.384938][T12099] Uninit was stored to memory at: [ 398.389951][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 398.395663][T12099] __msan_chain_origin+0x50/0x90 [ 398.400591][T12099] __get_compat_msghdr+0x5be/0x890 [ 398.405682][T12099] get_compat_msghdr+0x108/0x270 [ 398.410593][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 398.415073][T12099] __sys_recvmmsg+0x4ca/0x510 [ 398.419729][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 398.425782][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 398.431920][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 398.437195][T12099] do_int80_syscall_32+0x1d/0x30 [ 398.442122][T12099] entry_INT80_compat+0x71/0x76 [ 398.446940][T12099] [ 398.449245][T12099] Uninit was stored to memory at: [ 398.454247][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 398.459954][T12099] __msan_chain_origin+0x50/0x90 [ 398.464879][T12099] __get_compat_msghdr+0x5be/0x890 [ 398.470065][T12099] get_compat_msghdr+0x108/0x270 [ 398.474990][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 398.479469][T12099] __sys_recvmmsg+0x4ca/0x510 [ 398.484119][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 398.490158][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 398.496317][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 398.501587][T12099] do_int80_syscall_32+0x1d/0x30 [ 398.506495][T12099] entry_INT80_compat+0x71/0x76 [ 398.511311][T12099] [ 398.513608][T12099] Uninit was stored to memory at: [ 398.518609][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 398.524310][T12099] __msan_chain_origin+0x50/0x90 [ 398.529223][T12099] __get_compat_msghdr+0x5be/0x890 [ 398.534306][T12099] get_compat_msghdr+0x108/0x270 [ 398.539229][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 398.543716][T12099] __sys_recvmmsg+0x4ca/0x510 [ 398.548367][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 398.554405][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 398.560533][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 398.565804][T12099] do_int80_syscall_32+0x1d/0x30 [ 398.570725][T12099] entry_INT80_compat+0x71/0x76 [ 398.575550][T12099] [ 398.577868][T12099] Uninit was stored to memory at: [ 398.582876][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 398.588574][T12099] __msan_chain_origin+0x50/0x90 [ 398.593485][T12099] __get_compat_msghdr+0x5be/0x890 [ 398.598573][T12099] get_compat_msghdr+0x108/0x270 [ 398.603484][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 398.607960][T12099] __sys_recvmmsg+0x4ca/0x510 [ 398.612611][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 398.618654][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 398.624783][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 398.630044][T12099] do_int80_syscall_32+0x1d/0x30 [ 398.634952][T12099] entry_INT80_compat+0x71/0x76 [ 398.639768][T12099] [ 398.642068][T12099] Uninit was stored to memory at: [ 398.647078][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 398.652781][T12099] __msan_chain_origin+0x50/0x90 [ 398.657708][T12099] __get_compat_msghdr+0x5be/0x890 [ 398.662807][T12099] get_compat_msghdr+0x108/0x270 [ 398.667721][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 398.672197][T12099] __sys_recvmmsg+0x4ca/0x510 [ 398.676855][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 398.682908][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 398.689040][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 398.694304][T12099] do_int80_syscall_32+0x1d/0x30 [ 398.699217][T12099] entry_INT80_compat+0x71/0x76 [ 398.704034][T12099] [ 398.706335][T12099] Uninit was stored to memory at: [ 398.711339][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 398.717049][T12099] __msan_chain_origin+0x50/0x90 [ 398.721975][T12099] __get_compat_msghdr+0x5be/0x890 [ 398.727060][T12099] get_compat_msghdr+0x108/0x270 [ 398.731989][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 398.736478][T12099] __sys_recvmmsg+0x4ca/0x510 [ 398.741140][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 398.747181][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 398.753308][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 398.758581][T12099] do_int80_syscall_32+0x1d/0x30 [ 398.763503][T12099] entry_INT80_compat+0x71/0x76 [ 398.768398][T12099] [ 398.770702][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 398.777363][T12099] do_recvmmsg+0xc5/0x1ee0 [ 398.781781][T12099] do_recvmmsg+0xc5/0x1ee0 [ 398.882303][T12099] not chained 870000 origins [ 398.886938][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 398.895688][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 398.905746][T12099] Call Trace: [ 398.909043][T12099] dump_stack+0x1df/0x240 [ 398.913380][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 398.919126][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 398.924244][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 398.929793][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 398.935864][T12099] ? _copy_from_user+0x15b/0x260 [ 398.940799][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 398.945911][T12099] __msan_chain_origin+0x50/0x90 [ 398.950852][T12099] __get_compat_msghdr+0x5be/0x890 [ 398.955979][T12099] get_compat_msghdr+0x108/0x270 [ 398.960926][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 398.965447][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 398.971263][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 398.976807][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 398.981917][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 398.987547][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 398.992834][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 398.997600][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 399.002367][T12099] __sys_recvmmsg+0x4ca/0x510 [ 399.007050][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 399.012771][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 399.018847][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 399.025084][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 399.031240][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 399.036534][T12099] do_int80_syscall_32+0x1d/0x30 [ 399.041473][T12099] entry_INT80_compat+0x71/0x76 [ 399.046319][T12099] RIP: 0023:0xf7f87549 [ 399.050373][T12099] Code: Bad RIP value. [ 399.054433][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 399.062846][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 399.070819][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 399.078793][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 399.086761][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 399.094728][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 399.102711][T12099] Uninit was stored to memory at: [ 399.107747][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 399.113469][T12099] __msan_chain_origin+0x50/0x90 [ 399.118409][T12099] __get_compat_msghdr+0x5be/0x890 [ 399.123520][T12099] get_compat_msghdr+0x108/0x270 [ 399.128457][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 399.132959][T12099] __sys_recvmmsg+0x4ca/0x510 [ 399.137634][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 399.143697][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 399.149849][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 399.155133][T12099] do_int80_syscall_32+0x1d/0x30 [ 399.160066][T12099] entry_INT80_compat+0x71/0x76 [ 399.164897][T12099] [ 399.167210][T12099] Uninit was stored to memory at: [ 399.172400][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 399.178093][T12099] __msan_chain_origin+0x50/0x90 [ 399.183007][T12099] __get_compat_msghdr+0x5be/0x890 [ 399.188093][T12099] get_compat_msghdr+0x108/0x270 [ 399.193004][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 399.197488][T12099] __sys_recvmmsg+0x4ca/0x510 [ 399.202148][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 399.208282][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 399.214420][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 399.219680][T12099] do_int80_syscall_32+0x1d/0x30 [ 399.224588][T12099] entry_INT80_compat+0x71/0x76 [ 399.229406][T12099] [ 399.231706][T12099] Uninit was stored to memory at: [ 399.236708][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 399.242397][T12099] __msan_chain_origin+0x50/0x90 [ 399.247325][T12099] __get_compat_msghdr+0x5be/0x890 [ 399.252420][T12099] get_compat_msghdr+0x108/0x270 [ 399.257332][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 399.261853][T12099] __sys_recvmmsg+0x4ca/0x510 [ 399.266511][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 399.272562][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 399.278688][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 399.283945][T12099] do_int80_syscall_32+0x1d/0x30 [ 399.288858][T12099] entry_INT80_compat+0x71/0x76 [ 399.293715][T12099] [ 399.296015][T12099] Uninit was stored to memory at: [ 399.301013][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 399.306716][T12099] __msan_chain_origin+0x50/0x90 [ 399.311640][T12099] __get_compat_msghdr+0x5be/0x890 [ 399.316734][T12099] get_compat_msghdr+0x108/0x270 [ 399.321655][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 399.326141][T12099] __sys_recvmmsg+0x4ca/0x510 [ 399.330801][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 399.336847][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 399.342984][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 399.348245][T12099] do_int80_syscall_32+0x1d/0x30 [ 399.353154][T12099] entry_INT80_compat+0x71/0x76 [ 399.357970][T12099] [ 399.360268][T12099] Uninit was stored to memory at: [ 399.365278][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 399.370980][T12099] __msan_chain_origin+0x50/0x90 [ 399.375900][T12099] __get_compat_msghdr+0x5be/0x890 [ 399.380982][T12099] get_compat_msghdr+0x108/0x270 [ 399.385899][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 399.390388][T12099] __sys_recvmmsg+0x4ca/0x510 [ 399.395045][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 399.401094][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 399.407240][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 399.412507][T12099] do_int80_syscall_32+0x1d/0x30 [ 399.417423][T12099] entry_INT80_compat+0x71/0x76 [ 399.422249][T12099] [ 399.424548][T12099] Uninit was stored to memory at: [ 399.429548][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 399.435252][T12099] __msan_chain_origin+0x50/0x90 [ 399.440174][T12099] __get_compat_msghdr+0x5be/0x890 [ 399.445273][T12099] get_compat_msghdr+0x108/0x270 [ 399.450196][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 399.454671][T12099] __sys_recvmmsg+0x4ca/0x510 [ 399.459322][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 399.465371][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 399.471512][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 399.476772][T12099] do_int80_syscall_32+0x1d/0x30 [ 399.481682][T12099] entry_INT80_compat+0x71/0x76 [ 399.486507][T12099] [ 399.488817][T12099] Uninit was stored to memory at: [ 399.493852][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 399.499605][T12099] __msan_chain_origin+0x50/0x90 [ 399.504530][T12099] __get_compat_msghdr+0x5be/0x890 [ 399.509618][T12099] get_compat_msghdr+0x108/0x270 [ 399.514527][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 399.519020][T12099] __sys_recvmmsg+0x4ca/0x510 [ 399.523673][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 399.529719][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 399.535858][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 399.541130][T12099] do_int80_syscall_32+0x1d/0x30 [ 399.546047][T12099] entry_INT80_compat+0x71/0x76 [ 399.550876][T12099] [ 399.553176][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 399.559828][T12099] do_recvmmsg+0xc5/0x1ee0 [ 399.564216][T12099] do_recvmmsg+0xc5/0x1ee0 [ 399.667610][T12099] not chained 880000 origins [ 399.672239][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 399.680999][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 399.691052][T12099] Call Trace: [ 399.694360][T12099] dump_stack+0x1df/0x240 [ 399.698693][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 399.704425][T12099] ? unix_stream_sendmsg+0x1ab0/0x1ab0 [ 399.709900][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 399.715009][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 399.720559][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 399.726644][T12099] ? _copy_from_user+0x15b/0x260 [ 399.731582][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 399.736691][T12099] __msan_chain_origin+0x50/0x90 [ 399.741638][T12099] __get_compat_msghdr+0x5be/0x890 [ 399.746768][T12099] get_compat_msghdr+0x108/0x270 [ 399.751717][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 399.756240][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 399.762052][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 399.767595][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 399.772704][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 399.778336][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 399.783624][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 399.788386][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 399.793142][T12099] __sys_recvmmsg+0x4ca/0x510 [ 399.797806][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 399.803505][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 399.809554][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 399.815769][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 399.821895][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 399.827193][T12099] do_int80_syscall_32+0x1d/0x30 [ 399.832132][T12099] entry_INT80_compat+0x71/0x76 [ 399.836955][T12099] RIP: 0023:0xf7f87549 [ 399.841052][T12099] Code: Bad RIP value. [ 399.845104][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 399.853517][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 399.861467][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 399.869428][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 399.877388][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 399.885340][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 399.893417][T12099] Uninit was stored to memory at: [ 399.898421][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 399.904120][T12099] __msan_chain_origin+0x50/0x90 [ 399.909045][T12099] __get_compat_msghdr+0x5be/0x890 [ 399.914131][T12099] get_compat_msghdr+0x108/0x270 [ 399.919046][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 399.923522][T12099] __sys_recvmmsg+0x4ca/0x510 [ 399.928187][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 399.934253][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 399.940395][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 399.945668][T12099] do_int80_syscall_32+0x1d/0x30 [ 399.950589][T12099] entry_INT80_compat+0x71/0x76 [ 399.955409][T12099] [ 399.957719][T12099] Uninit was stored to memory at: [ 399.962720][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 399.968415][T12099] __msan_chain_origin+0x50/0x90 [ 399.973328][T12099] __get_compat_msghdr+0x5be/0x890 [ 399.978413][T12099] get_compat_msghdr+0x108/0x270 [ 399.983337][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 399.987815][T12099] __sys_recvmmsg+0x4ca/0x510 [ 399.992463][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 399.998505][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 400.004632][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 400.009893][T12099] do_int80_syscall_32+0x1d/0x30 [ 400.014800][T12099] entry_INT80_compat+0x71/0x76 [ 400.019620][T12099] [ 400.021920][T12099] Uninit was stored to memory at: [ 400.026921][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 400.032612][T12099] __msan_chain_origin+0x50/0x90 [ 400.037524][T12099] __get_compat_msghdr+0x5be/0x890 [ 400.042619][T12099] get_compat_msghdr+0x108/0x270 [ 400.047532][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 400.052182][T12099] __sys_recvmmsg+0x4ca/0x510 [ 400.056838][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 400.062880][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 400.069009][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 400.074278][T12099] do_int80_syscall_32+0x1d/0x30 [ 400.079193][T12099] entry_INT80_compat+0x71/0x76 [ 400.084013][T12099] [ 400.086326][T12099] Uninit was stored to memory at: [ 400.091340][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 400.097037][T12099] __msan_chain_origin+0x50/0x90 [ 400.101950][T12099] __get_compat_msghdr+0x5be/0x890 [ 400.107049][T12099] get_compat_msghdr+0x108/0x270 [ 400.111976][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 400.116455][T12099] __sys_recvmmsg+0x4ca/0x510 [ 400.121106][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 400.127147][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 400.133273][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 400.138534][T12099] do_int80_syscall_32+0x1d/0x30 [ 400.143441][T12099] entry_INT80_compat+0x71/0x76 [ 400.148257][T12099] [ 400.150559][T12099] Uninit was stored to memory at: [ 400.155566][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 400.161269][T12099] __msan_chain_origin+0x50/0x90 [ 400.166194][T12099] __get_compat_msghdr+0x5be/0x890 [ 400.171290][T12099] get_compat_msghdr+0x108/0x270 [ 400.176210][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 400.180697][T12099] __sys_recvmmsg+0x4ca/0x510 [ 400.185359][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 400.191409][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 400.197548][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 400.202817][T12099] do_int80_syscall_32+0x1d/0x30 [ 400.207737][T12099] entry_INT80_compat+0x71/0x76 [ 400.212562][T12099] [ 400.214866][T12099] Uninit was stored to memory at: [ 400.219877][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 400.225580][T12099] __msan_chain_origin+0x50/0x90 [ 400.230506][T12099] __get_compat_msghdr+0x5be/0x890 [ 400.235609][T12099] get_compat_msghdr+0x108/0x270 [ 400.240529][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 400.245016][T12099] __sys_recvmmsg+0x4ca/0x510 [ 400.249677][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 400.255723][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 400.261859][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 400.267121][T12099] do_int80_syscall_32+0x1d/0x30 [ 400.272035][T12099] entry_INT80_compat+0x71/0x76 [ 400.276854][T12099] [ 400.279162][T12099] Uninit was stored to memory at: [ 400.284174][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 400.289868][T12099] __msan_chain_origin+0x50/0x90 [ 400.294784][T12099] __get_compat_msghdr+0x5be/0x890 [ 400.299878][T12099] get_compat_msghdr+0x108/0x270 [ 400.304797][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 400.309287][T12099] __sys_recvmmsg+0x4ca/0x510 [ 400.313939][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 400.319977][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 400.326122][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 400.331446][T12099] do_int80_syscall_32+0x1d/0x30 [ 400.336362][T12099] entry_INT80_compat+0x71/0x76 [ 400.341182][T12099] [ 400.343485][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 400.350137][T12099] do_recvmmsg+0xc5/0x1ee0 [ 400.354530][T12099] do_recvmmsg+0xc5/0x1ee0 [ 400.453749][T12099] not chained 890000 origins [ 400.458376][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 400.467043][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 400.477275][T12099] Call Trace: [ 400.480572][T12099] dump_stack+0x1df/0x240 [ 400.484912][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 400.490654][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 400.495770][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 400.501315][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 400.507390][T12099] ? _copy_from_user+0x15b/0x260 [ 400.512325][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 400.517436][T12099] __msan_chain_origin+0x50/0x90 [ 400.522384][T12099] __get_compat_msghdr+0x5be/0x890 [ 400.527514][T12099] get_compat_msghdr+0x108/0x270 [ 400.532466][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 400.536988][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 400.542799][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 400.548345][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 400.553455][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 400.559350][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 400.564641][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 400.569420][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 400.574196][T12099] __sys_recvmmsg+0x4ca/0x510 [ 400.578882][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 400.584605][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 400.590682][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 400.596925][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 400.603080][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 400.608389][T12099] do_int80_syscall_32+0x1d/0x30 [ 400.613325][T12099] entry_INT80_compat+0x71/0x76 [ 400.618168][T12099] RIP: 0023:0xf7f87549 [ 400.622232][T12099] Code: Bad RIP value. [ 400.626289][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 400.634696][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 400.642673][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 400.650646][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 400.658750][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 400.666711][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 400.674667][T12099] Uninit was stored to memory at: [ 400.679680][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 400.685375][T12099] __msan_chain_origin+0x50/0x90 [ 400.690306][T12099] __get_compat_msghdr+0x5be/0x890 [ 400.695416][T12099] get_compat_msghdr+0x108/0x270 [ 400.700351][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 400.704849][T12099] __sys_recvmmsg+0x4ca/0x510 [ 400.709512][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 400.715564][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 400.721704][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 400.727013][T12099] do_int80_syscall_32+0x1d/0x30 [ 400.731924][T12099] entry_INT80_compat+0x71/0x76 [ 400.736745][T12099] [ 400.739195][T12099] Uninit was stored to memory at: [ 400.744205][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 400.749897][T12099] __msan_chain_origin+0x50/0x90 [ 400.754820][T12099] __get_compat_msghdr+0x5be/0x890 [ 400.759921][T12099] get_compat_msghdr+0x108/0x270 [ 400.764844][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 400.769331][T12099] __sys_recvmmsg+0x4ca/0x510 [ 400.773983][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 400.780023][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 400.786150][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 400.791409][T12099] do_int80_syscall_32+0x1d/0x30 [ 400.796328][T12099] entry_INT80_compat+0x71/0x76 [ 400.801160][T12099] [ 400.803475][T12099] Uninit was stored to memory at: [ 400.808481][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 400.814182][T12099] __msan_chain_origin+0x50/0x90 [ 400.819188][T12099] __get_compat_msghdr+0x5be/0x890 [ 400.824273][T12099] get_compat_msghdr+0x108/0x270 [ 400.829197][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 400.833688][T12099] __sys_recvmmsg+0x4ca/0x510 [ 400.838350][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 400.844389][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 400.850518][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 400.855792][T12099] do_int80_syscall_32+0x1d/0x30 [ 400.860718][T12099] entry_INT80_compat+0x71/0x76 [ 400.865549][T12099] [ 400.867848][T12099] Uninit was stored to memory at: [ 400.872845][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 400.878563][T12099] __msan_chain_origin+0x50/0x90 [ 400.883488][T12099] __get_compat_msghdr+0x5be/0x890 [ 400.888587][T12099] get_compat_msghdr+0x108/0x270 [ 400.893512][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 400.897992][T12099] __sys_recvmmsg+0x4ca/0x510 [ 400.902646][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 400.908684][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 400.914819][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 400.920089][T12099] do_int80_syscall_32+0x1d/0x30 [ 400.925008][T12099] entry_INT80_compat+0x71/0x76 [ 400.929837][T12099] [ 400.932137][T12099] Uninit was stored to memory at: [ 400.937148][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 400.942852][T12099] __msan_chain_origin+0x50/0x90 [ 400.947764][T12099] __get_compat_msghdr+0x5be/0x890 [ 400.952847][T12099] get_compat_msghdr+0x108/0x270 [ 400.957773][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 400.962260][T12099] __sys_recvmmsg+0x4ca/0x510 [ 400.966922][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 400.972986][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 400.979129][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 400.984387][T12099] do_int80_syscall_32+0x1d/0x30 [ 400.989297][T12099] entry_INT80_compat+0x71/0x76 [ 400.994114][T12099] [ 400.996419][T12099] Uninit was stored to memory at: [ 401.001435][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 401.007128][T12099] __msan_chain_origin+0x50/0x90 [ 401.012040][T12099] __get_compat_msghdr+0x5be/0x890 [ 401.017135][T12099] get_compat_msghdr+0x108/0x270 [ 401.022059][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 401.026535][T12099] __sys_recvmmsg+0x4ca/0x510 [ 401.031185][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 401.037235][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 401.043374][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 401.048644][T12099] do_int80_syscall_32+0x1d/0x30 [ 401.053553][T12099] entry_INT80_compat+0x71/0x76 [ 401.058371][T12099] [ 401.060678][T12099] Uninit was stored to memory at: [ 401.065696][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 401.071398][T12099] __msan_chain_origin+0x50/0x90 [ 401.076320][T12099] __get_compat_msghdr+0x5be/0x890 [ 401.081417][T12099] get_compat_msghdr+0x108/0x270 [ 401.086326][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 401.090802][T12099] __sys_recvmmsg+0x4ca/0x510 [ 401.095462][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 401.101515][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 401.107644][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 401.112900][T12099] do_int80_syscall_32+0x1d/0x30 [ 401.117811][T12099] entry_INT80_compat+0x71/0x76 [ 401.122631][T12099] [ 401.124934][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 401.131580][T12099] do_recvmmsg+0xc5/0x1ee0 [ 401.135979][T12099] do_recvmmsg+0xc5/0x1ee0 [ 401.233486][T12099] not chained 900000 origins [ 401.238112][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 401.246780][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 401.256830][T12099] Call Trace: [ 401.260126][T12099] dump_stack+0x1df/0x240 [ 401.264461][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 401.270207][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 401.275317][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 401.280862][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 401.286936][T12099] ? _copy_from_user+0x15b/0x260 [ 401.291874][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 401.296985][T12099] __msan_chain_origin+0x50/0x90 [ 401.301926][T12099] __get_compat_msghdr+0x5be/0x890 [ 401.307053][T12099] get_compat_msghdr+0x108/0x270 [ 401.311997][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 401.316517][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 401.322327][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 401.328014][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 401.333126][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 401.338764][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 401.344062][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 401.348913][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 401.353679][T12099] __sys_recvmmsg+0x4ca/0x510 [ 401.358364][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 401.364086][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 401.370163][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 401.376404][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 401.382569][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 401.387864][T12099] do_int80_syscall_32+0x1d/0x30 [ 401.392806][T12099] entry_INT80_compat+0x71/0x76 [ 401.397649][T12099] RIP: 0023:0xf7f87549 [ 401.401960][T12099] Code: Bad RIP value. [ 401.406007][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 401.414407][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 401.422367][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 401.430313][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 401.438263][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 401.446228][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 401.454198][T12099] Uninit was stored to memory at: [ 401.459204][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 401.464908][T12099] __msan_chain_origin+0x50/0x90 [ 401.469840][T12099] __get_compat_msghdr+0x5be/0x890 [ 401.475020][T12099] get_compat_msghdr+0x108/0x270 [ 401.479943][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 401.484419][T12099] __sys_recvmmsg+0x4ca/0x510 [ 401.489069][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 401.495119][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 401.501256][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 401.506526][T12099] do_int80_syscall_32+0x1d/0x30 [ 401.511446][T12099] entry_INT80_compat+0x71/0x76 [ 401.516269][T12099] [ 401.518579][T12099] Uninit was stored to memory at: [ 401.523581][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 401.529273][T12099] __msan_chain_origin+0x50/0x90 [ 401.534182][T12099] __get_compat_msghdr+0x5be/0x890 [ 401.539266][T12099] get_compat_msghdr+0x108/0x270 [ 401.544177][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 401.548656][T12099] __sys_recvmmsg+0x4ca/0x510 [ 401.553304][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 401.559343][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 401.565479][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 401.570751][T12099] do_int80_syscall_32+0x1d/0x30 [ 401.575669][T12099] entry_INT80_compat+0x71/0x76 [ 401.580496][T12099] [ 401.582795][T12099] Uninit was stored to memory at: [ 401.587793][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 401.593583][T12099] __msan_chain_origin+0x50/0x90 [ 401.598497][T12099] __get_compat_msghdr+0x5be/0x890 [ 401.603582][T12099] get_compat_msghdr+0x108/0x270 [ 401.608492][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 401.612968][T12099] __sys_recvmmsg+0x4ca/0x510 [ 401.617627][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 401.623678][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 401.629916][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 401.635191][T12099] do_int80_syscall_32+0x1d/0x30 [ 401.640119][T12099] entry_INT80_compat+0x71/0x76 [ 401.644946][T12099] [ 401.647262][T12099] Uninit was stored to memory at: [ 401.652277][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 401.657973][T12099] __msan_chain_origin+0x50/0x90 [ 401.662886][T12099] __get_compat_msghdr+0x5be/0x890 [ 401.667980][T12099] get_compat_msghdr+0x108/0x270 [ 401.672902][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 401.677387][T12099] __sys_recvmmsg+0x4ca/0x510 [ 401.682040][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 401.688087][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 401.694230][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 401.699495][T12099] do_int80_syscall_32+0x1d/0x30 [ 401.704407][T12099] entry_INT80_compat+0x71/0x76 [ 401.709226][T12099] [ 401.711526][T12099] Uninit was stored to memory at: [ 401.716542][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 401.722246][T12099] __msan_chain_origin+0x50/0x90 [ 401.727177][T12099] __get_compat_msghdr+0x5be/0x890 [ 401.732274][T12099] get_compat_msghdr+0x108/0x270 [ 401.737200][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 401.741688][T12099] __sys_recvmmsg+0x4ca/0x510 [ 401.746342][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 401.752385][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 401.758526][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 401.763799][T12099] do_int80_syscall_32+0x1d/0x30 [ 401.768725][T12099] entry_INT80_compat+0x71/0x76 [ 401.773561][T12099] [ 401.775874][T12099] Uninit was stored to memory at: [ 401.780892][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 401.786591][T12099] __msan_chain_origin+0x50/0x90 [ 401.791513][T12099] __get_compat_msghdr+0x5be/0x890 [ 401.796602][T12099] get_compat_msghdr+0x108/0x270 [ 401.801517][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 401.806011][T12099] __sys_recvmmsg+0x4ca/0x510 [ 401.810688][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 401.816754][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 401.822897][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 401.828160][T12099] do_int80_syscall_32+0x1d/0x30 [ 401.833077][T12099] entry_INT80_compat+0x71/0x76 [ 401.837932][T12099] [ 401.840249][T12099] Uninit was stored to memory at: [ 401.845260][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 401.851576][T12099] __msan_chain_origin+0x50/0x90 [ 401.856521][T12099] __get_compat_msghdr+0x5be/0x890 [ 401.861624][T12099] get_compat_msghdr+0x108/0x270 [ 401.866555][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 401.871048][T12099] __sys_recvmmsg+0x4ca/0x510 [ 401.875721][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 401.881787][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 401.887930][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 401.893189][T12099] do_int80_syscall_32+0x1d/0x30 [ 401.898101][T12099] entry_INT80_compat+0x71/0x76 [ 401.902922][T12099] [ 401.905233][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 401.911894][T12099] do_recvmmsg+0xc5/0x1ee0 [ 401.916298][T12099] do_recvmmsg+0xc5/0x1ee0 [ 402.015158][T12099] not chained 910000 origins [ 402.019767][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 402.028416][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 402.038470][T12099] Call Trace: [ 402.041769][T12099] dump_stack+0x1df/0x240 [ 402.046111][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 402.051861][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 402.056975][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 402.062525][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 402.068600][T12099] ? _copy_from_user+0x15b/0x260 [ 402.073545][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 402.078658][T12099] __msan_chain_origin+0x50/0x90 [ 402.083611][T12099] __get_compat_msghdr+0x5be/0x890 [ 402.088746][T12099] get_compat_msghdr+0x108/0x270 [ 402.094652][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 402.099184][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 402.105031][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 402.110577][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 402.115694][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 402.121331][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 402.126623][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 402.131389][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 402.136161][T12099] __sys_recvmmsg+0x4ca/0x510 [ 402.140850][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 402.146573][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 402.152650][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 402.158895][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 402.165053][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 402.170364][T12099] do_int80_syscall_32+0x1d/0x30 [ 402.175312][T12099] entry_INT80_compat+0x71/0x76 [ 402.180164][T12099] RIP: 0023:0xf7f87549 [ 402.184219][T12099] Code: Bad RIP value. [ 402.188282][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 402.196695][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 402.204665][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 402.212632][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 402.220600][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 402.228569][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 402.236550][T12099] Uninit was stored to memory at: [ 402.241579][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 402.247298][T12099] __msan_chain_origin+0x50/0x90 [ 402.252256][T12099] __get_compat_msghdr+0x5be/0x890 [ 402.257373][T12099] get_compat_msghdr+0x108/0x270 [ 402.262311][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 402.266815][T12099] __sys_recvmmsg+0x4ca/0x510 [ 402.271492][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 402.277560][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 402.283713][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 402.289002][T12099] do_int80_syscall_32+0x1d/0x30 [ 402.293941][T12099] entry_INT80_compat+0x71/0x76 [ 402.298776][T12099] [ 402.301096][T12099] Uninit was stored to memory at: [ 402.306131][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 402.311847][T12099] __msan_chain_origin+0x50/0x90 [ 402.316789][T12099] __get_compat_msghdr+0x5be/0x890 [ 402.321904][T12099] get_compat_msghdr+0x108/0x270 [ 402.326844][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 402.331344][T12099] __sys_recvmmsg+0x4ca/0x510 [ 402.336021][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 402.342094][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 402.348255][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 402.353544][T12099] do_int80_syscall_32+0x1d/0x30 [ 402.358483][T12099] entry_INT80_compat+0x71/0x76 [ 402.363318][T12099] [ 402.365634][T12099] Uninit was stored to memory at: [ 402.370659][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 402.376377][T12099] __msan_chain_origin+0x50/0x90 [ 402.381303][T12099] __get_compat_msghdr+0x5be/0x890 [ 402.386401][T12099] get_compat_msghdr+0x108/0x270 [ 402.391336][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 402.395836][T12099] __sys_recvmmsg+0x4ca/0x510 [ 402.400501][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 402.406546][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 402.412675][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 402.417950][T12099] do_int80_syscall_32+0x1d/0x30 [ 402.422874][T12099] entry_INT80_compat+0x71/0x76 [ 402.427699][T12099] [ 402.430006][T12099] Uninit was stored to memory at: [ 402.435026][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 402.440737][T12099] __msan_chain_origin+0x50/0x90 [ 402.445656][T12099] __get_compat_msghdr+0x5be/0x890 [ 402.451239][T12099] get_compat_msghdr+0x108/0x270 [ 402.456169][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 402.460659][T12099] __sys_recvmmsg+0x4ca/0x510 [ 402.465329][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 402.471384][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 402.477519][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 402.482791][T12099] do_int80_syscall_32+0x1d/0x30 [ 402.487705][T12099] entry_INT80_compat+0x71/0x76 [ 402.492524][T12099] [ 402.494835][T12099] Uninit was stored to memory at: [ 402.499847][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 402.505552][T12099] __msan_chain_origin+0x50/0x90 [ 402.510480][T12099] __get_compat_msghdr+0x5be/0x890 [ 402.515584][T12099] get_compat_msghdr+0x108/0x270 [ 402.520512][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 402.525000][T12099] __sys_recvmmsg+0x4ca/0x510 [ 402.529708][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 402.535904][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 402.542045][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 402.547309][T12099] do_int80_syscall_32+0x1d/0x30 [ 402.552660][T12099] entry_INT80_compat+0x71/0x76 [ 402.557490][T12099] [ 402.559803][T12099] Uninit was stored to memory at: [ 402.564804][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 402.570550][T12099] __msan_chain_origin+0x50/0x90 [ 402.575482][T12099] __get_compat_msghdr+0x5be/0x890 [ 402.580580][T12099] get_compat_msghdr+0x108/0x270 [ 402.585579][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 402.590225][T12099] __sys_recvmmsg+0x4ca/0x510 [ 402.594889][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 402.600945][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 402.607077][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 402.612338][T12099] do_int80_syscall_32+0x1d/0x30 [ 402.617259][T12099] entry_INT80_compat+0x71/0x76 [ 402.622086][T12099] [ 402.624392][T12099] Uninit was stored to memory at: [ 402.629453][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 402.635162][T12099] __msan_chain_origin+0x50/0x90 [ 402.640090][T12099] __get_compat_msghdr+0x5be/0x890 [ 402.645178][T12099] get_compat_msghdr+0x108/0x270 [ 402.650121][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 402.654616][T12099] __sys_recvmmsg+0x4ca/0x510 [ 402.659286][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 402.665336][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 402.671568][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 402.676846][T12099] do_int80_syscall_32+0x1d/0x30 [ 402.681772][T12099] entry_INT80_compat+0x71/0x76 [ 402.686607][T12099] [ 402.688914][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 402.695581][T12099] do_recvmmsg+0xc5/0x1ee0 [ 402.700005][T12099] do_recvmmsg+0xc5/0x1ee0 [ 402.808504][T12099] not chained 920000 origins [ 402.813227][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 402.821899][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 402.831955][T12099] Call Trace: [ 402.835255][T12099] dump_stack+0x1df/0x240 [ 402.839593][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 402.845342][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 402.851115][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 402.856672][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 402.862748][T12099] ? _copy_from_user+0x15b/0x260 [ 402.867699][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 402.872820][T12099] __msan_chain_origin+0x50/0x90 [ 402.877766][T12099] __get_compat_msghdr+0x5be/0x890 [ 402.882902][T12099] get_compat_msghdr+0x108/0x270 [ 402.887847][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 402.892352][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 402.898147][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 402.903678][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 402.908782][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 402.914408][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 402.919692][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 402.924442][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 402.929205][T12099] __sys_recvmmsg+0x4ca/0x510 [ 402.933871][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 402.939576][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 402.945632][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 402.951854][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 402.957994][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 402.963270][T12099] do_int80_syscall_32+0x1d/0x30 [ 402.968193][T12099] entry_INT80_compat+0x71/0x76 [ 402.973022][T12099] RIP: 0023:0xf7f87549 [ 402.977069][T12099] Code: Bad RIP value. [ 402.981121][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 402.989514][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 402.997468][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 403.005508][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 403.013549][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 403.021502][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 403.029639][T12099] Uninit was stored to memory at: [ 403.034650][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 403.040351][T12099] __msan_chain_origin+0x50/0x90 [ 403.045276][T12099] __get_compat_msghdr+0x5be/0x890 [ 403.050377][T12099] get_compat_msghdr+0x108/0x270 [ 403.055295][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 403.059785][T12099] __sys_recvmmsg+0x4ca/0x510 [ 403.064443][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 403.070491][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 403.076632][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 403.081899][T12099] do_int80_syscall_32+0x1d/0x30 [ 403.086818][T12099] entry_INT80_compat+0x71/0x76 [ 403.091643][T12099] [ 403.093948][T12099] Uninit was stored to memory at: [ 403.098957][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 403.104657][T12099] __msan_chain_origin+0x50/0x90 [ 403.109579][T12099] __get_compat_msghdr+0x5be/0x890 [ 403.114671][T12099] get_compat_msghdr+0x108/0x270 [ 403.119604][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 403.124108][T12099] __sys_recvmmsg+0x4ca/0x510 [ 403.128773][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 403.134825][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 403.140961][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 403.146234][T12099] do_int80_syscall_32+0x1d/0x30 [ 403.151154][T12099] entry_INT80_compat+0x71/0x76 [ 403.155977][T12099] [ 403.158282][T12099] Uninit was stored to memory at: [ 403.163287][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 403.168988][T12099] __msan_chain_origin+0x50/0x90 [ 403.173908][T12099] __get_compat_msghdr+0x5be/0x890 [ 403.179003][T12099] get_compat_msghdr+0x108/0x270 [ 403.184008][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 403.188492][T12099] __sys_recvmmsg+0x4ca/0x510 [ 403.193170][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 403.199218][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 403.205356][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 403.210626][T12099] do_int80_syscall_32+0x1d/0x30 [ 403.215546][T12099] entry_INT80_compat+0x71/0x76 [ 403.220367][T12099] [ 403.222679][T12099] Uninit was stored to memory at: [ 403.227686][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 403.233387][T12099] __msan_chain_origin+0x50/0x90 [ 403.238310][T12099] __get_compat_msghdr+0x5be/0x890 [ 403.243405][T12099] get_compat_msghdr+0x108/0x270 [ 403.248323][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 403.252809][T12099] __sys_recvmmsg+0x4ca/0x510 [ 403.257470][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 403.263515][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 403.269652][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 403.274923][T12099] do_int80_syscall_32+0x1d/0x30 [ 403.279841][T12099] entry_INT80_compat+0x71/0x76 [ 403.284665][T12099] [ 403.286970][T12099] Uninit was stored to memory at: [ 403.291975][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 403.297676][T12099] __msan_chain_origin+0x50/0x90 [ 403.302596][T12099] __get_compat_msghdr+0x5be/0x890 [ 403.307690][T12099] get_compat_msghdr+0x108/0x270 [ 403.312608][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 403.317095][T12099] __sys_recvmmsg+0x4ca/0x510 [ 403.321752][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 403.327804][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 403.333941][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 403.339208][T12099] do_int80_syscall_32+0x1d/0x30 [ 403.344127][T12099] entry_INT80_compat+0x71/0x76 [ 403.348949][T12099] [ 403.351256][T12099] Uninit was stored to memory at: [ 403.356264][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 403.361963][T12099] __msan_chain_origin+0x50/0x90 [ 403.366882][T12099] __get_compat_msghdr+0x5be/0x890 [ 403.371976][T12099] get_compat_msghdr+0x108/0x270 [ 403.376893][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 403.381379][T12099] __sys_recvmmsg+0x4ca/0x510 [ 403.386036][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 403.392083][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 403.398222][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 403.403489][T12099] do_int80_syscall_32+0x1d/0x30 [ 403.408406][T12099] entry_INT80_compat+0x71/0x76 [ 403.413229][T12099] [ 403.415535][T12099] Uninit was stored to memory at: [ 403.420542][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 403.426241][T12099] __msan_chain_origin+0x50/0x90 [ 403.431248][T12099] __get_compat_msghdr+0x5be/0x890 [ 403.436346][T12099] get_compat_msghdr+0x108/0x270 [ 403.441265][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 403.445752][T12099] __sys_recvmmsg+0x4ca/0x510 [ 403.450414][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 403.456462][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 403.462599][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 403.467867][T12099] do_int80_syscall_32+0x1d/0x30 [ 403.472788][T12099] entry_INT80_compat+0x71/0x76 [ 403.477613][T12099] [ 403.479922][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 403.486576][T12099] do_recvmmsg+0xc5/0x1ee0 [ 403.490972][T12099] do_recvmmsg+0xc5/0x1ee0 [ 403.640750][T12099] not chained 930000 origins [ 403.645385][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 403.654501][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 403.664552][T12099] Call Trace: [ 403.667844][T12099] dump_stack+0x1df/0x240 [ 403.672196][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 403.677942][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 403.683066][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 403.688651][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 403.694723][T12099] ? _copy_from_user+0x15b/0x260 [ 403.699696][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 403.704811][T12099] __msan_chain_origin+0x50/0x90 [ 403.709755][T12099] __get_compat_msghdr+0x5be/0x890 [ 403.714884][T12099] get_compat_msghdr+0x108/0x270 [ 403.719857][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 403.724379][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 403.730198][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 403.735744][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 403.740855][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 403.746488][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 403.752261][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 403.757023][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 403.761793][T12099] __sys_recvmmsg+0x4ca/0x510 [ 403.766475][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 403.772198][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 403.778273][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 403.784515][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 403.790670][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 403.795966][T12099] do_int80_syscall_32+0x1d/0x30 [ 403.800904][T12099] entry_INT80_compat+0x71/0x76 [ 403.805751][T12099] RIP: 0023:0xf7f87549 [ 403.809836][T12099] Code: Bad RIP value. [ 403.813893][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 403.822301][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 403.830267][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 403.838242][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 403.846223][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 403.854298][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 403.862263][T12099] Uninit was stored to memory at: [ 403.867269][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 403.872968][T12099] __msan_chain_origin+0x50/0x90 [ 403.877880][T12099] __get_compat_msghdr+0x5be/0x890 [ 403.882967][T12099] get_compat_msghdr+0x108/0x270 [ 403.887885][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 403.892360][T12099] __sys_recvmmsg+0x4ca/0x510 [ 403.897011][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 403.903048][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 403.909180][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 403.914442][T12099] do_int80_syscall_32+0x1d/0x30 [ 403.919352][T12099] entry_INT80_compat+0x71/0x76 [ 403.924172][T12099] [ 403.926489][T12099] Uninit was stored to memory at: [ 403.931503][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 403.937205][T12099] __msan_chain_origin+0x50/0x90 [ 403.942121][T12099] __get_compat_msghdr+0x5be/0x890 [ 403.947221][T12099] get_compat_msghdr+0x108/0x270 [ 403.952163][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 403.956657][T12099] __sys_recvmmsg+0x4ca/0x510 [ 403.961318][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 403.967363][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 403.973491][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 403.978751][T12099] do_int80_syscall_32+0x1d/0x30 [ 403.983662][T12099] entry_INT80_compat+0x71/0x76 [ 403.988483][T12099] [ 403.990783][T12099] Uninit was stored to memory at: [ 403.995782][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 404.001474][T12099] __msan_chain_origin+0x50/0x90 [ 404.006397][T12099] __get_compat_msghdr+0x5be/0x890 [ 404.011507][T12099] get_compat_msghdr+0x108/0x270 [ 404.016418][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 404.020893][T12099] __sys_recvmmsg+0x4ca/0x510 [ 404.025552][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 404.031601][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 404.037726][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 404.042991][T12099] do_int80_syscall_32+0x1d/0x30 [ 404.047901][T12099] entry_INT80_compat+0x71/0x76 [ 404.052716][T12099] [ 404.055021][T12099] Uninit was stored to memory at: [ 404.060033][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 404.065733][T12099] __msan_chain_origin+0x50/0x90 [ 404.070655][T12099] __get_compat_msghdr+0x5be/0x890 [ 404.075738][T12099] get_compat_msghdr+0x108/0x270 [ 404.080649][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 404.085136][T12099] __sys_recvmmsg+0x4ca/0x510 [ 404.089798][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 404.095839][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 404.101974][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 404.107233][T12099] do_int80_syscall_32+0x1d/0x30 [ 404.112146][T12099] entry_INT80_compat+0x71/0x76 [ 404.116961][T12099] [ 404.119267][T12099] Uninit was stored to memory at: [ 404.124282][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 404.129989][T12099] __msan_chain_origin+0x50/0x90 [ 404.134903][T12099] __get_compat_msghdr+0x5be/0x890 [ 404.139989][T12099] get_compat_msghdr+0x108/0x270 [ 404.144909][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 404.149398][T12099] __sys_recvmmsg+0x4ca/0x510 [ 404.154047][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 404.160086][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 404.166230][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 404.171513][T12099] do_int80_syscall_32+0x1d/0x30 [ 404.176435][T12099] entry_INT80_compat+0x71/0x76 [ 404.181256][T12099] [ 404.183557][T12099] Uninit was stored to memory at: [ 404.188559][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 404.194257][T12099] __msan_chain_origin+0x50/0x90 [ 404.199171][T12099] __get_compat_msghdr+0x5be/0x890 [ 404.204266][T12099] get_compat_msghdr+0x108/0x270 [ 404.209186][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 404.213660][T12099] __sys_recvmmsg+0x4ca/0x510 [ 404.218313][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 404.224359][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 404.230496][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 404.235754][T12099] do_int80_syscall_32+0x1d/0x30 [ 404.240665][T12099] entry_INT80_compat+0x71/0x76 [ 404.245485][T12099] [ 404.247798][T12099] Uninit was stored to memory at: [ 404.252799][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 404.258491][T12099] __msan_chain_origin+0x50/0x90 [ 404.263403][T12099] __get_compat_msghdr+0x5be/0x890 [ 404.268488][T12099] get_compat_msghdr+0x108/0x270 [ 404.273398][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 404.277887][T12099] __sys_recvmmsg+0x4ca/0x510 [ 404.282546][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 404.288587][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 404.294715][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 404.299974][T12099] do_int80_syscall_32+0x1d/0x30 [ 404.304892][T12099] entry_INT80_compat+0x71/0x76 [ 404.309720][T12099] [ 404.312020][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 404.318666][T12099] do_recvmmsg+0xc5/0x1ee0 [ 404.323053][T12099] do_recvmmsg+0xc5/0x1ee0 [ 404.504002][T12099] not chained 940000 origins [ 404.508611][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 404.517266][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 404.527296][T12099] Call Trace: [ 404.530571][T12099] dump_stack+0x1df/0x240 [ 404.534883][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 404.540590][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 404.545691][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 404.551228][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 404.557278][T12099] ? _copy_from_user+0x15b/0x260 [ 404.562213][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 404.567323][T12099] __msan_chain_origin+0x50/0x90 [ 404.572270][T12099] __get_compat_msghdr+0x5be/0x890 [ 404.577399][T12099] get_compat_msghdr+0x108/0x270 [ 404.582343][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 404.586952][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 404.592753][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 404.598277][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 404.603362][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 404.608983][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 404.614273][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 404.619030][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 404.623770][T12099] __sys_recvmmsg+0x4ca/0x510 [ 404.628429][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 404.634151][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 404.640213][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 404.646437][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 404.652569][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 404.657836][T12099] do_int80_syscall_32+0x1d/0x30 [ 404.662749][T12099] entry_INT80_compat+0x71/0x76 [ 404.667574][T12099] RIP: 0023:0xf7f87549 [ 404.671613][T12099] Code: Bad RIP value. [ 404.675655][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 404.684050][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 404.692125][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 404.700071][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 404.708019][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 404.715975][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 404.723942][T12099] Uninit was stored to memory at: [ 404.728945][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 404.734644][T12099] __msan_chain_origin+0x50/0x90 [ 404.739556][T12099] __get_compat_msghdr+0x5be/0x890 [ 404.744642][T12099] get_compat_msghdr+0x108/0x270 [ 404.749551][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 404.754038][T12099] __sys_recvmmsg+0x4ca/0x510 [ 404.758701][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 404.764739][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 404.770863][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 404.776124][T12099] do_int80_syscall_32+0x1d/0x30 [ 404.781034][T12099] entry_INT80_compat+0x71/0x76 [ 404.785849][T12099] [ 404.788148][T12099] Uninit was stored to memory at: [ 404.793158][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 404.798855][T12099] __msan_chain_origin+0x50/0x90 [ 404.803768][T12099] __get_compat_msghdr+0x5be/0x890 [ 404.808858][T12099] get_compat_msghdr+0x108/0x270 [ 404.813772][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 404.818250][T12099] __sys_recvmmsg+0x4ca/0x510 [ 404.822900][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 404.828958][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 404.835110][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 404.840371][T12099] do_int80_syscall_32+0x1d/0x30 [ 404.845281][T12099] entry_INT80_compat+0x71/0x76 [ 404.850747][T12099] [ 404.853058][T12099] Uninit was stored to memory at: [ 404.858070][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 404.863764][T12099] __msan_chain_origin+0x50/0x90 [ 404.868678][T12099] __get_compat_msghdr+0x5be/0x890 [ 404.873762][T12099] get_compat_msghdr+0x108/0x270 [ 404.878675][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 404.883153][T12099] __sys_recvmmsg+0x4ca/0x510 [ 404.887804][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 404.893845][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 404.899973][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 404.905232][T12099] do_int80_syscall_32+0x1d/0x30 [ 404.910140][T12099] entry_INT80_compat+0x71/0x76 [ 404.914957][T12099] [ 404.917256][T12099] Uninit was stored to memory at: [ 404.922252][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 404.927945][T12099] __msan_chain_origin+0x50/0x90 [ 404.932858][T12099] __get_compat_msghdr+0x5be/0x890 [ 404.937954][T12099] get_compat_msghdr+0x108/0x270 [ 404.942884][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 404.947363][T12099] __sys_recvmmsg+0x4ca/0x510 [ 404.952012][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 404.958050][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 404.964177][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 404.969434][T12099] do_int80_syscall_32+0x1d/0x30 [ 404.974344][T12099] entry_INT80_compat+0x71/0x76 [ 404.979161][T12099] [ 404.981460][T12099] Uninit was stored to memory at: [ 404.986460][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 404.992153][T12099] __msan_chain_origin+0x50/0x90 [ 404.997066][T12099] __get_compat_msghdr+0x5be/0x890 [ 405.002265][T12099] get_compat_msghdr+0x108/0x270 [ 405.007178][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 405.011651][T12099] __sys_recvmmsg+0x4ca/0x510 [ 405.016303][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 405.022344][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 405.028466][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 405.033724][T12099] do_int80_syscall_32+0x1d/0x30 [ 405.038632][T12099] entry_INT80_compat+0x71/0x76 [ 405.043447][T12099] [ 405.045752][T12099] Uninit was stored to memory at: [ 405.050760][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 405.056454][T12099] __msan_chain_origin+0x50/0x90 [ 405.061364][T12099] __get_compat_msghdr+0x5be/0x890 [ 405.066446][T12099] get_compat_msghdr+0x108/0x270 [ 405.071353][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 405.075830][T12099] __sys_recvmmsg+0x4ca/0x510 [ 405.080479][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 405.086528][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 405.092683][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 405.097946][T12099] do_int80_syscall_32+0x1d/0x30 [ 405.102855][T12099] entry_INT80_compat+0x71/0x76 [ 405.107672][T12099] [ 405.109970][T12099] Uninit was stored to memory at: [ 405.114968][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 405.120664][T12099] __msan_chain_origin+0x50/0x90 [ 405.125573][T12099] __get_compat_msghdr+0x5be/0x890 [ 405.130655][T12099] get_compat_msghdr+0x108/0x270 [ 405.135566][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 405.140040][T12099] __sys_recvmmsg+0x4ca/0x510 [ 405.144688][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 405.150724][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 405.156860][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 405.162129][T12099] do_int80_syscall_32+0x1d/0x30 [ 405.167039][T12099] entry_INT80_compat+0x71/0x76 [ 405.171856][T12099] [ 405.174162][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 405.180817][T12099] do_recvmmsg+0xc5/0x1ee0 [ 405.185207][T12099] do_recvmmsg+0xc5/0x1ee0 [ 405.289419][T12099] not chained 950000 origins [ 405.294045][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 405.302710][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 405.312759][T12099] Call Trace: [ 405.316054][T12099] dump_stack+0x1df/0x240 [ 405.320393][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 405.326141][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 405.331257][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 405.336803][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 405.342877][T12099] ? _copy_from_user+0x15b/0x260 [ 405.347814][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 405.352928][T12099] __msan_chain_origin+0x50/0x90 [ 405.357878][T12099] __get_compat_msghdr+0x5be/0x890 [ 405.363017][T12099] get_compat_msghdr+0x108/0x270 [ 405.367964][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 405.372486][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 405.378298][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 405.383850][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 405.388964][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 405.394603][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 405.399894][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 405.404663][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 405.409434][T12099] __sys_recvmmsg+0x4ca/0x510 [ 405.414122][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 405.419846][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 405.425924][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 405.432172][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 405.438344][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 405.443640][T12099] do_int80_syscall_32+0x1d/0x30 [ 405.448581][T12099] entry_INT80_compat+0x71/0x76 [ 405.453428][T12099] RIP: 0023:0xf7f87549 [ 405.457484][T12099] Code: Bad RIP value. [ 405.461545][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 405.469958][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 405.477928][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 405.485903][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 405.493874][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 405.501844][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 405.509828][T12099] Uninit was stored to memory at: [ 405.514860][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 405.520579][T12099] __msan_chain_origin+0x50/0x90 [ 405.525519][T12099] __get_compat_msghdr+0x5be/0x890 [ 405.530643][T12099] get_compat_msghdr+0x108/0x270 [ 405.535554][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 405.540034][T12099] __sys_recvmmsg+0x4ca/0x510 [ 405.544686][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 405.550727][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 405.556862][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 405.562127][T12099] do_int80_syscall_32+0x1d/0x30 [ 405.567038][T12099] entry_INT80_compat+0x71/0x76 [ 405.571857][T12099] [ 405.574166][T12099] Uninit was stored to memory at: [ 405.579177][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 405.584870][T12099] __msan_chain_origin+0x50/0x90 [ 405.589786][T12099] __get_compat_msghdr+0x5be/0x890 [ 405.594870][T12099] get_compat_msghdr+0x108/0x270 [ 405.599782][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 405.604260][T12099] __sys_recvmmsg+0x4ca/0x510 [ 405.608913][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 405.614958][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 405.621106][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 405.626371][T12099] do_int80_syscall_32+0x1d/0x30 [ 405.631290][T12099] entry_INT80_compat+0x71/0x76 [ 405.636111][T12099] [ 405.638414][T12099] Uninit was stored to memory at: [ 405.643419][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 405.649527][T12099] __msan_chain_origin+0x50/0x90 [ 405.654443][T12099] __get_compat_msghdr+0x5be/0x890 [ 405.659533][T12099] get_compat_msghdr+0x108/0x270 [ 405.664508][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 405.668999][T12099] __sys_recvmmsg+0x4ca/0x510 [ 405.673658][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 405.679706][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 405.685838][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 405.691104][T12099] do_int80_syscall_32+0x1d/0x30 [ 405.696028][T12099] entry_INT80_compat+0x71/0x76 [ 405.700866][T12099] [ 405.703183][T12099] Uninit was stored to memory at: [ 405.708187][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 405.713891][T12099] __msan_chain_origin+0x50/0x90 [ 405.718816][T12099] __get_compat_msghdr+0x5be/0x890 [ 405.723914][T12099] get_compat_msghdr+0x108/0x270 [ 405.728935][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 405.733504][T12099] __sys_recvmmsg+0x4ca/0x510 [ 405.738162][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 405.744201][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 405.750336][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 405.755612][T12099] do_int80_syscall_32+0x1d/0x30 [ 405.760535][T12099] entry_INT80_compat+0x71/0x76 [ 405.765352][T12099] [ 405.767655][T12099] Uninit was stored to memory at: [ 405.772653][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 405.778347][T12099] __msan_chain_origin+0x50/0x90 [ 405.783262][T12099] __get_compat_msghdr+0x5be/0x890 [ 405.788349][T12099] get_compat_msghdr+0x108/0x270 [ 405.793259][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 405.797736][T12099] __sys_recvmmsg+0x4ca/0x510 [ 405.802387][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 405.808426][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 405.814556][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 405.819817][T12099] do_int80_syscall_32+0x1d/0x30 [ 405.824731][T12099] entry_INT80_compat+0x71/0x76 [ 405.829553][T12099] [ 405.831854][T12099] Uninit was stored to memory at: [ 405.836871][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 405.842585][T12099] __msan_chain_origin+0x50/0x90 [ 405.847512][T12099] __get_compat_msghdr+0x5be/0x890 [ 405.852613][T12099] get_compat_msghdr+0x108/0x270 [ 405.857530][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 405.862013][T12099] __sys_recvmmsg+0x4ca/0x510 [ 405.866666][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 405.872708][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 405.878838][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 405.884102][T12099] do_int80_syscall_32+0x1d/0x30 [ 405.889028][T12099] entry_INT80_compat+0x71/0x76 [ 405.893860][T12099] [ 405.896176][T12099] Uninit was stored to memory at: [ 405.901183][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 405.906888][T12099] __msan_chain_origin+0x50/0x90 [ 405.911815][T12099] __get_compat_msghdr+0x5be/0x890 [ 405.916902][T12099] get_compat_msghdr+0x108/0x270 [ 405.921816][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 405.926294][T12099] __sys_recvmmsg+0x4ca/0x510 [ 405.930957][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 405.937014][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 405.943145][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 405.948408][T12099] do_int80_syscall_32+0x1d/0x30 [ 405.953320][T12099] entry_INT80_compat+0x71/0x76 [ 405.958138][T12099] [ 405.960441][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 405.967090][T12099] do_recvmmsg+0xc5/0x1ee0 [ 405.971478][T12099] do_recvmmsg+0xc5/0x1ee0 [ 406.072087][T12099] not chained 960000 origins [ 406.076715][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 406.085381][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 406.095431][T12099] Call Trace: [ 406.098730][T12099] dump_stack+0x1df/0x240 [ 406.103076][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 406.108835][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 406.113955][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 406.119507][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 406.125581][T12099] ? _copy_from_user+0x15b/0x260 [ 406.130529][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 406.135641][T12099] __msan_chain_origin+0x50/0x90 [ 406.140588][T12099] __get_compat_msghdr+0x5be/0x890 [ 406.145718][T12099] get_compat_msghdr+0x108/0x270 [ 406.150668][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 406.155194][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 406.161009][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 406.166555][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 406.171674][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 406.177308][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 406.182596][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 406.187359][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 406.192128][T12099] __sys_recvmmsg+0x4ca/0x510 [ 406.196814][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 406.202539][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 406.208613][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 406.214854][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 406.221037][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 406.226330][T12099] do_int80_syscall_32+0x1d/0x30 [ 406.231274][T12099] entry_INT80_compat+0x71/0x76 [ 406.236148][T12099] RIP: 0023:0xf7f87549 [ 406.240204][T12099] Code: Bad RIP value. [ 406.244262][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 406.252666][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 406.260613][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 406.268562][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 406.276509][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 406.284457][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 406.292420][T12099] Uninit was stored to memory at: [ 406.297439][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 406.303141][T12099] __msan_chain_origin+0x50/0x90 [ 406.308059][T12099] __get_compat_msghdr+0x5be/0x890 [ 406.313150][T12099] get_compat_msghdr+0x108/0x270 [ 406.318061][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 406.322539][T12099] __sys_recvmmsg+0x4ca/0x510 [ 406.327192][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 406.333246][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 406.339388][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 406.344648][T12099] do_int80_syscall_32+0x1d/0x30 [ 406.349560][T12099] entry_INT80_compat+0x71/0x76 [ 406.354379][T12099] [ 406.356678][T12099] Uninit was stored to memory at: [ 406.361676][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 406.367368][T12099] __msan_chain_origin+0x50/0x90 [ 406.372284][T12099] __get_compat_msghdr+0x5be/0x890 [ 406.377381][T12099] get_compat_msghdr+0x108/0x270 [ 406.382305][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 406.386784][T12099] __sys_recvmmsg+0x4ca/0x510 [ 406.391437][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 406.397482][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 406.403609][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 406.408873][T12099] do_int80_syscall_32+0x1d/0x30 [ 406.413795][T12099] entry_INT80_compat+0x71/0x76 [ 406.418632][T12099] [ 406.420937][T12099] Uninit was stored to memory at: [ 406.425940][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 406.431634][T12099] __msan_chain_origin+0x50/0x90 [ 406.436546][T12099] __get_compat_msghdr+0x5be/0x890 [ 406.441631][T12099] get_compat_msghdr+0x108/0x270 [ 406.446542][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 406.451021][T12099] __sys_recvmmsg+0x4ca/0x510 [ 406.455684][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 406.461735][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 406.467863][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 406.473127][T12099] do_int80_syscall_32+0x1d/0x30 [ 406.478041][T12099] entry_INT80_compat+0x71/0x76 [ 406.482858][T12099] [ 406.485167][T12099] Uninit was stored to memory at: [ 406.490169][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 406.495873][T12099] __msan_chain_origin+0x50/0x90 [ 406.500800][T12099] __get_compat_msghdr+0x5be/0x890 [ 406.505888][T12099] get_compat_msghdr+0x108/0x270 [ 406.510801][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 406.515289][T12099] __sys_recvmmsg+0x4ca/0x510 [ 406.519942][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 406.525985][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 406.532124][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 406.537412][T12099] do_int80_syscall_32+0x1d/0x30 [ 406.542348][T12099] entry_INT80_compat+0x71/0x76 [ 406.547188][T12099] [ 406.549500][T12099] Uninit was stored to memory at: [ 406.554501][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 406.560196][T12099] __msan_chain_origin+0x50/0x90 [ 406.565109][T12099] __get_compat_msghdr+0x5be/0x890 [ 406.570201][T12099] get_compat_msghdr+0x108/0x270 [ 406.575113][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 406.579589][T12099] __sys_recvmmsg+0x4ca/0x510 [ 406.584241][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 406.590291][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 406.596420][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 406.601681][T12099] do_int80_syscall_32+0x1d/0x30 [ 406.606593][T12099] entry_INT80_compat+0x71/0x76 [ 406.611411][T12099] [ 406.613715][T12099] Uninit was stored to memory at: [ 406.618727][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 406.624513][T12099] __msan_chain_origin+0x50/0x90 [ 406.629437][T12099] __get_compat_msghdr+0x5be/0x890 [ 406.634541][T12099] get_compat_msghdr+0x108/0x270 [ 406.639455][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 406.643947][T12099] __sys_recvmmsg+0x4ca/0x510 [ 406.648995][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 406.655055][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 406.661197][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 406.666460][T12099] do_int80_syscall_32+0x1d/0x30 [ 406.671381][T12099] entry_INT80_compat+0x71/0x76 [ 406.676242][T12099] [ 406.678559][T12099] Uninit was stored to memory at: [ 406.683607][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 406.689304][T12099] __msan_chain_origin+0x50/0x90 [ 406.694238][T12099] __get_compat_msghdr+0x5be/0x890 [ 406.699326][T12099] get_compat_msghdr+0x108/0x270 [ 406.704242][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 406.708720][T12099] __sys_recvmmsg+0x4ca/0x510 [ 406.713373][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 406.719415][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 406.725542][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 406.730804][T12099] do_int80_syscall_32+0x1d/0x30 [ 406.735717][T12099] entry_INT80_compat+0x71/0x76 [ 406.740535][T12099] [ 406.742835][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 406.749494][T12099] do_recvmmsg+0xc5/0x1ee0 [ 406.753894][T12099] do_recvmmsg+0xc5/0x1ee0 [ 406.859873][T12099] not chained 970000 origins [ 406.864498][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 406.873163][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 406.883307][T12099] Call Trace: [ 406.886606][T12099] dump_stack+0x1df/0x240 [ 406.890943][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 406.896683][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 406.901794][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 406.907348][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 406.913428][T12099] ? _copy_from_user+0x15b/0x260 [ 406.918366][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 406.923478][T12099] __msan_chain_origin+0x50/0x90 [ 406.928448][T12099] __get_compat_msghdr+0x5be/0x890 [ 406.933577][T12099] get_compat_msghdr+0x108/0x270 [ 406.938526][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 406.943048][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 406.948861][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 406.954407][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 406.959518][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 406.965155][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 406.970444][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 406.975218][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 406.979992][T12099] __sys_recvmmsg+0x4ca/0x510 [ 406.984682][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 406.990414][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 406.996486][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 407.002725][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 407.008881][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 407.014177][T12099] do_int80_syscall_32+0x1d/0x30 [ 407.019116][T12099] entry_INT80_compat+0x71/0x76 [ 407.023964][T12099] RIP: 0023:0xf7f87549 [ 407.028017][T12099] Code: Bad RIP value. [ 407.032056][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 407.040444][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 407.048390][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 407.056339][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 407.064331][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 407.072327][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 407.080294][T12099] Uninit was stored to memory at: [ 407.085320][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 407.091027][T12099] __msan_chain_origin+0x50/0x90 [ 407.095943][T12099] __get_compat_msghdr+0x5be/0x890 [ 407.101038][T12099] get_compat_msghdr+0x108/0x270 [ 407.105953][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 407.110439][T12099] __sys_recvmmsg+0x4ca/0x510 [ 407.115103][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 407.121162][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 407.127305][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 407.132581][T12099] do_int80_syscall_32+0x1d/0x30 [ 407.137503][T12099] entry_INT80_compat+0x71/0x76 [ 407.142325][T12099] [ 407.144626][T12099] Uninit was stored to memory at: [ 407.149629][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 407.155327][T12099] __msan_chain_origin+0x50/0x90 [ 407.160248][T12099] __get_compat_msghdr+0x5be/0x890 [ 407.165469][T12099] get_compat_msghdr+0x108/0x270 [ 407.170391][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 407.174879][T12099] __sys_recvmmsg+0x4ca/0x510 [ 407.179541][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 407.185674][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 407.191809][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 407.197072][T12099] do_int80_syscall_32+0x1d/0x30 [ 407.201993][T12099] entry_INT80_compat+0x71/0x76 [ 407.206813][T12099] [ 407.209128][T12099] Uninit was stored to memory at: [ 407.214134][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 407.219831][T12099] __msan_chain_origin+0x50/0x90 [ 407.224747][T12099] __get_compat_msghdr+0x5be/0x890 [ 407.229834][T12099] get_compat_msghdr+0x108/0x270 [ 407.234748][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 407.239229][T12099] __sys_recvmmsg+0x4ca/0x510 [ 407.243889][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 407.249980][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 407.256241][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 407.261506][T12099] do_int80_syscall_32+0x1d/0x30 [ 407.266420][T12099] entry_INT80_compat+0x71/0x76 [ 407.271247][T12099] [ 407.273669][T12099] Uninit was stored to memory at: [ 407.278686][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 407.284390][T12099] __msan_chain_origin+0x50/0x90 [ 407.289316][T12099] __get_compat_msghdr+0x5be/0x890 [ 407.294406][T12099] get_compat_msghdr+0x108/0x270 [ 407.299320][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 407.303798][T12099] __sys_recvmmsg+0x4ca/0x510 [ 407.308452][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 407.314493][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 407.320621][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 407.325882][T12099] do_int80_syscall_32+0x1d/0x30 [ 407.330795][T12099] entry_INT80_compat+0x71/0x76 [ 407.335612][T12099] [ 407.337916][T12099] Uninit was stored to memory at: [ 407.342928][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 407.348619][T12099] __msan_chain_origin+0x50/0x90 [ 407.353533][T12099] __get_compat_msghdr+0x5be/0x890 [ 407.358619][T12099] get_compat_msghdr+0x108/0x270 [ 407.363530][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 407.368007][T12099] __sys_recvmmsg+0x4ca/0x510 [ 407.372659][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 407.378698][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 407.384825][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 407.390082][T12099] do_int80_syscall_32+0x1d/0x30 [ 407.394999][T12099] entry_INT80_compat+0x71/0x76 [ 407.399816][T12099] [ 407.402137][T12099] Uninit was stored to memory at: [ 407.407139][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 407.412829][T12099] __msan_chain_origin+0x50/0x90 [ 407.417741][T12099] __get_compat_msghdr+0x5be/0x890 [ 407.422836][T12099] get_compat_msghdr+0x108/0x270 [ 407.427767][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 407.432248][T12099] __sys_recvmmsg+0x4ca/0x510 [ 407.436902][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 407.442942][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 407.449070][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 407.454331][T12099] do_int80_syscall_32+0x1d/0x30 [ 407.459258][T12099] entry_INT80_compat+0x71/0x76 [ 407.464074][T12099] [ 407.466387][T12099] Uninit was stored to memory at: [ 407.471382][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 407.477071][T12099] __msan_chain_origin+0x50/0x90 [ 407.481977][T12099] __get_compat_msghdr+0x5be/0x890 [ 407.487061][T12099] get_compat_msghdr+0x108/0x270 [ 407.491970][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 407.496444][T12099] __sys_recvmmsg+0x4ca/0x510 [ 407.501093][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 407.507133][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 407.513260][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 407.518516][T12099] do_int80_syscall_32+0x1d/0x30 [ 407.523437][T12099] entry_INT80_compat+0x71/0x76 [ 407.528253][T12099] [ 407.530553][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 407.537200][T12099] do_recvmmsg+0xc5/0x1ee0 [ 407.541587][T12099] do_recvmmsg+0xc5/0x1ee0 [ 407.648872][T12099] not chained 980000 origins [ 407.653506][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 407.662204][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 407.672350][T12099] Call Trace: [ 407.675649][T12099] dump_stack+0x1df/0x240 [ 407.679987][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 407.685739][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 407.690854][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 407.696406][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 407.702482][T12099] ? _copy_from_user+0x15b/0x260 [ 407.707422][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 407.712532][T12099] __msan_chain_origin+0x50/0x90 [ 407.717479][T12099] __get_compat_msghdr+0x5be/0x890 [ 407.722607][T12099] get_compat_msghdr+0x108/0x270 [ 407.727553][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 407.732074][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 407.737889][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 407.743439][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 407.748556][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 407.754188][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 407.759477][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 407.764237][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 407.769000][T12099] __sys_recvmmsg+0x4ca/0x510 [ 407.773680][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 407.779397][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 407.785466][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 407.791703][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 407.797864][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 407.803160][T12099] do_int80_syscall_32+0x1d/0x30 [ 407.808109][T12099] entry_INT80_compat+0x71/0x76 [ 407.813091][T12099] RIP: 0023:0xf7f87549 [ 407.817147][T12099] Code: Bad RIP value. [ 407.821196][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 407.829666][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 407.837611][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 407.845599][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 407.853558][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 407.861516][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 407.869469][T12099] Uninit was stored to memory at: [ 407.874475][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 407.880172][T12099] __msan_chain_origin+0x50/0x90 [ 407.885084][T12099] __get_compat_msghdr+0x5be/0x890 [ 407.890169][T12099] get_compat_msghdr+0x108/0x270 [ 407.895083][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 407.899560][T12099] __sys_recvmmsg+0x4ca/0x510 [ 407.904212][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 407.910249][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 407.916375][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 407.921632][T12099] do_int80_syscall_32+0x1d/0x30 [ 407.926540][T12099] entry_INT80_compat+0x71/0x76 [ 407.931358][T12099] [ 407.933658][T12099] Uninit was stored to memory at: [ 407.938655][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 407.944346][T12099] __msan_chain_origin+0x50/0x90 [ 407.949253][T12099] __get_compat_msghdr+0x5be/0x890 [ 407.954444][T12099] get_compat_msghdr+0x108/0x270 [ 407.959359][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 407.963835][T12099] __sys_recvmmsg+0x4ca/0x510 [ 407.968486][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 407.974527][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 407.980659][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 407.985923][T12099] do_int80_syscall_32+0x1d/0x30 [ 407.990833][T12099] entry_INT80_compat+0x71/0x76 [ 407.995651][T12099] [ 407.997951][T12099] Uninit was stored to memory at: [ 408.002949][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 408.008644][T12099] __msan_chain_origin+0x50/0x90 [ 408.013557][T12099] __get_compat_msghdr+0x5be/0x890 [ 408.018642][T12099] get_compat_msghdr+0x108/0x270 [ 408.023553][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 408.028028][T12099] __sys_recvmmsg+0x4ca/0x510 [ 408.032678][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 408.038716][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 408.044887][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 408.050700][T12099] do_int80_syscall_32+0x1d/0x30 [ 408.055611][T12099] entry_INT80_compat+0x71/0x76 [ 408.060439][T12099] [ 408.062739][T12099] Uninit was stored to memory at: [ 408.067738][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 408.073546][T12099] __msan_chain_origin+0x50/0x90 [ 408.078458][T12099] __get_compat_msghdr+0x5be/0x890 [ 408.083544][T12099] get_compat_msghdr+0x108/0x270 [ 408.088453][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 408.092927][T12099] __sys_recvmmsg+0x4ca/0x510 [ 408.097576][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 408.103614][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 408.109752][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 408.115012][T12099] do_int80_syscall_32+0x1d/0x30 [ 408.119925][T12099] entry_INT80_compat+0x71/0x76 [ 408.124741][T12099] [ 408.127044][T12099] Uninit was stored to memory at: [ 408.132042][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 408.137732][T12099] __msan_chain_origin+0x50/0x90 [ 408.142640][T12099] __get_compat_msghdr+0x5be/0x890 [ 408.147739][T12099] get_compat_msghdr+0x108/0x270 [ 408.153085][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 408.157568][T12099] __sys_recvmmsg+0x4ca/0x510 [ 408.162216][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 408.168255][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 408.174400][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 408.179675][T12099] do_int80_syscall_32+0x1d/0x30 [ 408.184587][T12099] entry_INT80_compat+0x71/0x76 [ 408.189403][T12099] [ 408.191703][T12099] Uninit was stored to memory at: [ 408.196701][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 408.202389][T12099] __msan_chain_origin+0x50/0x90 [ 408.207300][T12099] __get_compat_msghdr+0x5be/0x890 [ 408.212383][T12099] get_compat_msghdr+0x108/0x270 [ 408.217295][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 408.221768][T12099] __sys_recvmmsg+0x4ca/0x510 [ 408.226430][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 408.232516][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 408.238651][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 408.243917][T12099] do_int80_syscall_32+0x1d/0x30 [ 408.248826][T12099] entry_INT80_compat+0x71/0x76 [ 408.253643][T12099] [ 408.255941][T12099] Uninit was stored to memory at: [ 408.260942][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 408.266664][T12099] __msan_chain_origin+0x50/0x90 [ 408.271572][T12099] __get_compat_msghdr+0x5be/0x890 [ 408.276655][T12099] get_compat_msghdr+0x108/0x270 [ 408.281565][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 408.286040][T12099] __sys_recvmmsg+0x4ca/0x510 [ 408.290689][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 408.296725][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 408.302848][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 408.308117][T12099] do_int80_syscall_32+0x1d/0x30 [ 408.313035][T12099] entry_INT80_compat+0x71/0x76 [ 408.317857][T12099] [ 408.320162][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 408.326812][T12099] do_recvmmsg+0xc5/0x1ee0 [ 408.331203][T12099] do_recvmmsg+0xc5/0x1ee0 [ 408.432281][T12099] not chained 990000 origins [ 408.436903][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 408.445564][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 408.455621][T12099] Call Trace: [ 408.458915][T12099] dump_stack+0x1df/0x240 [ 408.463256][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 408.468997][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 408.474107][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 408.479651][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 408.485720][T12099] ? _copy_from_user+0x15b/0x260 [ 408.490656][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 408.495766][T12099] __msan_chain_origin+0x50/0x90 [ 408.500707][T12099] __get_compat_msghdr+0x5be/0x890 [ 408.505830][T12099] get_compat_msghdr+0x108/0x270 [ 408.510781][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 408.515302][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 408.521112][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 408.526657][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 408.531768][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 408.537401][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 408.542687][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 408.547450][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 408.552219][T12099] __sys_recvmmsg+0x4ca/0x510 [ 408.556902][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 408.562628][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 408.568701][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 408.574942][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 408.581186][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 408.586480][T12099] do_int80_syscall_32+0x1d/0x30 [ 408.591443][T12099] entry_INT80_compat+0x71/0x76 [ 408.596282][T12099] RIP: 0023:0xf7f87549 [ 408.600319][T12099] Code: Bad RIP value. [ 408.604362][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 408.612745][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 408.620692][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 408.628637][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 408.636583][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 408.644534][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 408.652490][T12099] Uninit was stored to memory at: [ 408.657492][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 408.663181][T12099] __msan_chain_origin+0x50/0x90 [ 408.668090][T12099] __get_compat_msghdr+0x5be/0x890 [ 408.673174][T12099] get_compat_msghdr+0x108/0x270 [ 408.678083][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 408.682648][T12099] __sys_recvmmsg+0x4ca/0x510 [ 408.687309][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 408.693359][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 408.699499][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 408.704767][T12099] do_int80_syscall_32+0x1d/0x30 [ 408.709700][T12099] entry_INT80_compat+0x71/0x76 [ 408.714520][T12099] [ 408.716819][T12099] Uninit was stored to memory at: [ 408.721817][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 408.727508][T12099] __msan_chain_origin+0x50/0x90 [ 408.732421][T12099] __get_compat_msghdr+0x5be/0x890 [ 408.737507][T12099] get_compat_msghdr+0x108/0x270 [ 408.742416][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 408.746892][T12099] __sys_recvmmsg+0x4ca/0x510 [ 408.751540][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 408.757578][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 408.763705][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 408.768962][T12099] do_int80_syscall_32+0x1d/0x30 [ 408.773871][T12099] entry_INT80_compat+0x71/0x76 [ 408.778689][T12099] [ 408.780996][T12099] Uninit was stored to memory at: [ 408.786016][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 408.791705][T12099] __msan_chain_origin+0x50/0x90 [ 408.796703][T12099] __get_compat_msghdr+0x5be/0x890 [ 408.801787][T12099] get_compat_msghdr+0x108/0x270 [ 408.806697][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 408.811171][T12099] __sys_recvmmsg+0x4ca/0x510 [ 408.815819][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 408.821858][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 408.827992][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 408.833248][T12099] do_int80_syscall_32+0x1d/0x30 [ 408.838179][T12099] entry_INT80_compat+0x71/0x76 [ 408.843000][T12099] [ 408.845304][T12099] Uninit was stored to memory at: [ 408.850305][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 408.855998][T12099] __msan_chain_origin+0x50/0x90 [ 408.860912][T12099] __get_compat_msghdr+0x5be/0x890 [ 408.865996][T12099] get_compat_msghdr+0x108/0x270 [ 408.870907][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 408.875384][T12099] __sys_recvmmsg+0x4ca/0x510 [ 408.880034][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 408.886074][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 408.892198][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 408.897455][T12099] do_int80_syscall_32+0x1d/0x30 [ 408.902362][T12099] entry_INT80_compat+0x71/0x76 [ 408.907220][T12099] [ 408.909522][T12099] Uninit was stored to memory at: [ 408.914521][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 408.920313][T12099] __msan_chain_origin+0x50/0x90 [ 408.925226][T12099] __get_compat_msghdr+0x5be/0x890 [ 408.930307][T12099] get_compat_msghdr+0x108/0x270 [ 408.935214][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 408.939690][T12099] __sys_recvmmsg+0x4ca/0x510 [ 408.944338][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 408.950373][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 408.956498][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 408.961756][T12099] do_int80_syscall_32+0x1d/0x30 [ 408.966664][T12099] entry_INT80_compat+0x71/0x76 [ 408.971479][T12099] [ 408.973777][T12099] Uninit was stored to memory at: [ 408.978774][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 408.984463][T12099] __msan_chain_origin+0x50/0x90 [ 408.989381][T12099] __get_compat_msghdr+0x5be/0x890 [ 408.994466][T12099] get_compat_msghdr+0x108/0x270 [ 408.999377][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 409.003857][T12099] __sys_recvmmsg+0x4ca/0x510 [ 409.008518][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 409.014570][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 409.020694][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 409.025952][T12099] do_int80_syscall_32+0x1d/0x30 [ 409.030864][T12099] entry_INT80_compat+0x71/0x76 [ 409.035683][T12099] [ 409.037984][T12099] Uninit was stored to memory at: [ 409.042985][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 409.048680][T12099] __msan_chain_origin+0x50/0x90 [ 409.053595][T12099] __get_compat_msghdr+0x5be/0x890 [ 409.058686][T12099] get_compat_msghdr+0x108/0x270 [ 409.063620][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 409.068114][T12099] __sys_recvmmsg+0x4ca/0x510 [ 409.072775][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 409.078818][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 409.084949][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 409.090219][T12099] do_int80_syscall_32+0x1d/0x30 [ 409.095141][T12099] entry_INT80_compat+0x71/0x76 [ 409.099964][T12099] [ 409.102270][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 409.108922][T12099] do_recvmmsg+0xc5/0x1ee0 [ 409.113324][T12099] do_recvmmsg+0xc5/0x1ee0 [ 409.216152][T12099] not chained 1000000 origins [ 409.220870][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 409.229530][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 409.239581][T12099] Call Trace: [ 409.242880][T12099] dump_stack+0x1df/0x240 [ 409.247222][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 409.252968][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 409.258079][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 409.263629][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 409.269703][T12099] ? _copy_from_user+0x15b/0x260 [ 409.274643][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 409.279757][T12099] __msan_chain_origin+0x50/0x90 [ 409.284709][T12099] __get_compat_msghdr+0x5be/0x890 [ 409.289840][T12099] get_compat_msghdr+0x108/0x270 [ 409.294792][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 409.299344][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 409.305163][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 409.310710][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 409.315825][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 409.321461][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 409.326757][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 409.331523][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 409.336297][T12099] __sys_recvmmsg+0x4ca/0x510 [ 409.340987][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 409.346711][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 409.352786][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 409.359032][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 409.365197][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 409.370494][T12099] do_int80_syscall_32+0x1d/0x30 [ 409.375435][T12099] entry_INT80_compat+0x71/0x76 [ 409.380286][T12099] RIP: 0023:0xf7f87549 [ 409.384342][T12099] Code: Bad RIP value. [ 409.388406][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 409.396817][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 409.404785][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 409.412753][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 409.420720][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 409.428680][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 409.436636][T12099] Uninit was stored to memory at: [ 409.441643][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 409.447339][T12099] __msan_chain_origin+0x50/0x90 [ 409.452253][T12099] __get_compat_msghdr+0x5be/0x890 [ 409.457351][T12099] get_compat_msghdr+0x108/0x270 [ 409.462275][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 409.466755][T12099] __sys_recvmmsg+0x4ca/0x510 [ 409.471415][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 409.477457][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 409.483599][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 409.488882][T12099] do_int80_syscall_32+0x1d/0x30 [ 409.493815][T12099] entry_INT80_compat+0x71/0x76 [ 409.498644][T12099] [ 409.500948][T12099] Uninit was stored to memory at: [ 409.505958][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 409.511665][T12099] __msan_chain_origin+0x50/0x90 [ 409.516584][T12099] __get_compat_msghdr+0x5be/0x890 [ 409.521685][T12099] get_compat_msghdr+0x108/0x270 [ 409.526624][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 409.531125][T12099] __sys_recvmmsg+0x4ca/0x510 [ 409.535784][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 409.541833][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 409.547963][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 409.553228][T12099] do_int80_syscall_32+0x1d/0x30 [ 409.558152][T12099] entry_INT80_compat+0x71/0x76 [ 409.562971][T12099] [ 409.565274][T12099] Uninit was stored to memory at: [ 409.570276][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 409.575973][T12099] __msan_chain_origin+0x50/0x90 [ 409.580888][T12099] __get_compat_msghdr+0x5be/0x890 [ 409.585976][T12099] get_compat_msghdr+0x108/0x270 [ 409.590893][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 409.595383][T12099] __sys_recvmmsg+0x4ca/0x510 [ 409.600046][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 409.606099][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 409.612242][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 409.617506][T12099] do_int80_syscall_32+0x1d/0x30 [ 409.622417][T12099] entry_INT80_compat+0x71/0x76 [ 409.627241][T12099] [ 409.629543][T12099] Uninit was stored to memory at: [ 409.634543][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 409.640235][T12099] __msan_chain_origin+0x50/0x90 [ 409.645155][T12099] __get_compat_msghdr+0x5be/0x890 [ 409.650242][T12099] get_compat_msghdr+0x108/0x270 [ 409.655157][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 409.659633][T12099] __sys_recvmmsg+0x4ca/0x510 [ 409.664287][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 409.670352][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 409.676488][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 409.681751][T12099] do_int80_syscall_32+0x1d/0x30 [ 409.686664][T12099] entry_INT80_compat+0x71/0x76 [ 409.691486][T12099] [ 409.693787][T12099] Uninit was stored to memory at: [ 409.698789][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 409.704483][T12099] __msan_chain_origin+0x50/0x90 [ 409.709400][T12099] __get_compat_msghdr+0x5be/0x890 [ 409.714488][T12099] get_compat_msghdr+0x108/0x270 [ 409.719402][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 409.723880][T12099] __sys_recvmmsg+0x4ca/0x510 [ 409.728543][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 409.734595][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 409.740723][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 409.745985][T12099] do_int80_syscall_32+0x1d/0x30 [ 409.750897][T12099] entry_INT80_compat+0x71/0x76 [ 409.755714][T12099] [ 409.758161][T12099] Uninit was stored to memory at: [ 409.763181][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 409.768889][T12099] __msan_chain_origin+0x50/0x90 [ 409.773805][T12099] __get_compat_msghdr+0x5be/0x890 [ 409.778896][T12099] get_compat_msghdr+0x108/0x270 [ 409.783811][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 409.788293][T12099] __sys_recvmmsg+0x4ca/0x510 [ 409.792948][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 409.798991][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 409.805122][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 409.810392][T12099] do_int80_syscall_32+0x1d/0x30 [ 409.815305][T12099] entry_INT80_compat+0x71/0x76 [ 409.820124][T12099] [ 409.822435][T12099] Uninit was stored to memory at: [ 409.827435][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 409.833141][T12099] __msan_chain_origin+0x50/0x90 [ 409.838069][T12099] __get_compat_msghdr+0x5be/0x890 [ 409.843233][T12099] get_compat_msghdr+0x108/0x270 [ 409.848224][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 409.852714][T12099] __sys_recvmmsg+0x4ca/0x510 [ 409.857378][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 409.863424][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 409.869553][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 409.874826][T12099] do_int80_syscall_32+0x1d/0x30 [ 409.879747][T12099] entry_INT80_compat+0x71/0x76 [ 409.884572][T12099] [ 409.886874][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 409.893523][T12099] do_recvmmsg+0xc5/0x1ee0 [ 409.897918][T12099] do_recvmmsg+0xc5/0x1ee0 [ 410.002145][T12099] not chained 1010000 origins [ 410.006855][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 410.015521][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 410.025574][T12099] Call Trace: [ 410.028873][T12099] dump_stack+0x1df/0x240 [ 410.033209][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 410.038958][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 410.044075][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 410.049628][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 410.055702][T12099] ? _copy_from_user+0x15b/0x260 [ 410.060642][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 410.065762][T12099] __msan_chain_origin+0x50/0x90 [ 410.070707][T12099] __get_compat_msghdr+0x5be/0x890 [ 410.075836][T12099] get_compat_msghdr+0x108/0x270 [ 410.080797][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 410.085319][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 410.091132][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 410.096675][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 410.101791][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 410.107425][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 410.112714][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 410.117481][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 410.122257][T12099] __sys_recvmmsg+0x4ca/0x510 [ 410.126943][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 410.132666][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 410.138740][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 410.144984][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 410.151145][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 410.156425][T12099] do_int80_syscall_32+0x1d/0x30 [ 410.161345][T12099] entry_INT80_compat+0x71/0x76 [ 410.166180][T12099] RIP: 0023:0xf7f87549 [ 410.170220][T12099] Code: Bad RIP value. [ 410.174262][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 410.182647][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 410.190596][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 410.198554][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 410.206500][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 410.214454][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 410.222416][T12099] Uninit was stored to memory at: [ 410.227422][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 410.233115][T12099] __msan_chain_origin+0x50/0x90 [ 410.238035][T12099] __get_compat_msghdr+0x5be/0x890 [ 410.243164][T12099] get_compat_msghdr+0x108/0x270 [ 410.248088][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 410.252565][T12099] __sys_recvmmsg+0x4ca/0x510 [ 410.257230][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 410.263285][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 410.269413][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 410.274673][T12099] do_int80_syscall_32+0x1d/0x30 [ 410.279585][T12099] entry_INT80_compat+0x71/0x76 [ 410.284404][T12099] [ 410.286702][T12099] Uninit was stored to memory at: [ 410.291703][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 410.297398][T12099] __msan_chain_origin+0x50/0x90 [ 410.302311][T12099] __get_compat_msghdr+0x5be/0x890 [ 410.307398][T12099] get_compat_msghdr+0x108/0x270 [ 410.312311][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 410.316788][T12099] __sys_recvmmsg+0x4ca/0x510 [ 410.321444][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 410.327487][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 410.333614][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 410.338877][T12099] do_int80_syscall_32+0x1d/0x30 [ 410.343788][T12099] entry_INT80_compat+0x71/0x76 [ 410.348606][T12099] [ 410.350914][T12099] Uninit was stored to memory at: [ 410.355934][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 410.361638][T12099] __msan_chain_origin+0x50/0x90 [ 410.366554][T12099] __get_compat_msghdr+0x5be/0x890 [ 410.371651][T12099] get_compat_msghdr+0x108/0x270 [ 410.376587][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 410.381086][T12099] __sys_recvmmsg+0x4ca/0x510 [ 410.385747][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 410.391800][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 410.397941][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 410.403208][T12099] do_int80_syscall_32+0x1d/0x30 [ 410.408122][T12099] entry_INT80_compat+0x71/0x76 [ 410.412945][T12099] [ 410.415255][T12099] Uninit was stored to memory at: [ 410.420257][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 410.425950][T12099] __msan_chain_origin+0x50/0x90 [ 410.430863][T12099] __get_compat_msghdr+0x5be/0x890 [ 410.435949][T12099] get_compat_msghdr+0x108/0x270 [ 410.440863][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 410.445340][T12099] __sys_recvmmsg+0x4ca/0x510 [ 410.449997][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 410.456047][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 410.462175][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 410.467434][T12099] do_int80_syscall_32+0x1d/0x30 [ 410.472347][T12099] entry_INT80_compat+0x71/0x76 [ 410.477167][T12099] [ 410.479468][T12099] Uninit was stored to memory at: [ 410.484467][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 410.490160][T12099] __msan_chain_origin+0x50/0x90 [ 410.495072][T12099] __get_compat_msghdr+0x5be/0x890 [ 410.500171][T12099] get_compat_msghdr+0x108/0x270 [ 410.505087][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 410.509577][T12099] __sys_recvmmsg+0x4ca/0x510 [ 410.514233][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 410.520279][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 410.526419][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 410.531703][T12099] do_int80_syscall_32+0x1d/0x30 [ 410.536645][T12099] entry_INT80_compat+0x71/0x76 [ 410.541472][T12099] [ 410.543776][T12099] Uninit was stored to memory at: [ 410.548777][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 410.554471][T12099] __msan_chain_origin+0x50/0x90 [ 410.559386][T12099] __get_compat_msghdr+0x5be/0x890 [ 410.564475][T12099] get_compat_msghdr+0x108/0x270 [ 410.569407][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 410.573893][T12099] __sys_recvmmsg+0x4ca/0x510 [ 410.578563][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 410.584617][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 410.590746][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 410.596009][T12099] do_int80_syscall_32+0x1d/0x30 [ 410.600919][T12099] entry_INT80_compat+0x71/0x76 [ 410.605737][T12099] [ 410.608038][T12099] Uninit was stored to memory at: [ 410.613037][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 410.618733][T12099] __msan_chain_origin+0x50/0x90 [ 410.623655][T12099] __get_compat_msghdr+0x5be/0x890 [ 410.628791][T12099] get_compat_msghdr+0x108/0x270 [ 410.633705][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 410.638179][T12099] __sys_recvmmsg+0x4ca/0x510 [ 410.642828][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 410.649254][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 410.655384][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 410.660643][T12099] do_int80_syscall_32+0x1d/0x30 [ 410.665551][T12099] entry_INT80_compat+0x71/0x76 [ 410.670365][T12099] [ 410.672673][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 410.679327][T12099] do_recvmmsg+0xc5/0x1ee0 [ 410.683715][T12099] do_recvmmsg+0xc5/0x1ee0 [ 410.789723][T12099] not chained 1020000 origins [ 410.794438][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 410.803122][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 410.813171][T12099] Call Trace: [ 410.816466][T12099] dump_stack+0x1df/0x240 [ 410.820803][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 410.826545][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 410.831660][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 410.837214][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 410.843288][T12099] ? _copy_from_user+0x15b/0x260 [ 410.848225][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 410.853334][T12099] __msan_chain_origin+0x50/0x90 [ 410.858277][T12099] __get_compat_msghdr+0x5be/0x890 [ 410.863405][T12099] get_compat_msghdr+0x108/0x270 [ 410.868359][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 410.872880][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 410.878690][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 410.884236][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 410.889353][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 410.894992][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 410.900280][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 410.905046][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 410.909816][T12099] __sys_recvmmsg+0x4ca/0x510 [ 410.914503][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 410.920223][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 410.926295][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 410.932533][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 410.938687][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 410.943977][T12099] do_int80_syscall_32+0x1d/0x30 [ 410.948936][T12099] entry_INT80_compat+0x71/0x76 [ 410.953773][T12099] RIP: 0023:0xf7f87549 [ 410.957942][T12099] Code: Bad RIP value. [ 410.961978][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 410.970381][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 410.978327][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 410.986272][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 410.994222][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 411.002168][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 411.010127][T12099] Uninit was stored to memory at: [ 411.015142][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 411.020837][T12099] __msan_chain_origin+0x50/0x90 [ 411.025753][T12099] __get_compat_msghdr+0x5be/0x890 [ 411.030841][T12099] get_compat_msghdr+0x108/0x270 [ 411.035800][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 411.040277][T12099] __sys_recvmmsg+0x4ca/0x510 [ 411.045066][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 411.051120][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 411.057248][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 411.062510][T12099] do_int80_syscall_32+0x1d/0x30 [ 411.067421][T12099] entry_INT80_compat+0x71/0x76 [ 411.072238][T12099] [ 411.074538][T12099] Uninit was stored to memory at: [ 411.079542][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 411.085235][T12099] __msan_chain_origin+0x50/0x90 [ 411.090154][T12099] __get_compat_msghdr+0x5be/0x890 [ 411.095241][T12099] get_compat_msghdr+0x108/0x270 [ 411.100155][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 411.104638][T12099] __sys_recvmmsg+0x4ca/0x510 [ 411.109303][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 411.115357][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 411.121487][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 411.126750][T12099] do_int80_syscall_32+0x1d/0x30 [ 411.131668][T12099] entry_INT80_compat+0x71/0x76 [ 411.136490][T12099] [ 411.138801][T12099] Uninit was stored to memory at: [ 411.143806][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 411.149499][T12099] __msan_chain_origin+0x50/0x90 [ 411.154415][T12099] __get_compat_msghdr+0x5be/0x890 [ 411.159498][T12099] get_compat_msghdr+0x108/0x270 [ 411.164412][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 411.168890][T12099] __sys_recvmmsg+0x4ca/0x510 [ 411.173553][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 411.179593][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 411.185725][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 411.190985][T12099] do_int80_syscall_32+0x1d/0x30 [ 411.195896][T12099] entry_INT80_compat+0x71/0x76 [ 411.200719][T12099] [ 411.203025][T12099] Uninit was stored to memory at: [ 411.208034][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 411.213726][T12099] __msan_chain_origin+0x50/0x90 [ 411.218639][T12099] __get_compat_msghdr+0x5be/0x890 [ 411.223729][T12099] get_compat_msghdr+0x108/0x270 [ 411.228642][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 411.233126][T12099] __sys_recvmmsg+0x4ca/0x510 [ 411.237774][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 411.243816][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 411.249948][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 411.255210][T12099] do_int80_syscall_32+0x1d/0x30 [ 411.260124][T12099] entry_INT80_compat+0x71/0x76 [ 411.264940][T12099] [ 411.267240][T12099] Uninit was stored to memory at: [ 411.272249][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 411.277953][T12099] __msan_chain_origin+0x50/0x90 [ 411.282869][T12099] __get_compat_msghdr+0x5be/0x890 [ 411.287957][T12099] get_compat_msghdr+0x108/0x270 [ 411.292868][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 411.297345][T12099] __sys_recvmmsg+0x4ca/0x510 [ 411.301996][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 411.308037][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 411.314164][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 411.319423][T12099] do_int80_syscall_32+0x1d/0x30 [ 411.324338][T12099] entry_INT80_compat+0x71/0x76 [ 411.329154][T12099] [ 411.331455][T12099] Uninit was stored to memory at: [ 411.336470][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 411.342185][T12099] __msan_chain_origin+0x50/0x90 [ 411.347120][T12099] __get_compat_msghdr+0x5be/0x890 [ 411.352227][T12099] get_compat_msghdr+0x108/0x270 [ 411.357150][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 411.361629][T12099] __sys_recvmmsg+0x4ca/0x510 [ 411.366284][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 411.372323][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 411.378453][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 411.383714][T12099] do_int80_syscall_32+0x1d/0x30 [ 411.388706][T12099] entry_INT80_compat+0x71/0x76 [ 411.393532][T12099] [ 411.395833][T12099] Uninit was stored to memory at: [ 411.400832][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 411.406526][T12099] __msan_chain_origin+0x50/0x90 [ 411.411443][T12099] __get_compat_msghdr+0x5be/0x890 [ 411.416531][T12099] get_compat_msghdr+0x108/0x270 [ 411.421445][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 411.425925][T12099] __sys_recvmmsg+0x4ca/0x510 [ 411.430582][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 411.436634][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 411.442761][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 411.448023][T12099] do_int80_syscall_32+0x1d/0x30 [ 411.452938][T12099] entry_INT80_compat+0x71/0x76 [ 411.457763][T12099] [ 411.460064][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 411.466714][T12099] do_recvmmsg+0xc5/0x1ee0 [ 411.471104][T12099] do_recvmmsg+0xc5/0x1ee0 [ 411.573268][T12099] not chained 1030000 origins [ 411.577981][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 411.586667][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 411.596718][T12099] Call Trace: [ 411.600014][T12099] dump_stack+0x1df/0x240 [ 411.604356][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 411.610088][T12099] ? kmsan_get_metadata+0x11d/0x180 [ 411.615300][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 411.620450][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 411.626001][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 411.632076][T12099] ? _copy_from_user+0x15b/0x260 [ 411.637016][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 411.642133][T12099] __msan_chain_origin+0x50/0x90 [ 411.647085][T12099] __get_compat_msghdr+0x5be/0x890 [ 411.652223][T12099] get_compat_msghdr+0x108/0x270 [ 411.657181][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 411.661706][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 411.667534][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 411.673087][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 411.678203][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 411.683836][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 411.689130][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 411.693898][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 411.698667][T12099] __sys_recvmmsg+0x4ca/0x510 [ 411.703357][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 411.709080][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 411.715159][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 411.721400][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 411.727560][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 411.732862][T12099] do_int80_syscall_32+0x1d/0x30 [ 411.737799][T12099] entry_INT80_compat+0x71/0x76 [ 411.742644][T12099] RIP: 0023:0xf7f87549 [ 411.746702][T12099] Code: Bad RIP value. [ 411.750761][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 411.759170][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 411.767134][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 411.775082][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 411.783038][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 411.790993][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 411.798958][T12099] Uninit was stored to memory at: [ 411.804055][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 411.809753][T12099] __msan_chain_origin+0x50/0x90 [ 411.814671][T12099] __get_compat_msghdr+0x5be/0x890 [ 411.819821][T12099] get_compat_msghdr+0x108/0x270 [ 411.824738][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 411.829216][T12099] __sys_recvmmsg+0x4ca/0x510 [ 411.833869][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 411.839915][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 411.846057][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 411.851321][T12099] do_int80_syscall_32+0x1d/0x30 [ 411.856240][T12099] entry_INT80_compat+0x71/0x76 [ 411.861061][T12099] [ 411.863364][T12099] Uninit was stored to memory at: [ 411.868369][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 411.874069][T12099] __msan_chain_origin+0x50/0x90 [ 411.878983][T12099] __get_compat_msghdr+0x5be/0x890 [ 411.884071][T12099] get_compat_msghdr+0x108/0x270 [ 411.888998][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 411.893499][T12099] __sys_recvmmsg+0x4ca/0x510 [ 411.898175][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 411.904218][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 411.910353][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 411.915627][T12099] do_int80_syscall_32+0x1d/0x30 [ 411.920546][T12099] entry_INT80_compat+0x71/0x76 [ 411.925364][T12099] [ 411.927664][T12099] Uninit was stored to memory at: [ 411.932667][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 411.938364][T12099] __msan_chain_origin+0x50/0x90 [ 411.943278][T12099] __get_compat_msghdr+0x5be/0x890 [ 411.948380][T12099] get_compat_msghdr+0x108/0x270 [ 411.953296][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 411.957775][T12099] __sys_recvmmsg+0x4ca/0x510 [ 411.962428][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 411.968468][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 411.974595][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 411.979858][T12099] do_int80_syscall_32+0x1d/0x30 [ 411.984773][T12099] entry_INT80_compat+0x71/0x76 [ 411.989593][T12099] [ 411.991894][T12099] Uninit was stored to memory at: [ 411.996893][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 412.002595][T12099] __msan_chain_origin+0x50/0x90 [ 412.007510][T12099] __get_compat_msghdr+0x5be/0x890 [ 412.012596][T12099] get_compat_msghdr+0x108/0x270 [ 412.017513][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 412.021992][T12099] __sys_recvmmsg+0x4ca/0x510 [ 412.026660][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 412.032711][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 412.038842][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 412.044102][T12099] do_int80_syscall_32+0x1d/0x30 [ 412.049014][T12099] entry_INT80_compat+0x71/0x76 [ 412.053835][T12099] [ 412.056136][T12099] Uninit was stored to memory at: [ 412.061139][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 412.066832][T12099] __msan_chain_origin+0x50/0x90 [ 412.071748][T12099] __get_compat_msghdr+0x5be/0x890 [ 412.076834][T12099] get_compat_msghdr+0x108/0x270 [ 412.081744][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 412.086220][T12099] __sys_recvmmsg+0x4ca/0x510 [ 412.090874][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 412.096917][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 412.103058][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 412.108367][T12099] do_int80_syscall_32+0x1d/0x30 [ 412.113287][T12099] entry_INT80_compat+0x71/0x76 [ 412.118119][T12099] [ 412.120463][T12099] Uninit was stored to memory at: [ 412.125467][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 412.131187][T12099] __msan_chain_origin+0x50/0x90 [ 412.136101][T12099] __get_compat_msghdr+0x5be/0x890 [ 412.141197][T12099] get_compat_msghdr+0x108/0x270 [ 412.146110][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 412.150584][T12099] __sys_recvmmsg+0x4ca/0x510 [ 412.155237][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 412.161278][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 412.167429][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 412.172693][T12099] do_int80_syscall_32+0x1d/0x30 [ 412.177607][T12099] entry_INT80_compat+0x71/0x76 [ 412.182425][T12099] [ 412.184726][T12099] Uninit was stored to memory at: [ 412.189917][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 412.195622][T12099] __msan_chain_origin+0x50/0x90 [ 412.200561][T12099] __get_compat_msghdr+0x5be/0x890 [ 412.205661][T12099] get_compat_msghdr+0x108/0x270 [ 412.210576][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 412.215052][T12099] __sys_recvmmsg+0x4ca/0x510 [ 412.219705][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 412.225746][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 412.231875][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 412.237141][T12099] do_int80_syscall_32+0x1d/0x30 [ 412.242068][T12099] entry_INT80_compat+0x71/0x76 [ 412.246898][T12099] [ 412.249200][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 412.255850][T12099] do_recvmmsg+0xc5/0x1ee0 [ 412.260240][T12099] do_recvmmsg+0xc5/0x1ee0 [ 412.362411][T12099] not chained 1040000 origins [ 412.367129][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 412.375796][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 412.385848][T12099] Call Trace: [ 412.389162][T12099] dump_stack+0x1df/0x240 [ 412.393500][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 412.399242][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 412.404356][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 412.409908][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 412.415981][T12099] ? _copy_from_user+0x15b/0x260 [ 412.420926][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 412.426041][T12099] __msan_chain_origin+0x50/0x90 [ 412.430984][T12099] __get_compat_msghdr+0x5be/0x890 [ 412.436114][T12099] get_compat_msghdr+0x108/0x270 [ 412.441094][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 412.445617][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 412.451431][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 412.456974][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 412.462086][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 412.467729][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 412.473017][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 412.477779][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 412.482551][T12099] __sys_recvmmsg+0x4ca/0x510 [ 412.487236][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 412.492959][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 412.499036][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 412.505277][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 412.511432][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 412.516734][T12099] do_int80_syscall_32+0x1d/0x30 [ 412.521676][T12099] entry_INT80_compat+0x71/0x76 [ 412.526535][T12099] RIP: 0023:0xf7f87549 [ 412.530597][T12099] Code: Bad RIP value. [ 412.534656][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 412.543069][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 412.551057][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 412.559018][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 412.566968][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 412.574919][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 412.582899][T12099] Uninit was stored to memory at: [ 412.587905][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 412.593602][T12099] __msan_chain_origin+0x50/0x90 [ 412.598525][T12099] __get_compat_msghdr+0x5be/0x890 [ 412.603616][T12099] get_compat_msghdr+0x108/0x270 [ 412.608529][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 412.613014][T12099] __sys_recvmmsg+0x4ca/0x510 [ 412.617677][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 412.623725][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 412.629879][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 412.635152][T12099] do_int80_syscall_32+0x1d/0x30 [ 412.640078][T12099] entry_INT80_compat+0x71/0x76 [ 412.644914][T12099] [ 412.647217][T12099] Uninit was stored to memory at: [ 412.652219][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 412.657917][T12099] __msan_chain_origin+0x50/0x90 [ 412.662835][T12099] __get_compat_msghdr+0x5be/0x890 [ 412.667935][T12099] get_compat_msghdr+0x108/0x270 [ 412.672984][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 412.677466][T12099] __sys_recvmmsg+0x4ca/0x510 [ 412.682136][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 412.688197][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 412.694327][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 412.699587][T12099] do_int80_syscall_32+0x1d/0x30 [ 412.704500][T12099] entry_INT80_compat+0x71/0x76 [ 412.709316][T12099] [ 412.711618][T12099] Uninit was stored to memory at: [ 412.716621][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 412.722316][T12099] __msan_chain_origin+0x50/0x90 [ 412.727232][T12099] __get_compat_msghdr+0x5be/0x890 [ 412.732321][T12099] get_compat_msghdr+0x108/0x270 [ 412.737238][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 412.741712][T12099] __sys_recvmmsg+0x4ca/0x510 [ 412.746366][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 412.752408][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 412.758536][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 412.763800][T12099] do_int80_syscall_32+0x1d/0x30 [ 412.768721][T12099] entry_INT80_compat+0x71/0x76 [ 412.773551][T12099] [ 412.775853][T12099] Uninit was stored to memory at: [ 412.780855][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 412.786548][T12099] __msan_chain_origin+0x50/0x90 [ 412.791474][T12099] __get_compat_msghdr+0x5be/0x890 [ 412.796580][T12099] get_compat_msghdr+0x108/0x270 [ 412.801513][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 412.806015][T12099] __sys_recvmmsg+0x4ca/0x510 [ 412.810680][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 412.816734][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 412.822863][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 412.828127][T12099] do_int80_syscall_32+0x1d/0x30 [ 412.833045][T12099] entry_INT80_compat+0x71/0x76 [ 412.837871][T12099] [ 412.840194][T12099] Uninit was stored to memory at: [ 412.845241][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 412.850942][T12099] __msan_chain_origin+0x50/0x90 [ 412.855868][T12099] __get_compat_msghdr+0x5be/0x890 [ 412.860960][T12099] get_compat_msghdr+0x108/0x270 [ 412.865874][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 412.870353][T12099] __sys_recvmmsg+0x4ca/0x510 [ 412.875004][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 412.881048][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 412.887180][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 412.892444][T12099] do_int80_syscall_32+0x1d/0x30 [ 412.897354][T12099] entry_INT80_compat+0x71/0x76 [ 412.902177][T12099] [ 412.904475][T12099] Uninit was stored to memory at: [ 412.909475][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 412.915164][T12099] __msan_chain_origin+0x50/0x90 [ 412.920081][T12099] __get_compat_msghdr+0x5be/0x890 [ 412.925168][T12099] get_compat_msghdr+0x108/0x270 [ 412.930089][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 412.934566][T12099] __sys_recvmmsg+0x4ca/0x510 [ 412.939219][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 412.945262][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 412.951394][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 412.956662][T12099] do_int80_syscall_32+0x1d/0x30 [ 412.961578][T12099] entry_INT80_compat+0x71/0x76 [ 412.966396][T12099] [ 412.968699][T12099] Uninit was stored to memory at: [ 412.973703][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 412.979409][T12099] __msan_chain_origin+0x50/0x90 [ 412.984337][T12099] __get_compat_msghdr+0x5be/0x890 [ 412.989425][T12099] get_compat_msghdr+0x108/0x270 [ 412.994341][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 412.998820][T12099] __sys_recvmmsg+0x4ca/0x510 [ 413.003474][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 413.009515][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 413.015647][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 413.020907][T12099] do_int80_syscall_32+0x1d/0x30 [ 413.025818][T12099] entry_INT80_compat+0x71/0x76 [ 413.030636][T12099] [ 413.032939][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 413.039590][T12099] do_recvmmsg+0xc5/0x1ee0 [ 413.043991][T12099] do_recvmmsg+0xc5/0x1ee0 [ 413.151153][T12099] not chained 1050000 origins [ 413.155871][T12099] CPU: 1 PID: 12099 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 413.164536][T12099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 413.174588][T12099] Call Trace: [ 413.177884][T12099] dump_stack+0x1df/0x240 [ 413.182228][T12099] kmsan_internal_chain_origin+0x6f/0x130 [ 413.187980][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 413.193095][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 413.198644][T12099] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 413.204720][T12099] ? _copy_from_user+0x15b/0x260 [ 413.209664][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 413.214786][T12099] __msan_chain_origin+0x50/0x90 [ 413.219731][T12099] __get_compat_msghdr+0x5be/0x890 [ 413.224861][T12099] get_compat_msghdr+0x108/0x270 [ 413.229810][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 413.234347][T12099] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 413.240167][T12099] ? kmsan_set_origin_checked+0x95/0xf0 [ 413.245718][T12099] ? kmsan_get_metadata+0x4f/0x180 [ 413.250833][T12099] ? kmsan_internal_set_origin+0x75/0xb0 [ 413.256472][T12099] ? __msan_poison_alloca+0xf0/0x120 [ 413.261768][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 413.266534][T12099] ? __sys_recvmmsg+0xb4/0x510 [ 413.271310][T12099] __sys_recvmmsg+0x4ca/0x510 [ 413.275996][T12099] ? __syscall_return_slowpath+0x89/0x5b0 [ 413.281719][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 413.287795][T12099] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 413.294038][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 413.300199][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 413.305503][T12099] do_int80_syscall_32+0x1d/0x30 [ 413.310447][T12099] entry_INT80_compat+0x71/0x76 [ 413.315307][T12099] RIP: 0023:0xf7f87549 [ 413.319364][T12099] Code: Bad RIP value. [ 413.323422][T12099] RSP: 002b:00000000f5d820cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 413.331834][T12099] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002bc0 [ 413.339795][T12099] RDX: 00000000040000fd RSI: 0000000000000000 RDI: 0000000000000000 [ 413.347746][T12099] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 413.355715][T12099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 413.363664][T12099] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 413.371627][T12099] Uninit was stored to memory at: [ 413.376641][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 413.382337][T12099] __msan_chain_origin+0x50/0x90 [ 413.387252][T12099] __get_compat_msghdr+0x5be/0x890 [ 413.392374][T12099] get_compat_msghdr+0x108/0x270 [ 413.397287][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 413.401767][T12099] __sys_recvmmsg+0x4ca/0x510 [ 413.406418][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 413.412462][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 413.418628][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 413.424000][T12099] do_int80_syscall_32+0x1d/0x30 [ 413.428913][T12099] entry_INT80_compat+0x71/0x76 [ 413.433742][T12099] [ 413.436045][T12099] Uninit was stored to memory at: [ 413.441047][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 413.446856][T12099] __msan_chain_origin+0x50/0x90 [ 413.451830][T12099] __get_compat_msghdr+0x5be/0x890 [ 413.456933][T12099] get_compat_msghdr+0x108/0x270 [ 413.461851][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 413.466377][T12099] __sys_recvmmsg+0x4ca/0x510 [ 413.471116][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 413.477259][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 413.483389][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 413.488653][T12099] do_int80_syscall_32+0x1d/0x30 [ 413.493574][T12099] entry_INT80_compat+0x71/0x76 [ 413.498411][T12099] [ 413.500721][T12099] Uninit was stored to memory at: [ 413.505736][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 413.511644][T12099] __msan_chain_origin+0x50/0x90 [ 413.516561][T12099] __get_compat_msghdr+0x5be/0x890 [ 413.521653][T12099] get_compat_msghdr+0x108/0x270 [ 413.526571][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 413.531053][T12099] __sys_recvmmsg+0x4ca/0x510 [ 413.535715][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 413.541756][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 413.547886][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 413.553149][T12099] do_int80_syscall_32+0x1d/0x30 [ 413.558112][T12099] entry_INT80_compat+0x71/0x76 [ 413.562930][T12099] [ 413.565233][T12099] Uninit was stored to memory at: [ 413.570232][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 413.575922][T12099] __msan_chain_origin+0x50/0x90 [ 413.580928][T12099] __get_compat_msghdr+0x5be/0x890 [ 413.586015][T12099] get_compat_msghdr+0x108/0x270 [ 413.590927][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 413.595405][T12099] __sys_recvmmsg+0x4ca/0x510 [ 413.600057][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 413.606101][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 413.612235][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 413.617495][T12099] do_int80_syscall_32+0x1d/0x30 [ 413.622465][T12099] entry_INT80_compat+0x71/0x76 [ 413.627284][T12099] [ 413.629585][T12099] Uninit was stored to memory at: [ 413.634593][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 413.640298][T12099] __msan_chain_origin+0x50/0x90 [ 413.645218][T12099] __get_compat_msghdr+0x5be/0x890 [ 413.650309][T12099] get_compat_msghdr+0x108/0x270 [ 413.655226][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 413.659707][T12099] __sys_recvmmsg+0x4ca/0x510 [ 413.664363][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 413.670419][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 413.676564][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 413.681946][T12099] do_int80_syscall_32+0x1d/0x30 [ 413.686871][T12099] entry_INT80_compat+0x71/0x76 [ 413.691704][T12099] [ 413.694094][T12099] Uninit was stored to memory at: [ 413.699099][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 413.704805][T12099] __msan_chain_origin+0x50/0x90 [ 413.709726][T12099] __get_compat_msghdr+0x5be/0x890 [ 413.714819][T12099] get_compat_msghdr+0x108/0x270 [ 413.719733][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 413.724214][T12099] __sys_recvmmsg+0x4ca/0x510 [ 413.728872][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 413.734914][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 413.741041][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 413.746304][T12099] do_int80_syscall_32+0x1d/0x30 [ 413.751264][T12099] entry_INT80_compat+0x71/0x76 [ 413.756086][T12099] [ 413.758388][T12099] Uninit was stored to memory at: [ 413.763391][T12099] kmsan_internal_chain_origin+0xad/0x130 [ 413.769088][T12099] __msan_chain_origin+0x50/0x90 [ 413.774007][T12099] __get_compat_msghdr+0x5be/0x890 [ 413.779105][T12099] get_compat_msghdr+0x108/0x270 [ 413.784023][T12099] do_recvmmsg+0xa6a/0x1ee0 [ 413.788502][T12099] __sys_recvmmsg+0x4ca/0x510 [ 413.793154][T12099] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 413.799202][T12099] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 413.805333][T12099] do_syscall_32_irqs_on+0x1a3/0x290 [ 413.810643][T12099] do_int80_syscall_32+0x1d/0x30 [ 413.815554][T12099] entry_INT80_compat+0x71/0x76 [ 413.820377][T12099] [ 413.822692][T12099] Local variable ----msg_sys@do_recvmmsg created at: [ 413.829346][T12099] do_recvmmsg+0xc5/0x1ee0 [ 413.833755][T12099] do_recvmmsg+0xc5/0x1ee0 01:50:53 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000)='ethtool\x00') sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000c000000180001801400020076657468305f746f5f7465616d00000024000380200003800c000180"], 0x50}}, 0x0) 01:50:53 executing program 0: r0 = memfd_create(&(0x7f0000001fc1)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) write(r0, &(0x7f0000002000)='/', 0x1) ftruncate(r0, 0xfff) sendfile(r0, r0, &(0x7f0000001000), 0xfec) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0) renameat2(0xffffffffffffffff, &(0x7f00000004c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) 01:50:53 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="020181ffffff0a000000ff45ac0000ffffffbf00e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:50:53 executing program 2: open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) creat(&(0x7f0000000180)='./bus\x00', 0x0) 01:50:53 executing program 1: syz_read_part_table(0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f0000000040)="9bf972388ac7a3ead69add4ecbffb86fef5bd1fb4e0ae482d85edd99569b46fd1979ee49f1ef4facb6cf2f", 0x2b, 0x78ca}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7f", 0x100, 0x7}]) 01:50:53 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) close(0xffffffffffffffff) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x19404, 0x0) [ 414.113233][ T33] audit: type=1804 audit(1595296253.682:424): pid=12168 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir738362163/syzkaller.q9EUTw/95/bus" dev="sda1" ino=16065 res=1 [ 414.170442][T12170] loop1: p1 p2 p3 p4 [ 414.174818][T12170] loop1: partition table partially beyond EOD, truncated [ 414.182402][T12170] loop1: p1 size 11290111 extends beyond EOD, truncated [ 414.235373][T12167] loop3: p1 p2 p3 p4 [ 414.235373][T12167] p4: [ 414.243591][T12167] loop3: partition table partially beyond EOD, truncated [ 414.251193][T12167] loop3: p1 start 10 is beyond EOD, truncated [ 414.257832][T12167] loop3: p2 start 25 is beyond EOD, truncated [ 414.264034][T12167] loop3: p3 start 4293001441 is beyond EOD, truncated [ 414.270860][T12167] loop3: p4 size 3657465856 extends beyond EOD, truncated 01:50:53 executing program 0: r0 = memfd_create(&(0x7f0000001fc1)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) write(r0, &(0x7f0000002000)='/', 0x1) ftruncate(r0, 0xfff) sendfile(r0, r0, &(0x7f0000001000), 0xfec) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x10, r0, 0x0) renameat2(0xffffffffffffffff, &(0x7f00000004c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) [ 414.374857][T12170] loop1: p2 size 100663296 extends beyond EOD, truncated [ 414.387126][T12167] loop3: p5 start 10 is beyond EOD, truncated [ 414.393551][T12167] loop3: p6 size 3657465856 extends beyond EOD, truncated [ 414.405511][T12170] loop1: p3 start 4293001441 is beyond EOD, truncated [ 414.412760][T12170] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 414.417120][ T33] audit: type=1804 audit(1595296253.782:425): pid=12174 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir738362163/syzkaller.q9EUTw/95/bus" dev="sda1" ino=16065 res=1 [ 414.426224][T12178] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 414.444667][ T33] audit: type=1804 audit(1595296253.792:426): pid=12168 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir738362163/syzkaller.q9EUTw/95/bus" dev="sda1" ino=16065 res=1 [ 414.477838][ T33] audit: type=1804 audit(1595296253.792:427): pid=12168 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir738362163/syzkaller.q9EUTw/95/bus" dev="sda1" ino=16065 res=1 [ 414.502643][ T33] audit: type=1804 audit(1595296253.792:428): pid=12168 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir738362163/syzkaller.q9EUTw/95/bus" dev="sda1" ino=16065 res=1 01:50:54 executing program 2: open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) lseek(r1, 0x4200, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r2, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x10000}]) r3 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r3, 0x0, 0x8400fffffffb) creat(&(0x7f0000000180)='./bus\x00', 0x0) [ 414.735505][T12187] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. 01:50:54 executing program 1: syz_read_part_table(0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f0000000040)="9bf972388ac7a3ead69add4ecbffb86fef5bd1fb4e0ae482d85edd99569b46fd1979ee49f1ef4facb6cf2f", 0x2b, 0x78ca}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7f", 0x100, 0x7}]) 01:50:54 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="020181ffffff0a000000ff45ac0000ffffffbf00e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}]) 01:50:54 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(sha224-generic)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001600)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe803}}], 0x500, 0x0, 0x0) sendmsg$NL80211_CMD_GET_MPATH(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$NL80211_CMD_DEL_STATION(0xffffffffffffffff, 0x0, 0x0) 01:50:54 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) close(0xffffffffffffffff) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x19404, 0x0) [ 415.183869][ T33] audit: type=1804 audit(1595296254.603:429): pid=12199 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir738362163/syzkaller.q9EUTw/96/bus" dev="sda1" ino=16002 res=1 [ 415.209637][ T33] audit: type=1804 audit(1595296254.643:430): pid=12199 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir738362163/syzkaller.q9EUTw/96/bus" dev="sda1" ino=16002 res=1 [ 415.233941][ T33] audit: type=1804 audit(1595296254.643:431): pid=12199 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir738362163/syzkaller.q9EUTw/96/bus" dev="sda1" ino=16002 res=1 [ 415.258288][ T33] audit: type=1804 audit(1595296254.643:432): pid=12199 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir738362163/syzkaller.q9EUTw/96/bus" dev="sda1" ino=16002 res=1 [ 415.283074][ T33] audit: type=1804 audit(1595296254.643:433): pid=12199 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir738362163/syzkaller.q9EUTw/96/bus" dev="sda1" ino=16002 res=1 [ 415.319652][T12202] loop1: p1 p2 p3 p4 [ 415.323886][T12202] loop1: partition table partially beyond EOD, truncated [ 415.331485][T12202] loop1: p1 size 11290111 extends beyond EOD, truncated 01:50:54 executing program 0: r0 = memfd_create(&(0x7f0000001fc1)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) write(r0, &(0x7f0000002000)='/', 0x1) ftruncate(r0, 0xfff) sendfile(r0, r0, &(0x7f0000001000), 0xfec) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x10, r0, 0x0) renameat2(0xffffffffffffffff, &(0x7f00000004c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) 01:50:55 executing program 2: open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) lseek(r1, 0x4200, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r2, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x10000}]) r3 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r3, 0x0, 0x8400fffffffb) creat(&(0x7f0000000180)='./bus\x00', 0x0) [ 415.430942][T12202] loop1: p2 size 100663296 extends beyond EOD, truncated [ 415.507058][T12202] loop1: p3 start 4293001441 is beyond EOD, truncated [ 415.514321][T12202] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 415.580820][T12214] loop3: p1 p2 p3 p4 [ 415.580820][T12214] p4: [ 415.589640][T12214] loop3: partition table partially beyond EOD, truncated [ 415.597354][T12214] loop3: p1 start 10 is beyond EOD, truncated [ 415.603617][T12214] loop3: p2 start 25 is beyond EOD, truncated [ 415.609748][T12214] loop3: p3 start 4293001441 is beyond EOD, truncated [ 415.616782][T12214] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 415.628002][T12214] loop3: p5 start 10 is beyond EOD, truncated [ 415.634380][T12214] loop3: p6 size 3657465856 extends beyond EOD, truncated 01:50:55 executing program 5: 01:50:55 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x26c8, 0x0, 0x0) 01:50:55 executing program 0: r0 = memfd_create(&(0x7f0000001fc1)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) write(r0, &(0x7f0000002000)='/', 0x1) ftruncate(r0, 0xfff) sendfile(r0, r0, &(0x7f0000001000), 0xfec) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x10, r0, 0x0) renameat2(0xffffffffffffffff, &(0x7f00000004c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) 01:50:55 executing program 1: syz_read_part_table(0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f0000000040)="9bf972388ac7a3ead69add4ecbffb86fef5bd1fb4e0ae482d85edd99569b46fd1979ee49f1ef4facb6cf2f", 0x2b, 0x78ca}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7f", 0x100, 0x7}]) 01:50:55 executing program 2: open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) lseek(r1, 0x4200, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r2, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x10000}]) r3 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r3, 0x0, 0x8400fffffffb) creat(&(0x7f0000000180)='./bus\x00', 0x0) 01:50:55 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x19404, 0x0) [ 416.362705][T12239] loop3: unable to read partition table [ 416.368712][T12239] loop3: partition table beyond EOD, truncated [ 416.375064][T12239] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 01:50:56 executing program 5: [ 416.550741][T12249] loop1: p1 p2 p3 p4 [ 416.555184][T12249] loop1: partition table partially beyond EOD, truncated [ 416.562968][T12249] loop1: p1 size 11290111 extends beyond EOD, truncated [ 416.574021][ T4883] loop3: unable to read partition table [ 416.580134][ T4883] loop3: partition table beyond EOD, truncated 01:50:56 executing program 0: r0 = memfd_create(&(0x7f0000001fc1)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) write(r0, &(0x7f0000002000)='/', 0x1) ftruncate(r0, 0xfff) sendfile(r0, r0, &(0x7f0000001000), 0xfec) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, 0xffffffffffffffff, 0x0) renameat2(0xffffffffffffffff, &(0x7f00000004c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) [ 416.617760][T12249] loop1: p2 size 100663296 extends beyond EOD, truncated [ 416.720850][T12249] loop1: p3 start 4293001441 is beyond EOD, truncated [ 416.727877][T12249] loop1: p4 size 3657465856 extends beyond EOD, truncated 01:50:56 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x26c8, 0x0, 0x0) 01:50:56 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x19404, 0x0) 01:50:56 executing program 5: 01:50:56 executing program 0: r0 = memfd_create(&(0x7f0000001fc1)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) write(r0, &(0x7f0000002000)='/', 0x1) ftruncate(r0, 0xfff) sendfile(r0, r0, &(0x7f0000001000), 0xfec) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, 0xffffffffffffffff, 0x0) renameat2(0xffffffffffffffff, &(0x7f00000004c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) 01:50:56 executing program 2: open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, 0x0}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) creat(&(0x7f0000000180)='./bus\x00', 0x0) 01:50:56 executing program 1: syz_read_part_table(0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f0000000040)="9bf972388ac7a3ead69add4ecbffb86fef5bd1fb4e0ae482d85edd99569b46fd1979ee49f1ef4facb6cf2f", 0x2b, 0x78ca}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3", 0x180, 0x7}]) [ 417.202853][T12272] loop3: unable to read partition table [ 417.208814][T12272] loop3: partition table beyond EOD, truncated [ 417.215198][T12272] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 01:50:56 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x19404, 0x0) 01:50:57 executing program 5: 01:50:57 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x26c8, 0x0, 0x0) 01:50:57 executing program 0: r0 = memfd_create(&(0x7f0000001fc1)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) write(r0, &(0x7f0000002000)='/', 0x1) ftruncate(r0, 0xfff) sendfile(r0, r0, &(0x7f0000001000), 0xfec) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, 0xffffffffffffffff, 0x0) renameat2(0xffffffffffffffff, &(0x7f00000004c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) 01:50:57 executing program 2: open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, 0x0}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) creat(&(0x7f0000000180)='./bus\x00', 0x0) [ 417.641387][T12285] loop1: p1 p2 p3 p4 [ 417.645738][T12285] loop1: partition table partially beyond EOD, truncated [ 417.653752][T12285] loop1: p1 size 11290111 extends beyond EOD, truncated [ 417.735433][T12285] loop1: p2 size 100663296 extends beyond EOD, truncated [ 417.748043][T12285] loop1: p3 start 4293001441 is beyond EOD, truncated [ 417.755260][T12285] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 417.791189][T12293] loop3: unable to read partition table [ 417.797313][T12293] loop3: partition table beyond EOD, truncated [ 417.803785][T12293] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 01:50:57 executing program 4: pipe(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x19404, 0x0) 01:50:57 executing program 1: syz_read_part_table(0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f0000000040)="9bf972388ac7a3ead69add4ecbffb86fef5bd1fb4e0ae482d85edd99569b46fd1979ee49f1ef4facb6cf2f", 0x2b, 0x78ca}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3", 0x180, 0x7}]) 01:50:57 executing program 5: 01:50:57 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x26c8, 0x0, &(0x7f0000000140)) 01:50:57 executing program 0: r0 = memfd_create(&(0x7f0000001fc1)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) write(r0, &(0x7f0000002000)='/', 0x1) ftruncate(r0, 0xfff) sendfile(r0, r0, &(0x7f0000001000), 0xfec) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) 01:50:57 executing program 2: open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, 0x0}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) creat(&(0x7f0000000180)='./bus\x00', 0x0) [ 418.391537][T12314] loop1: p1 p2 p3 p4 [ 418.395776][T12314] loop1: partition table partially beyond EOD, truncated [ 418.403570][T12314] loop1: p1 size 11290111 extends beyond EOD, truncated [ 418.466987][T12314] loop1: p2 size 100663296 extends beyond EOD, truncated [ 418.476335][T12314] loop1: p3 start 4293001441 is beyond EOD, truncated [ 418.483670][T12314] loop1: p4 size 3657465856 extends beyond EOD, truncated 01:50:58 executing program 4: pipe(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x19404, 0x0) 01:50:58 executing program 5: 01:50:58 executing program 0: r0 = memfd_create(&(0x7f0000001fc1)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) write(r0, &(0x7f0000002000)='/', 0x1) ftruncate(r0, 0xfff) sendfile(r0, r0, &(0x7f0000001000), 0xfec) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) [ 418.642973][T12324] loop3: unable to read partition table [ 418.648899][T12324] loop3: partition table beyond EOD, truncated [ 418.655419][T12324] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 01:50:58 executing program 1: syz_read_part_table(0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f0000000040)="9bf972388ac7a3ead69add4ecbffb86fef5bd1fb4e0ae482d85edd99569b46fd1979ee49f1ef4facb6cf2f", 0x2b, 0x78ca}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3", 0x180, 0x7}]) 01:50:58 executing program 2: open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(0x0, 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) creat(&(0x7f0000000180)='./bus\x00', 0x0) 01:50:58 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x26c8, 0x0, &(0x7f0000000140)) 01:50:58 executing program 5: 01:50:58 executing program 0: r0 = memfd_create(&(0x7f0000001fc1)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) write(r0, &(0x7f0000002000)='/', 0x1) ftruncate(r0, 0xfff) sendfile(r0, r0, &(0x7f0000001000), 0xfec) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) 01:50:58 executing program 4: pipe(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x19404, 0x0) [ 419.105266][T12341] loop1: p1 p2 p3 p4 [ 419.109507][T12341] loop1: partition table partially beyond EOD, truncated [ 419.117749][T12341] loop1: p1 size 11290111 extends beyond EOD, truncated [ 419.158168][ T33] kauditd_printk_skb: 25 callbacks suppressed [ 419.158229][ T33] audit: type=1804 audit(1595296258.733:459): pid=12344 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir738362163/syzkaller.q9EUTw/102/bus" dev="sda1" ino=15762 res=1 [ 419.257097][T12341] loop1: p2 size 100663296 extends beyond EOD, truncated [ 419.291755][T12347] loop3: unable to read partition table [ 419.297721][T12347] loop3: partition table beyond EOD, truncated [ 419.304590][T12347] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 01:50:58 executing program 5: [ 419.336483][T12341] loop1: p3 start 4293001441 is beyond EOD, truncated [ 419.343978][T12341] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 419.394874][ T33] audit: type=1804 audit(1595296258.823:460): pid=12349 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir738362163/syzkaller.q9EUTw/102/bus" dev="sda1" ino=15762 res=1 [ 419.419576][ T33] audit: type=1804 audit(1595296258.833:461): pid=12344 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir738362163/syzkaller.q9EUTw/102/bus" dev="sda1" ino=15762 res=1 [ 419.444034][ T33] audit: type=1804 audit(1595296258.833:462): pid=12344 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir738362163/syzkaller.q9EUTw/102/bus" dev="sda1" ino=15762 res=1 01:50:59 executing program 2: open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(0x0, 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) creat(&(0x7f0000000180)='./bus\x00', 0x0) 01:50:59 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(0xffffffffffffffff) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r2, 0x0, 0x19404, 0x0) 01:50:59 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x26c8, 0x0, &(0x7f0000000140)) 01:50:59 executing program 1: syz_read_part_table(0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f0000000040)="9bf972388ac7a3ead69add4ecbffb86fef5bd1fb4e0ae482d85edd99569b46fd1979ee49f1ef4facb6cf2f", 0x2b, 0x78ca}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8a", 0x1c0, 0x7}]) 01:50:59 executing program 5: 01:50:59 executing program 0: r0 = memfd_create(&(0x7f0000001fc1)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) write(r0, &(0x7f0000002000)='/', 0x1) ftruncate(r0, 0xfff) sendfile(r0, r0, &(0x7f0000001000), 0xfec) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) renameat2(0xffffffffffffffff, &(0x7f00000004c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xffffffffffffff9c, 0x0, 0x0) [ 419.957801][ T33] audit: type=1804 audit(1595296259.463:463): pid=12371 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir738362163/syzkaller.q9EUTw/103/bus" dev="sda1" ino=15762 res=1 [ 419.983208][ T33] audit: type=1804 audit(1595296259.503:464): pid=12371 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir738362163/syzkaller.q9EUTw/103/bus" dev="sda1" ino=15762 res=1 [ 420.008760][ T33] audit: type=1804 audit(1595296259.503:465): pid=12371 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir738362163/syzkaller.q9EUTw/103/bus" dev="sda1" ino=15762 res=1 [ 420.033111][ T33] audit: type=1804 audit(1595296259.513:466): pid=12371 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir738362163/syzkaller.q9EUTw/103/bus" dev="sda1" ino=15762 res=1 [ 420.067311][T12373] loop3: unable to read partition table [ 420.073979][T12373] loop3: partition table beyond EOD, truncated [ 420.080224][T12373] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 01:50:59 executing program 2: open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(0x0, 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) creat(&(0x7f0000000180)='./bus\x00', 0x0) 01:50:59 executing program 0: r0 = memfd_create(&(0x7f0000001fc1)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) write(r0, &(0x7f0000002000)='/', 0x1) ftruncate(r0, 0xfff) sendfile(r0, r0, &(0x7f0000001000), 0xfec) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) renameat2(0xffffffffffffffff, &(0x7f00000004c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xffffffffffffff9c, 0x0, 0x0) 01:50:59 executing program 5: [ 420.237472][T12379] loop1: [ 420.424679][ T33] audit: type=1804 audit(1595296260.003:467): pid=12389 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir738362163/syzkaller.q9EUTw/104/bus" dev="sda1" ino=16203 res=1 01:51:00 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x26c8, 0x1, &(0x7f0000000140)=[{0x0, 0x0, 0x1c0}]) 01:51:00 executing program 1: syz_read_part_table(0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f0000000040)="9bf972388ac7a3ead69add4ecbffb86fef5bd1fb4e0ae482d85edd99569b46fd1979ee49f1ef4facb6cf2f", 0x2b, 0x78ca}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8a", 0x1c0, 0x7}]) [ 420.556546][ T33] audit: type=1804 audit(1595296260.063:468): pid=12391 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir738362163/syzkaller.q9EUTw/104/bus" dev="sda1" ino=16203 res=1 01:51:00 executing program 0: r0 = memfd_create(&(0x7f0000001fc1)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) write(r0, &(0x7f0000002000)='/', 0x1) ftruncate(r0, 0xfff) sendfile(r0, r0, &(0x7f0000001000), 0xfec) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) renameat2(0xffffffffffffffff, &(0x7f00000004c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xffffffffffffff9c, 0x0, 0x0) 01:51:00 executing program 2: open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r4, 0x0, 0x8400fffffffb) creat(&(0x7f0000000180)='./bus\x00', 0x0) [ 420.884712][T12397] loop3: unable to read partition table [ 420.890662][T12397] loop3: partition table beyond EOD, truncated [ 420.897273][T12397] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) [ 420.984821][T12400] loop1: 01:51:01 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(0xffffffffffffffff) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r2, 0x0, 0x19404, 0x0) 01:51:01 executing program 5: 01:51:01 executing program 0: 01:51:01 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x26c8, 0x1, &(0x7f0000000140)=[{0x0, 0x0, 0x1c0}]) 01:51:01 executing program 1: syz_read_part_table(0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f0000000040)="9bf972388ac7a3ead69add4ecbffb86fef5bd1fb4e0ae482d85edd99569b46fd1979ee49f1ef4facb6cf2f", 0x2b, 0x78ca}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8a", 0x1c0, 0x7}]) 01:51:01 executing program 2: open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r4, 0x0, 0x8400fffffffb) creat(&(0x7f0000000180)='./bus\x00', 0x0) 01:51:01 executing program 0: [ 421.673742][T12415] loop1: 01:51:01 executing program 1: syz_read_part_table(0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f0000000040)="9bf972388ac7a3ead69add4ecbffb86fef5bd1fb4e0ae482d85edd99569b46fd1979ee49f1ef4facb6cf2f", 0x2b, 0x78ca}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640", 0x1e0, 0x7}]) [ 421.836104][T12423] loop3: unable to read partition table [ 421.842361][T12423] loop3: partition table beyond EOD, truncated [ 421.848603][T12423] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 01:51:01 executing program 5: 01:51:01 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x26c8, 0x1, &(0x7f0000000140)=[{0x0, 0x0, 0x1c0}]) 01:51:01 executing program 2: open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r4, 0x0, 0x8400fffffffb) creat(&(0x7f0000000180)='./bus\x00', 0x0) 01:51:01 executing program 0: [ 422.130517][T12433] loop1: [ 422.438267][ T4883] loop3: unable to read partition table [ 422.444393][ T4883] loop3: partition table beyond EOD, truncated [ 422.455796][T12443] loop3: unable to read partition table [ 422.462064][T12443] loop3: partition table beyond EOD, truncated [ 422.468298][T12443] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 01:51:02 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(0xffffffffffffffff) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r2, 0x0, 0x19404, 0x0) 01:51:02 executing program 5: 01:51:02 executing program 1: syz_read_part_table(0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f0000000040)="9bf972388ac7a3ead69add4ecbffb86fef5bd1fb4e0ae482d85edd99569b46fd1979ee49f1ef4facb6cf2f", 0x2b, 0x78ca}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640", 0x1e0, 0x7}]) 01:51:02 executing program 0: 01:51:02 executing program 2: open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x8400fffffffb) creat(&(0x7f0000000180)='./bus\x00', 0x0) 01:51:02 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x26c8, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180), 0x0, 0x1c0}]) [ 422.875693][T12454] loop1: 01:51:02 executing program 5: 01:51:02 executing program 0: [ 422.986175][ T4883] loop3: unable to read partition table [ 422.992758][ T4883] loop3: partition table beyond EOD, truncated [ 423.006817][T12458] loop3: unable to read partition table [ 423.013284][T12458] loop3: partition table beyond EOD, truncated [ 423.019545][T12458] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 01:51:02 executing program 5: 01:51:02 executing program 1: syz_read_part_table(0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f0000000040)="9bf972388ac7a3ead69add4ecbffb86fef5bd1fb4e0ae482d85edd99569b46fd1979ee49f1ef4facb6cf2f", 0x2b, 0x78ca}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640", 0x1e0, 0x7}]) 01:51:02 executing program 0: 01:51:02 executing program 2: open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x8400fffffffb) creat(&(0x7f0000000180)='./bus\x00', 0x0) [ 423.523347][T12472] loop1: 01:51:03 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r1, 0x0, 0x19404, 0x0) 01:51:03 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x26c8, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180), 0x0, 0x1c0}]) 01:51:03 executing program 5: 01:51:03 executing program 0: 01:51:03 executing program 1: syz_read_part_table(0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f0000000040)="9bf972388ac7a3ead69add4ecbffb86fef5bd1fb4e0ae482d85edd99569b46fd1979ee49f1ef4facb6cf2f", 0x2b, 0x78ca}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c", 0x1f0, 0x7}]) 01:51:03 executing program 2: open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x8400fffffffb) creat(&(0x7f0000000180)='./bus\x00', 0x0) 01:51:03 executing program 0: [ 424.105788][T12491] loop3: unable to read partition table [ 424.111938][T12491] loop3: partition table beyond EOD, truncated [ 424.118183][T12491] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) [ 424.131700][T12493] loop1: 01:51:03 executing program 5: 01:51:03 executing program 2: open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x0) creat(&(0x7f0000000180)='./bus\x00', 0x0) 01:51:03 executing program 1: syz_read_part_table(0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f0000000040)="9bf972388ac7a3ead69add4ecbffb86fef5bd1fb4e0ae482d85edd99569b46fd1979ee49f1ef4facb6cf2f", 0x2b, 0x78ca}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c", 0x1f0, 0x7}]) 01:51:04 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x26c8, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180), 0x0, 0x1c0}]) 01:51:04 executing program 0: [ 424.568635][ T33] kauditd_printk_skb: 32 callbacks suppressed [ 424.568697][ T33] audit: type=1804 audit(1595296264.144:501): pid=12508 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir738362163/syzkaller.q9EUTw/111/bus" dev="sda1" ino=16236 res=1 [ 424.683572][T12509] loop1: [ 424.700801][ T33] audit: type=1804 audit(1595296264.244:502): pid=12513 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir738362163/syzkaller.q9EUTw/111/bus" dev="sda1" ino=16236 res=1 [ 424.725570][ T33] audit: type=1804 audit(1595296264.254:503): pid=12508 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir738362163/syzkaller.q9EUTw/111/bus" dev="sda1" ino=16236 res=1 [ 424.750257][ T33] audit: type=1804 audit(1595296264.254:504): pid=12508 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir738362163/syzkaller.q9EUTw/111/bus" dev="sda1" ino=16236 res=1 [ 424.775413][ T33] audit: type=1804 audit(1595296264.254:505): pid=12508 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir738362163/syzkaller.q9EUTw/111/bus" dev="sda1" ino=16236 res=1 [ 424.903835][T12515] loop3: unable to read partition table [ 424.909850][T12515] loop3: partition table beyond EOD, truncated [ 424.916467][T12515] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 01:51:04 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r1, 0x0, 0x19404, 0x0) 01:51:04 executing program 5: 01:51:04 executing program 0: 01:51:04 executing program 2: open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x0) creat(&(0x7f0000000180)='./bus\x00', 0x0) 01:51:04 executing program 1: syz_read_part_table(0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f0000000040)="9bf972388ac7a3ead69add4ecbffb86fef5bd1fb4e0ae482d85edd99569b46fd1979ee49f1ef4facb6cf2f", 0x2b, 0x78ca}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c", 0x1f0, 0x7}]) 01:51:04 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x26c8, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="020181ffffff0a000000ff45ac0000ffffffbf00e93119000000000000068017", 0x20, 0x1c0}]) [ 425.183709][T12525] loop1: 01:51:04 executing program 5: [ 425.310789][ T33] audit: type=1804 audit(1595296264.884:506): pid=12534 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir738362163/syzkaller.q9EUTw/112/bus" dev="sda1" ino=16208 res=1 01:51:04 executing program 0: 01:51:04 executing program 1: syz_read_part_table(0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f0000000040)="9bf972388ac7a3ead69add4ecbffb86fef5bd1fb4e0ae482d85edd99569b46fd1979ee49f1ef4facb6cf2f", 0x2b, 0x78ca}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181bebc72be", 0x1f8, 0x7}]) [ 425.415848][ T33] audit: type=1804 audit(1595296264.964:507): pid=12534 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir738362163/syzkaller.q9EUTw/112/bus" dev="sda1" ino=16208 res=1 [ 425.440649][ T33] audit: type=1804 audit(1595296264.964:508): pid=12534 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir738362163/syzkaller.q9EUTw/112/bus" dev="sda1" ino=16208 res=1 [ 425.465278][ T33] audit: type=1804 audit(1595296264.974:509): pid=12534 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir738362163/syzkaller.q9EUTw/112/bus" dev="sda1" ino=16208 res=1 [ 425.490589][ T33] audit: type=1804 audit(1595296264.974:510): pid=12534 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir738362163/syzkaller.q9EUTw/112/bus" dev="sda1" ino=16208 res=1 [ 425.524554][T12536] loop3: unable to read partition table [ 425.530530][T12536] loop3: partition table beyond EOD, truncated [ 425.536934][T12536] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 01:51:05 executing program 5: 01:51:05 executing program 5: 01:51:05 executing program 2: open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x0) creat(&(0x7f0000000180)='./bus\x00', 0x0) 01:51:05 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r1, 0x0, 0x19404, 0x0) 01:51:05 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x26c8, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="020181ffffff0a000000ff45ac0000ffffffbf00e93119000000000000068017", 0x20, 0x1c0}]) 01:51:05 executing program 0: 01:51:05 executing program 1: syz_read_part_table(0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f0000000040)="9bf972388ac7a3ead69add4ecbffb86fef5bd1fb4e0ae482d85edd99569b46fd1979ee49f1ef4facb6cf2f", 0x2b, 0x78ca}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c", 0x1f0, 0x7}]) 01:51:05 executing program 5: 01:51:05 executing program 2: open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) creat(0x0, 0x0) 01:51:06 executing program 5: [ 426.494449][T12560] loop3: unable to read partition table [ 426.500432][T12560] loop3: partition table beyond EOD, truncated [ 426.506905][T12560] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) [ 426.582773][T12564] loop1: 01:51:06 executing program 0: 01:51:06 executing program 1: syz_read_part_table(0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f0000000040)="9bf972388ac7a3ead69add4ecbffb86fef5bd1fb4e0ae482d85edd99569b46fd1979ee49f1ef4facb6cf2f", 0x2b, 0x78ca}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c", 0x1f0, 0x7}]) 01:51:06 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x26c8, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="020181ffffff0a000000ff45ac0000ffffffbf00e93119000000000000068017", 0x20, 0x1c0}]) 01:51:06 executing program 0: 01:51:06 executing program 5: [ 427.153137][T12578] loop1: [ 427.254922][T12581] loop3: unable to read partition table [ 427.261036][T12581] loop3: partition table beyond EOD, truncated [ 427.267278][T12581] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 01:51:07 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, 0x0, 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r2, 0x0, 0x19404, 0x0) 01:51:07 executing program 1: syz_read_part_table(0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f0000000040)="9bf972388ac7a3ead69add4ecbffb86fef5bd1fb4e0ae482d85edd99569b46fd1979ee49f1ef4facb6cf2f", 0x2b, 0x78ca}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c", 0x1f0, 0x7}]) 01:51:07 executing program 0: 01:51:07 executing program 5: 01:51:07 executing program 2: open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) creat(0x0, 0x0) 01:51:07 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x26c8, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="020181ffffff0a000000ff45ac0000ffffffbf00e931190000000000000680170003a6ffffffe100e2ff877700720030", 0x30, 0x1c0}]) [ 427.762810][T12594] loop1: 01:51:07 executing program 0: 01:51:07 executing program 1: syz_read_part_table(0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f0000000040)="9bf972388ac7a3ead69add4ecbffb86fef5bd1fb4e0ae482d85edd99569b46fd1979ee49f1ef4facb6cf2f", 0x2b, 0x78ca}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181", 0x1f4, 0x7}]) 01:51:07 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, 0x0, 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r2, 0x0, 0x19404, 0x0) 01:51:07 executing program 5: [ 428.012608][T12603] loop3: unable to read partition table [ 428.018497][T12603] loop3: partition table beyond EOD, truncated [ 428.025412][T12603] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 01:51:07 executing program 0: 01:51:08 executing program 5: [ 428.389545][T12616] loop1: 01:51:08 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x26c8, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="020181ffffff0a000000ff45ac0000ffffffbf00e931190000000000000680170003a6ffffffe100e2ff877700720030", 0x30, 0x1c0}]) 01:51:08 executing program 0: 01:51:08 executing program 1: syz_read_part_table(0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f0000000040)="9bf972388ac7a3ead69add4ecbffb86fef5bd1fb4e0ae482d85edd99569b46fd1979ee49f1ef4facb6cf2f", 0x2b, 0x78ca}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181", 0x1f4, 0x7}]) 01:51:08 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, 0x0, 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r2, 0x0, 0x19404, 0x0) [ 428.833979][T12626] loop3: unable to read partition table [ 428.839916][T12626] loop3: partition table beyond EOD, truncated [ 428.846438][T12626] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 01:51:08 executing program 2: open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f0000000000)) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x46000) lseek(r1, 0x4200, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x6, &(0x7f00000004c0)=0x0) io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) r4 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8400fffffffb) creat(0x0, 0x0) 01:51:08 executing program 5: 01:51:08 executing program 0: [ 429.063053][T12632] loop1: 01:51:08 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r2, 0x0, 0x19404, 0x0) 01:51:08 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x26c8, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="020181ffffff0a000000ff45ac0000ffffffbf00e931190000000000000680170003a6ffffffe100e2ff877700720030", 0x30, 0x1c0}]) 01:51:08 executing program 1: syz_read_part_table(0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f0000000040)="9bf972388ac7a3ead69add4ecbffb86fef5bd1fb4e0ae482d85edd99569b46fd1979ee49f1ef4facb6cf2f", 0x2b, 0x78ca}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181", 0x1f4, 0x7}]) 01:51:08 executing program 0: 01:51:08 executing program 5: 01:51:09 executing program 0: [ 429.543864][T12648] loop1: [ 429.655114][T12655] loop3: unable to read partition table [ 429.661262][T12655] loop3: partition table beyond EOD, truncated [ 429.667491][T12655] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 01:51:09 executing program 5: 01:51:09 executing program 1: syz_read_part_table(0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f0000000040)="9bf972388ac7a3ead69add4ecbffb86fef5bd1fb4e0ae482d85edd99569b46fd1979ee49f1ef4facb6cf2f", 0x2b, 0x78ca}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181bebc", 0x1f6, 0x7}]) 01:51:09 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x26c8, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="020181ffffff0a000000ff45ac0000ffffffbf00e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff0000", 0x38, 0x1c0}]) 01:51:09 executing program 2: 01:51:10 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r2, 0x0, 0x19404, 0x0) [ 430.654828][T12673] loop3: unable to read partition table [ 430.660810][T12673] loop3: partition table beyond EOD, truncated [ 430.667430][T12673] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 01:51:10 executing program 2: 01:51:10 executing program 0: 01:51:10 executing program 5: [ 430.753202][T12670] loop1: 01:51:10 executing program 1: syz_read_part_table(0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f0000000040)="9bf972388ac7a3ead69add4ecbffb86fef5bd1fb4e0ae482d85edd99569b46fd1979ee49f1ef4facb6cf2f", 0x2b, 0x78ca}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181bebc", 0x1f6, 0x7}]) 01:51:10 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x26c8, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="020181ffffff0a000000ff45ac0000ffffffbf00e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff0000", 0x38, 0x1c0}]) 01:51:10 executing program 0: 01:51:10 executing program 2: 01:51:10 executing program 5: [ 431.293754][T12690] loop1: [ 431.418810][T12692] loop3: unable to read partition table [ 431.424976][T12692] loop3: partition table beyond EOD, truncated [ 431.431522][T12692] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 01:51:11 executing program 1: syz_read_part_table(0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f0000000040)="9bf972388ac7a3ead69add4ecbffb86fef5bd1fb4e0ae482d85edd99569b46fd1979ee49f1ef4facb6cf2f", 0x2b, 0x78ca}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181bebc", 0x1f6, 0x7}]) 01:51:11 executing program 0: 01:51:11 executing program 5: 01:51:11 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r2, 0x0, 0x19404, 0x0) 01:51:11 executing program 2: 01:51:11 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x26c8, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="020181ffffff0a000000ff45ac0000ffffffbf00e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff0000", 0x38, 0x1c0}]) [ 431.784005][ T4883] loop1: [ 431.789953][T12704] loop1: 01:51:11 executing program 2: [ 431.989432][T12714] loop3: unable to read partition table [ 431.995918][T12714] loop3: partition table beyond EOD, truncated [ 432.002512][T12714] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 01:51:11 executing program 0: 01:51:11 executing program 2: 01:51:11 executing program 1: syz_read_part_table(0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f0000000040)="9bf972388ac7a3ead69add4ecbffb86fef5bd1fb4e0ae482d85edd99569b46fd1979ee49f1ef4facb6cf2f", 0x2b, 0x78ca}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181bebc72", 0x1f7, 0x7}]) 01:51:11 executing program 5: 01:51:11 executing program 0: 01:51:11 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x26c8, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="020181ffffff0a000000ff45ac0000ffffffbf00e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff000000000080", 0x3c, 0x1c0}]) 01:51:12 executing program 2: bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0xa, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000008500)={0x0, 0x0, 0x0, 0x0, &(0x7f00000084c0)=""/54, 0x36}, 0x0) perf_event_open(&(0x7f0000000500)={0x1, 0x70, 0xff, 0x4, 0x96, 0x3a, 0x0, 0xa2, 0x84, 0x2, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x2, 0x4, @perf_bp={&(0x7f00000004c0), 0xa}, 0x4202a, 0x9, 0x8, 0x8, 0x3, 0x5, 0x100}, 0x0, 0xe, 0xffffffffffffffff, 0x1) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, [], 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1}, 0x6d) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000280)={r1, 0x8c, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) gettid() r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={@map=0x1, r3}, 0x10) sendmsg(0xffffffffffffffff, &(0x7f00000017c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYRESHEX], 0x10d8}, 0x4010) ioctl$TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000580)=0x1) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=r2, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x541b, 0x743000) perf_event_open$cgroup(&(0x7f0000000180)={0x4, 0x70, 0x0, 0x0, 0x6, 0x0, 0x0, 0x8, 0xc, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, @perf_config_ext={0x1}, 0x0, 0x7, 0x3, 0x4, 0xffffffff80000000, 0x0, 0x5}, 0xffffffffffffffff, 0x0, r4, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) bpf$PROG_LOAD(0x5, 0x0, 0x0) [ 432.487813][T12725] loop1: 01:51:12 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) bind(r0, &(0x7f0000000000)=@in6={0x1c, 0x1c, 0x1}, 0x1c) [ 432.609793][T12731] loop3: unable to read partition table [ 432.615730][T12731] loop3: partition table beyond EOD, truncated [ 432.622156][T12731] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 01:51:12 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r2, 0x0, 0x19404, 0x0) 01:51:12 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) connect$inet6(r0, &(0x7f0000000180)={0x1c, 0x1c, 0x2}, 0x1c) shutdown(r0, 0x1) 01:51:12 executing program 1: syz_read_part_table(0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f0000000040)="9bf972388ac7a3ead69add4ecbffb86fef5bd1fb4e0ae482d85edd99569b46fd1979ee49f1ef4facb6cf2f", 0x2b, 0x78ca}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181bebc72", 0x1f7, 0x7}]) 01:51:12 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x26c8, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="020181ffffff0a000000ff45ac0000ffffffbf00e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff000000000080", 0x3c, 0x1c0}]) 01:51:12 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x25, &(0x7f0000000080), &(0x7f0000000180)=0x4) [ 433.113535][T12748] loop1: [ 433.236904][T12758] loop3: unable to read partition table [ 433.242918][T12758] loop3: partition table beyond EOD, truncated [ 433.249145][T12758] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) [ 433.329236][ T4883] loop3: unable to read partition table [ 433.335631][ T4883] loop3: partition table beyond EOD, truncated 01:51:12 executing program 2: r0 = socket$inet_sctp(0x2, 0x1, 0x84) connect$inet(r0, &(0x7f00000000c0)={0x10, 0x2}, 0x10) 01:51:13 executing program 1: syz_read_part_table(0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f0000000040)="9bf972388ac7a3ead69add4ecbffb86fef5bd1fb4e0ae482d85edd99569b46fd1979ee49f1ef4facb6cf2f", 0x2b, 0x78ca}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181bebc72", 0x1f7, 0x7}]) 01:51:13 executing program 0: 01:51:13 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x81, 0x0) r3 = dup2(r1, r2) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$FUSE_POLL(r3, &(0x7f0000000180)={0x18}, 0x18) 01:51:13 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x26c8, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="020181ffffff0a000000ff45ac0000ffffffbf00e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff000000000080", 0x3c, 0x1c0}]) [ 433.829728][T12773] loop1: 01:51:13 executing program 2: r0 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/bluetooth/6lowpan_enable\x00', 0x2, 0x0) r1 = socket$kcm(0x10, 0x3, 0x0) sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000420081aee405e9a4000000000000c6ff07d800400300"/35, 0x23}], 0x1}, 0x0) recvmsg$kcm(r1, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)=""/101, 0x65}, {&(0x7f0000000280)=""/91, 0x5}, {&(0x7f0000000300)=""/4096, 0x1000}], 0x3}, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000019c0)='/dev/sequencer\x00', 0x1, 0x0) write$sndseq(r3, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xff33) r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000019c0)='/dev/sequencer\x00', 0x1, 0x0) write$sndseq(r4, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xff33) 01:51:13 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) [ 434.064977][T12782] loop3: unable to read partition table [ 434.070952][T12782] loop3: partition table beyond EOD, truncated [ 434.077417][T12782] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 01:51:13 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r2, 0x0, 0x19404, 0x0) 01:51:13 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000000), 0x4fa000) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x8) ioctl$TUNSETFILTEREBPF(r0, 0x6628, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r0, &(0x7f00000002c0), 0xfffffedd) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() 01:51:13 executing program 1: syz_read_part_table(0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f0000000040)="9bf972388ac7a3ead69add4ecbffb86fef5bd1fb4e0ae482d85edd99569b46fd1979ee49f1ef4facb6cf2f", 0x2b, 0x78ca}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181bebc72be", 0x1f8}]) 01:51:14 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x26c8, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="020181ffffff0a000000ff45ac0000ffffffbf00e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da", 0x3e, 0x1c0}]) 01:51:14 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:51:14 executing program 1: syz_read_part_table(0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f0000000040)="9bf972388ac7a3ead69add4ecbffb86fef5bd1fb4e0ae482d85edd99569b46fd1979ee49f1ef4facb6cf2f", 0x2b, 0x78ca}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181bebc72be", 0x1f8}]) 01:51:14 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000040000000000000000000807e00"}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000140)=0x14) [ 434.968129][T12810] loop3: unable to read partition table [ 434.974798][T12810] loop3: partition table beyond EOD, truncated [ 434.981033][T12810] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 01:51:14 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x26c8, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="020181ffffff0a000000ff45ac0000ffffffbf00e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da", 0x3e, 0x1c0}]) 01:51:15 executing program 1: syz_read_part_table(0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f0000000040)="9bf972388ac7a3ead69add4ecbffb86fef5bd1fb4e0ae482d85edd99569b46fd1979ee49f1ef4facb6cf2f", 0x2b, 0x78ca}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181bebc72be", 0x1f8}]) 01:51:15 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r2, 0x0, 0x19404, 0x0) 01:51:15 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) [ 435.689707][T12833] loop3: unable to read partition table [ 435.695768][T12833] loop3: partition table beyond EOD, truncated [ 435.702197][T12833] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 01:51:15 executing program 2: r0 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r0, &(0x7f0000000640)=ANY=[@ANYBLOB='#'], 0x191) close(r0) clone(0x81000b80, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) 01:51:15 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000000), 0x4fa000) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x8) ioctl$TUNSETFILTEREBPF(r0, 0x6628, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r0, &(0x7f00000002c0), 0xfffffedd) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() 01:51:15 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x26c8, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="020181ffffff0a000000ff45ac0000ffffffbf00e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da", 0x3e, 0x1c0}]) 01:51:15 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181bebc72be", 0x1f8, 0x7}]) 01:51:15 executing program 2: clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4000000000000073, 0x68001) ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000000)={0x23, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0}) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="48000000100005"], 0x48}}, 0x0) 01:51:15 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) [ 436.386551][T12858] loop3: unable to read partition table [ 436.392973][T12858] loop3: partition table beyond EOD, truncated [ 436.399210][T12858] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) [ 436.548497][T12865] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 436.609275][T12872] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 436.634519][ T4883] Dev loop1: unable to read RDB block 1 [ 436.640466][ T4883] loop1: unable to read partition table [ 436.647176][ T4883] loop1: partition table beyond EOD, truncated 01:51:16 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x26c8, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="020181ffffff0a000000ff45ac0000ffffffbf00e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55", 0x3f, 0x1c0}]) [ 436.664771][T12870] Dev loop1: unable to read RDB block 1 [ 436.670571][T12870] loop1: unable to read partition table [ 436.676564][T12870] loop1: partition table beyond EOD, truncated [ 436.682987][T12870] loop_reread_partitions: partition scan of loop1 () failed (rc=-5) 01:51:16 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r2, 0x0, 0x19404, 0x0) 01:51:16 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) clone(0x26800900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='overlay\x00', 0x0, &(0x7f0000000480)={[{@metacopy_on='metacopy=on'}]}) 01:51:16 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {0x0, 0x0, 0x7}]) 01:51:16 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) [ 437.164410][T12881] loop3: unable to read partition table [ 437.170250][T12881] loop3: partition table beyond EOD, truncated [ 437.176908][T12881] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 01:51:16 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r3, 0x0, 0x81, 0x0) close(r2) r4 = dup2(r1, r3) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$FUSE_POLL(r4, &(0x7f0000000180)={0x18}, 0x18) 01:51:16 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) clone(0x26800900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='overlay\x00', 0x0, &(0x7f0000000480)={[{@metacopy_on='metacopy=on'}]}) [ 437.300546][T12887] overlayfs: missing 'lowerdir' [ 437.318826][T12890] overlayfs: missing 'lowerdir' 01:51:17 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x26c8, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="020181ffffff0a000000ff45ac0000ffffffbf00e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55", 0x3f, 0x1c0}]) [ 437.585006][T12896] loop1: p1 p2 p3 p4 [ 437.589324][T12896] loop1: partition table partially beyond EOD, truncated [ 437.597127][T12896] loop1: p1 start 10 is beyond EOD, truncated [ 437.603352][T12896] loop1: p2 start 25 is beyond EOD, truncated [ 437.609480][T12896] loop1: p3 start 4293001441 is beyond EOD, truncated [ 437.616463][T12896] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 437.802969][T12906] overlayfs: missing 'lowerdir' [ 437.811049][T12907] loop3: unable to read partition table [ 437.817426][T12907] loop3: partition table beyond EOD, truncated [ 437.823968][T12907] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 01:51:17 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r0, 0x0) openat$uhid(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uhid\x00', 0x0, 0x0) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000240)='/dev/dlm_plock\x00', 0x800, 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="2a00000004003e0000000000000000000300049a71a8000463000000004cf557b492079d4c4a1ac54d3a1425b7fbd17ed411e627500b8d37d786d875c3a99649789b10737fc826e6d774fd624543323bcad068abbaf9eda4b50de1523eece3ef6ce615b09db91a3558412a78edc06b41aa210ea7335ce864de3fc8a87250d19c262cdd3d0e5f2bd9dc6c41b59bbf73eb707ed6ff4a43302861c1082ea7f19bfd9ece3a408fd22b00938fcbafa42a8e4d4400792291a63f3800"/199], 0x2a) openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$EVIOCGABS2F(0xffffffffffffffff, 0x8018456f, &(0x7f0000000540)=""/136) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) ioctl$TIOCCONS(r2, 0x541d) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x2, 0x0) ioctl$int_in(r3, 0x800000c0045005, &(0x7f00000004c0)=0x100040000) clone(0x80000000, 0x0, 0xfffffffffffffffe, &(0x7f0000000500), 0xffffffffffffffff) 01:51:17 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) clone(0x26800900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='overlay\x00', 0x0, &(0x7f0000000480)={[{@metacopy_on='metacopy=on'}]}) 01:51:17 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x26c8, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="020181ffffff0a000000ff45ac0000ffffffbf00e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55", 0x3f, 0x1c0}]) 01:51:17 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {0x0, 0x0, 0x7}]) 01:51:17 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r2, 0x0, 0x19404, 0x0) 01:51:17 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) clone(0x26800900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='overlay\x00', 0x0, &(0x7f0000000480)={[{@metacopy_on='metacopy=on'}]}) [ 438.183038][T12918] overlayfs: missing 'lowerdir' [ 438.268675][T12921] Unknown ioctl 21533 01:51:18 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x0, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) perf_event_open(&(0x7f0000000440)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000080)='syz_tun\x00', 0x4d) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='ns\x00') perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:51:18 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) [ 438.584179][T12927] loop1: p1 p2 p3 p4 [ 438.588256][T12927] loop1: partition table partially beyond EOD, truncated [ 438.595972][T12927] loop1: p1 start 10 is beyond EOD, truncated [ 438.602495][T12927] loop1: p2 start 25 is beyond EOD, truncated [ 438.608642][T12927] loop1: p3 start 4293001441 is beyond EOD, truncated [ 438.615604][T12927] loop1: p4 size 3657465856 extends beyond EOD, truncated 01:51:18 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='overlay\x00', 0x0, &(0x7f0000000480)={[{@metacopy_on='metacopy=on'}]}) [ 438.704046][T12938] overlayfs: missing 'lowerdir' [ 438.737674][T12929] loop3: unable to read partition table [ 438.744262][T12929] loop3: partition table beyond EOD, truncated [ 438.750511][T12929] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) [ 438.918765][T12945] kvm [12941]: vcpu0, guest rIP: 0x14c Hyper-V unhandled wrmsr: 0x4000003c data 0x6 [ 438.928864][T12945] kvm [12941]: vcpu0, guest rIP: 0x14c Hyper-V unhandled wrmsr: 0x40000033 data 0x3d 01:51:18 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {0x0, 0x0, 0x7}]) [ 438.981375][T12945] kvm [12941]: vcpu0, guest rIP: 0x14c Hyper-V unhandled wrmsr: 0x4000008e data 0x32 [ 439.026024][T12945] kvm [12941]: vcpu0, guest rIP: 0x14c Hyper-V unhandled wrmsr: 0x4000000f data 0x9a [ 439.067646][T12945] kvm [12941]: vcpu0, guest rIP: 0x14c Hyper-V unhandled wrmsr: 0x40000044 data 0xb8 [ 439.107954][T12953] overlayfs: missing 'lowerdir' [ 439.122295][T12945] kvm [12941]: vcpu0, guest rIP: 0x14c Hyper-V unhandled wrmsr: 0x4000003d data 0x45 01:51:18 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x26c8, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="020181ffffff0a000000ff45ac0000ffffffbf00e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40}]) 01:51:18 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r2, 0x0, 0x19404, 0x0) [ 439.223063][T12945] kvm [12941]: vcpu0, guest rIP: 0x14c Hyper-V unhandled wrmsr: 0x40000042 data 0xc9 [ 439.296850][T12945] kvm [12941]: vcpu0, guest rIP: 0x14c Hyper-V unhandled wrmsr: 0x40000041 data 0xdb 01:51:18 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='overlay\x00', 0x0, &(0x7f0000000480)={[{@metacopy_on='metacopy=on'}]}) [ 439.350337][T12945] kvm [12941]: vcpu0, guest rIP: 0x14c Hyper-V unhandled wrmsr: 0x40000052 data 0x40 [ 439.361722][T12945] kvm [12941]: vcpu0, guest rIP: 0x14c Hyper-V unhandled wrmsr: 0x40000056 data 0x53 [ 439.432361][T12956] loop1: p1 p2 p3 p4 [ 439.436650][T12956] loop1: partition table partially beyond EOD, truncated [ 439.444510][T12956] loop1: p1 start 10 is beyond EOD, truncated [ 439.450655][T12956] loop1: p2 start 25 is beyond EOD, truncated [ 439.456969][T12956] loop1: p3 start 4293001441 is beyond EOD, truncated [ 439.463915][T12956] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 439.605771][T12962] loop3: unable to read partition table [ 439.612033][T12962] loop3: partition table beyond EOD, truncated [ 439.618332][T12962] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) [ 439.842817][T12976] overlayfs: missing 'lowerdir' 01:51:19 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r0, 0x0) openat$uhid(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uhid\x00', 0x0, 0x0) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000240)='/dev/dlm_plock\x00', 0x800, 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="2a00000004003e0000000000000000000300049a71a8000463000000004cf557b492079d4c4a1ac54d3a1425b7fbd17ed411e627500b8d37d786d875c3a99649789b10737fc826e6d774fd624543323bcad068abbaf9eda4b50de1523eece3ef6ce615b09db91a3558412a78edc06b41aa210ea7335ce864de3fc8a87250d19c262cdd3d0e5f2bd9dc6c41b59bbf73eb707ed6ff4a43302861c1082ea7f19bfd9ece3a408fd22b00938fcbafa42a8e4d4400792291a63f3800"/199], 0x2a) openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$EVIOCGABS2F(0xffffffffffffffff, 0x8018456f, &(0x7f0000000540)=""/136) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) ioctl$TIOCCONS(r2, 0x541d) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x2, 0x0) ioctl$int_in(r3, 0x800000c0045005, &(0x7f00000004c0)=0x100040000) r4 = perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xa, 0xffffffffffffffff, 0x1) fcntl$dupfd(r4, 0x0, 0xffffffffffffffff) 01:51:19 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f00000001c0), 0x0, 0x7}]) 01:51:19 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x26c8, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="020181ffffff0a000000ff45ac0000ffffffbf00e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40}]) 01:51:19 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) 01:51:19 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='overlay\x00', 0x0, &(0x7f0000000480)={[{@metacopy_on='metacopy=on'}]}) [ 440.108161][T12980] Unknown ioctl 21533 [ 440.251353][T12987] overlayfs: missing 'lowerdir' 01:51:20 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r2, 0x0, 0x19404, 0x0) [ 440.384921][ T4883] loop3: unable to read partition table [ 440.391038][ T4883] loop3: partition table beyond EOD, truncated [ 440.406145][T12984] loop3: unable to read partition table [ 440.412337][T12984] loop3: partition table beyond EOD, truncated [ 440.418578][T12984] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) [ 440.444340][T12985] loop1: p1 p2 p3 p4 [ 440.448589][T12985] loop1: partition table partially beyond EOD, truncated [ 440.456402][T12985] loop1: p1 start 10 is beyond EOD, truncated [ 440.462638][T12985] loop1: p2 start 25 is beyond EOD, truncated [ 440.469137][T12985] loop1: p3 start 4293001441 is beyond EOD, truncated [ 440.476266][T12985] loop1: p4 size 3657465856 extends beyond EOD, truncated 01:51:20 executing program 2: clone(0x26800900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='overlay\x00', 0x0, &(0x7f0000000480)={[{@metacopy_on='metacopy=on'}]}) [ 440.550424][T12980] Unknown ioctl 21533 01:51:20 executing program 3: preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x26c8, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="020181ffffff0a000000ff45ac0000ffffffbf00e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40}]) 01:51:20 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x1000000001, 0x84) sendto(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)=@in6={0x1c, 0x1c, 0x3}, 0xc) 01:51:20 executing program 2: clone(0x26800900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='overlay\x00', 0x0, &(0x7f0000000480)={[{@metacopy_on='metacopy=on'}]}) 01:51:20 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f00000001c0), 0x0, 0x7}]) 01:51:21 executing program 2: clone(0x26800900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='overlay\x00', 0x0, &(0x7f0000000480)={[{@metacopy_on='metacopy=on'}]}) [ 441.447711][T13011] loop3: unable to read partition table [ 441.453817][T13011] loop3: partition table beyond EOD, truncated [ 441.460068][T13011] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 01:51:21 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r2, 0x0, 0x19404, 0x0) [ 441.615619][ T4883] loop1: p1 p2 p3 p4 [ 441.619865][ T4883] loop1: partition table partially beyond EOD, truncated [ 441.627762][ T4883] loop1: p1 start 10 is beyond EOD, truncated [ 441.634042][ T4883] loop1: p2 start 25 is beyond EOD, truncated [ 441.640340][ T4883] loop1: p3 start 4293001441 is beyond EOD, truncated [ 441.647348][ T4883] loop1: p4 size 3657465856 extends beyond EOD, truncated 01:51:21 executing program 2: mknod$loop(0x0, 0x0, 0x1) clone(0x26800900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='overlay\x00', 0x0, &(0x7f0000000480)={[{@metacopy_on='metacopy=on'}]}) [ 441.705842][T13020] loop1: p1 p2 p3 p4 [ 441.710044][T13020] loop1: partition table partially beyond EOD, truncated [ 441.717820][T13020] loop1: p1 start 10 is beyond EOD, truncated [ 441.724135][T13020] loop1: p2 start 25 is beyond EOD, truncated [ 441.730279][T13020] loop1: p3 start 4293001441 is beyond EOD, truncated [ 441.737260][T13020] loop1: p4 size 3657465856 extends beyond EOD, truncated 01:51:21 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x23, &(0x7f0000000100), &(0x7f0000000040)=0x1e0) 01:51:23 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) readv(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:51:23 executing program 2: mknod$loop(0x0, 0x0, 0x1) clone(0x26800900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='overlay\x00', 0x0, &(0x7f0000000480)={[{@metacopy_on='metacopy=on'}]}) 01:51:23 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f00000001c0), 0x0, 0x7}]) 01:51:23 executing program 3: r0 = socket$inet_sctp(0x2, 0x5, 0x84) connect$inet(r0, &(0x7f0000000000)={0x10, 0x2}, 0x10) 01:51:23 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) connect$inet(r0, &(0x7f00000000c0)={0x10, 0x2}, 0x10) sendmsg$inet_sctp(r0, &(0x7f0000000740)={&(0x7f0000000000)=@in6={0x1c, 0x1c, 0x1}, 0x1c, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="100087"], 0x20}, 0x181) 01:51:23 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r2, 0x0, 0x19404, 0x0) [ 443.786006][T13065] loop1: p1 p2 p3 p4 [ 443.790309][T13065] loop1: partition table partially beyond EOD, truncated [ 443.798406][T13065] loop1: p1 start 10 is beyond EOD, truncated [ 443.804811][T13065] loop1: p2 start 25 is beyond EOD, truncated [ 443.810936][T13065] loop1: p3 start 4293001441 is beyond EOD, truncated [ 443.817857][T13065] loop1: p4 size 3657465856 extends beyond EOD, truncated 01:51:23 executing program 2: mknod$loop(0x0, 0x0, 0x1) clone(0x26800900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='overlay\x00', 0x0, &(0x7f0000000480)={[{@metacopy_on='metacopy=on'}]}) 01:51:23 executing program 3: r0 = socket$inet_sctp(0x2, 0x5, 0x84) connect$inet(r0, &(0x7f00000001c0)={0x10, 0x2}, 0x10) setsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xc, &(0x7f00000000c0), 0xb) 01:51:23 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) connect$inet(r0, &(0x7f00000001c0)={0x10, 0x2}, 0x74) 01:51:23 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) readv(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:51:24 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d", 0xfc, 0x7}]) 01:51:24 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) write$binfmt_misc(r0, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x19404, 0x0) 01:51:24 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) readv(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:51:24 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x1000000001, 0x84) sendto(r0, &(0x7f0000000180)="a6", 0x1, 0x6010c, &(0x7f0000000240)=@in6={0x1c, 0x1c, 0x1}, 0x1c) sendto(r0, &(0x7f00000002c0)="7f", 0x1, 0x0, 0x0, 0x0) [ 444.825932][T13087] loop1: p1 p2 p3 p4 [ 444.830071][T13087] loop1: partition table partially beyond EOD, truncated [ 444.838713][T13087] loop1: p1 start 10 is beyond EOD, truncated [ 444.844987][T13087] loop1: p2 start 25 is beyond EOD, truncated [ 444.851126][T13087] loop1: p3 start 4293001441 is beyond EOD, truncated [ 444.858092][T13087] loop1: p4 size 3657465856 extends beyond EOD, truncated 01:51:24 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) connect$inet(r0, &(0x7f0000000100)={0x10, 0x2}, 0x10) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f0000000300)=ANY=[@ANYBLOB="10024e23ac1400bb"], &(0x7f0000000100)=0xa0) 01:51:24 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='overlay\x00', 0x0, &(0x7f0000000480)={[{@metacopy_on='metacopy=on'}]}) 01:51:24 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r1, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:51:24 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d", 0xfc, 0x7}]) [ 445.447974][T13110] overlayfs: missing 'lowerdir' 01:51:25 executing program 3: recvmsg(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) connect$inet(r0, &(0x7f0000000180)={0x10, 0x2}, 0x10) 01:51:25 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x1000000001, 0x84) bind(r0, &(0x7f0000000000)=@un=@file={0xa}, 0xa) 01:51:25 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='overlay\x00', 0x0, &(0x7f0000000480)={[{@metacopy_on='metacopy=on'}]}) 01:51:25 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x1a, &(0x7f0000000000), 0x8) [ 445.694677][T13117] loop1: p1 p2 p3 p4 [ 445.698970][T13117] loop1: partition table partially beyond EOD, truncated [ 445.706876][T13117] loop1: p1 start 10 is beyond EOD, truncated [ 445.713171][T13117] loop1: p2 start 25 is beyond EOD, truncated [ 445.719304][T13117] loop1: p3 start 4293001441 is beyond EOD, truncated [ 445.726332][T13117] loop1: p4 size 3657465856 extends beyond EOD, truncated 01:51:25 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) write$binfmt_misc(r0, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x19404, 0x0) [ 445.916487][ T4883] loop1: p1 p2 p3 p4 [ 445.920898][ T4883] loop1: partition table partially beyond EOD, truncated [ 445.928670][ T4883] loop1: p1 start 10 is beyond EOD, truncated [ 445.935108][ T4883] loop1: p2 start 25 is beyond EOD, truncated [ 445.941245][ T4883] loop1: p3 start 4293001441 is beyond EOD, truncated [ 445.948201][ T4883] loop1: p4 size 3657465856 extends beyond EOD, truncated 01:51:25 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) r1 = dup2(r0, r0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x19, &(0x7f0000000040), &(0x7f00000000c0)=0x8) [ 445.998803][T13138] overlayfs: missing 'lowerdir' 01:51:25 executing program 3: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) r1 = dup2(r0, r0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) r2 = socket$inet6_sctp(0x1c, 0x5, 0x84) r3 = dup2(r2, r2) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x21, &(0x7f0000000040)={0xb3, 0x0, 0x0, 0x0, r4}, 0x10) 01:51:25 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='overlay\x00', 0x0, &(0x7f0000000480)={[{@metacopy_on='metacopy=on'}]}) 01:51:25 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d", 0xfc, 0x7}]) 01:51:26 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) r1 = dup2(r0, r0) setsockopt$inet_sctp_SCTP_AUTH_KEY(r1, 0x84, 0x13, &(0x7f00000002c0)={0x0, 0x0, 0x1, "ce"}, 0x9) [ 446.550362][T13156] overlayfs: missing 'lowerdir' 01:51:26 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r1, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) [ 446.703517][T13166] loop1: p1 p2 p3 p4 [ 446.707788][T13166] loop1: partition table partially beyond EOD, truncated [ 446.716089][T13166] loop1: p1 start 10 is beyond EOD, truncated [ 446.722235][T13166] loop1: p2 start 25 is beyond EOD, truncated [ 446.728649][T13166] loop1: p3 start 4293001441 is beyond EOD, truncated [ 446.735755][T13166] loop1: p4 size 3657465856 extends beyond EOD, truncated 01:51:26 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) clone(0x26800900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$overlay(0x0, 0x0, &(0x7f0000000240)='overlay\x00', 0x0, &(0x7f0000000480)={[{@metacopy_on='metacopy=on'}]}) 01:51:26 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) connect$inet(r0, &(0x7f00000001c0)={0x10, 0x2}, 0x10) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x103, &(0x7f0000000380), &(0x7f0000000400)=0x8) 01:51:26 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f", 0x17a, 0x7}]) 01:51:26 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) clone(0x26800900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$overlay(0x0, 0x0, &(0x7f0000000240)='overlay\x00', 0x0, &(0x7f0000000480)={[{@metacopy_on='metacopy=on'}]}) 01:51:26 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) write$binfmt_misc(r0, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x19404, 0x0) 01:51:26 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) connect$inet(r0, &(0x7f00000001c0)={0x10, 0x2}, 0x10) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x900, &(0x7f0000000000), &(0x7f0000000040)=0x8) 01:51:26 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) connect$inet(r0, &(0x7f0000000000)={0x10, 0x2}, 0x10) 01:51:26 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) clone(0x26800900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$overlay(0x0, 0x0, &(0x7f0000000240)='overlay\x00', 0x0, &(0x7f0000000480)={[{@metacopy_on='metacopy=on'}]}) [ 447.406580][T13194] loop1: p1 p2 p3 p4 [ 447.410880][T13194] loop1: partition table partially beyond EOD, truncated [ 447.419051][T13194] loop1: p1 start 10 is beyond EOD, truncated [ 447.425997][T13194] loop1: p2 start 25 is beyond EOD, truncated [ 447.432154][T13194] loop1: p3 start 4293001441 is beyond EOD, truncated [ 447.439073][T13194] loop1: p4 size 3657465856 extends beyond EOD, truncated 01:51:27 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = dup2(r0, r0) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x23, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)=0x1c6) 01:51:27 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x19404, 0x0) 01:51:27 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r1, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:51:27 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) clone(0x26800900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, &(0x7f0000000480)={[{@metacopy_on='metacopy=on'}]}) 01:51:27 executing program 3: r0 = socket$inet6_sctp(0x1c, 0x1000000001, 0x84) sendto(r0, &(0x7f0000000180)="a6", 0x1, 0x6010c, &(0x7f0000000240)=@in6={0x1c, 0x1c, 0x1}, 0x1c) 01:51:27 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) clone(0x26800900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, &(0x7f0000000480)={[{@metacopy_on='metacopy=on'}]}) 01:51:27 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f", 0x17a, 0x7}]) 01:51:27 executing program 0: r0 = socket(0x2, 0x5, 0x0) bind$inet(r0, &(0x7f0000000140)={0x10, 0x2}, 0x10) 01:51:27 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) clone(0x26800900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, &(0x7f0000000480)={[{@metacopy_on='metacopy=on'}]}) 01:51:28 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = socket$inet6_sctp(0x1c, 0x1, 0x84) r2 = fcntl$dupfd(r0, 0x0, r1) connect$inet(r2, &(0x7f00000001c0)={0x10, 0x2}, 0x10) [ 448.546523][T13245] loop1: p1 p2 p3 p4 [ 448.550592][T13245] loop1: partition table partially beyond EOD, truncated [ 448.558457][T13245] loop1: p1 start 10 is beyond EOD, truncated [ 448.564731][T13245] loop1: p2 start 25 is beyond EOD, truncated [ 448.570862][T13245] loop1: p3 start 4293001441 is beyond EOD, truncated [ 448.578200][T13245] loop1: p4 size 3657465856 extends beyond EOD, truncated 01:51:28 executing program 3: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = socket$inet6_sctp(0x1c, 0x1, 0x84) connect$inet6(r1, &(0x7f0000000100)={0x1c, 0x1c, 0x3}, 0x1c) r2 = fcntl$dupfd(r1, 0x0, r0) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r2, 0x84, 0x23, &(0x7f0000000000)=0x1c00, 0xfe6a) 01:51:28 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) clone(0x26800900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='overlay\x00', 0x0, 0x0) 01:51:28 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x19404, 0x0) [ 449.086480][T13270] overlayfs: missing 'lowerdir' 01:51:28 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) clone(0x26800900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='overlay\x00', 0x0, 0x0) 01:51:28 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r1, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:51:28 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f", 0x17a, 0x7}]) 01:51:28 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) connect$inet(r0, &(0x7f00000001c0)={0x10, 0x2}, 0x10) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x18, &(0x7f0000000000), 0x4) 01:51:28 executing program 3: r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil) shmat(r1, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffffff) connect$inet(r0, &(0x7f00000001c0)={0x10, 0x2}, 0x10) [ 449.512557][T13285] overlayfs: missing 'lowerdir' 01:51:29 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) clone(0x26800900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='overlay\x00', 0x0, 0x0) 01:51:29 executing program 3: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = dup2(r0, r0) setsockopt$inet_sctp_SCTP_RTOINFO(r1, 0x84, 0x1, &(0x7f00000001c0), 0xa) [ 449.688348][T13292] loop1: p1 p2 p3 p4 [ 449.692423][T13292] loop1: partition table partially beyond EOD, truncated [ 449.700246][T13292] loop1: p1 start 10 is beyond EOD, truncated [ 449.706477][T13292] loop1: p2 start 25 is beyond EOD, truncated [ 449.712884][T13292] loop1: p3 start 4293001441 is beyond EOD, truncated [ 449.719743][T13292] loop1: p4 size 3657465856 extends beyond EOD, truncated 01:51:29 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) recvfrom(r0, 0x0, 0x0, 0x2, 0x0, 0x0) 01:51:29 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x19404, 0x0) 01:51:29 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) clone(0x26800900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='overlay\x00', 0x0, &(0x7f0000000480)) [ 449.908550][ T4883] loop1: p1 p2 p3 p4 [ 449.909862][T13303] overlayfs: missing 'lowerdir' [ 449.912832][ T4883] loop1: partition table partially beyond EOD, truncated [ 449.913283][ T4883] loop1: p1 start 10 is beyond EOD, truncated [ 449.931457][ T4883] loop1: p2 start 25 is beyond EOD, truncated [ 449.937733][ T4883] loop1: p3 start 4293001441 is beyond EOD, truncated [ 449.944668][ T4883] loop1: p4 size 3657465856 extends beyond EOD, truncated 01:51:29 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) connect$inet(r0, &(0x7f00000001c0)={0x10, 0x2}, 0x10) 01:51:29 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead", 0x1b9, 0x7}]) 01:51:29 executing program 3: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) r1 = dup2(r0, r0) setsockopt$inet_sctp_SCTP_AUTH_KEY(r1, 0x84, 0x13, &(0x7f00000002c0), 0x8) [ 450.333475][T13322] overlayfs: missing 'lowerdir' 01:51:30 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r1, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:51:30 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x1000000001, 0x84) sendto(r0, 0x0, 0x0, 0x0, &(0x7f0000000240)=@in={0xffffffffffffffc1, 0x2}, 0x10) 01:51:30 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) clone(0x26800900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='overlay\x00', 0x0, &(0x7f0000000480)) [ 450.556850][T13326] loop1: [ 450.560016][T13326] loop1: partition table partially beyond EOD, truncated 01:51:30 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) clone(0x26800900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='overlay\x00', 0x0, &(0x7f0000000480)) [ 450.627904][T13334] overlayfs: missing 'lowerdir' 01:51:30 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead", 0x1b9, 0x7}]) 01:51:30 executing program 0: r0 = socket(0x2, 0x5, 0x0) bind$inet(r0, &(0x7f0000000140)={0x10, 0x2}, 0x10) [ 450.947119][T13349] overlayfs: missing 'lowerdir' 01:51:30 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f0000000040), &(0x7f0000000100)=0xa0) 01:51:30 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r2, 0x0, 0x0, 0x0) 01:51:30 executing program 2: r0 = socket$inet_sctp(0x2, 0x1, 0x84) connect$inet(r0, &(0x7f00000001c0)={0x10, 0x2}, 0x10) [ 451.263211][T13354] loop1: [ 451.266354][T13354] loop1: partition table partially beyond EOD, truncated 01:51:30 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0x101, &(0x7f0000000680), &(0x7f0000000140)=0x44) 01:51:31 executing program 2: r0 = socket$inet6_sctp(0x1c, 0x1000000001, 0x84) sendto(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)=@in={0x10, 0x2}, 0x10) sendto(r0, &(0x7f0000001500)='=', 0x1, 0x0, &(0x7f0000000480)=@in6={0x1c, 0x1c, 0x2}, 0x1c) 01:51:31 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead", 0x1b9, 0x7}]) 01:51:31 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r1, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:51:31 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x1000000001, 0x84) sendmsg(r0, &(0x7f0000001680)={&(0x7f00000000c0)=@in={0x10, 0x2}, 0x10, &(0x7f0000001480)=[{&(0x7f0000000180)="ff", 0x1}], 0x1, &(0x7f0000001500)=[{0x10}, {0x10}], 0x20}, 0x0) [ 451.818629][T13374] loop1: [ 451.821651][T13374] loop1: partition table partially beyond EOD, truncated 01:51:31 executing program 3: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = dup2(r0, r0) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x23, &(0x7f0000001800), &(0x7f00000002c0)=0x1c6) 01:51:31 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955", 0x1d9, 0x7}]) 01:51:31 executing program 2: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) r1 = dup2(r0, r0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) r2 = socket$inet6_sctp(0x1c, 0x5, 0x84) r3 = dup2(r2, r2) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r1, 0x84, 0xf, &(0x7f0000000040), 0xc) 01:51:31 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) connect$inet(r0, &(0x7f00000001c0)={0x10, 0x2}, 0x10) setsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xe, &(0x7f0000000100), 0x8) 01:51:32 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r2, 0x0, 0x0, 0x0) [ 452.565663][T13399] loop1: [ 452.568870][T13399] loop1: partition table partially beyond EOD, truncated 01:51:32 executing program 3: r0 = socket(0x2, 0x5, 0x0) connect$inet(r0, &(0x7f0000000000)={0x10, 0x2}, 0x10) 01:51:32 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955", 0x1d9, 0x7}]) 01:51:32 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) connect$inet(r0, &(0x7f00000001c0)={0x10, 0x2}, 0x10) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x107, &(0x7f0000000000), &(0x7f0000000040)=0x18) 01:51:32 executing program 2: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = dup2(r0, r0) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x23, &(0x7f0000001800)=ANY=[@ANYBLOB="9c1c"], &(0x7f00000002c0)=0x1c6) 01:51:32 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r1, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) [ 453.212447][T13422] loop1: [ 453.215701][T13422] loop1: partition table partially beyond EOD, truncated 01:51:32 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x1000000001, 0x84) bind$inet6(r0, &(0x7f0000000080)={0x1c, 0x1c, 0x3}, 0x10) 01:51:32 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) semctl$GETALL(0x0, 0x0, 0xd, &(0x7f0000000140)=""/187) r0 = socket(0x10, 0x3, 0x0) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000180)=0x2f) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@newqdisc={0x64, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x38, 0x2, [@TCA_TBF_RATE64={0xc, 0x4, 0x1d37958ad0add4d5}, @TCA_TBF_PARMS={0x28, 0x1, {{}, {}, 0x81, 0x59}}]}}]}, 0x64}}, 0x0) bind(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x0, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) socket(0x0, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) 01:51:33 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955", 0x1d9, 0x7}]) 01:51:33 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000000040)=0x1, 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='syz_tun\x00', 0x10) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @rand_addr=0x64010100}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x4000000000013, &(0x7f0000000000), 0x4) 01:51:33 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r2, 0x0, 0x0, 0x0) 01:51:33 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000001780)=[{{&(0x7f0000000040)={0x2, 0x4e24, @remote}, 0x10, 0x0}}, {{&(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10, 0x0, 0x0, &(0x7f00000000c0)=[@ip_retopts={{0x10}}, @ip_retopts={{0x18, 0x0, 0x7, {[@cipso={0x86, 0x6}]}}}], 0x28}}], 0x2, 0x0) [ 453.914502][T13452] loop1: [ 453.917531][T13452] loop1: partition table partially beyond EOD, truncated 01:51:33 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000001180)="e4", 0x1a000, 0x0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @dev={0xfe, 0x80, [], 0x29}, 0x9}, 0x7a) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 01:51:33 executing program 2: syz_mount_image$hfs(&(0x7f00000001c0)='hfs\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='quiet']) 01:51:33 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c808", 0x1e9, 0x7}]) 01:51:34 executing program 3: openat$uhid(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uhid\x00', 0x0, 0x0) r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000240)='/dev/dlm_plock\x00', 0x800, 0x0) write$FUSE_NOTIFY_STORE(r0, 0x0, 0x2a) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCCONS(0xffffffffffffffff, 0x541d) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x2, 0x0) ioctl$int_in(r1, 0x800000c0045005, &(0x7f00000004c0)=0x100040000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 454.441156][T13469] loop1: [ 454.444405][T13469] loop1: partition table partially beyond EOD, truncated [ 454.479820][T13471] hfs: can't find a HFS filesystem on dev loop2 01:51:34 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c808", 0x1e9, 0x7}]) [ 455.299300][T13484] loop1: [ 455.302379][T13484] loop1: partition table partially beyond EOD, truncated 01:51:36 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r1, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:51:36 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) geteuid() geteuid() socket$inet_udplite(0x2, 0x2, 0x88) add_key$user(&(0x7f0000000100)='user\x00', 0x0, &(0x7f0000000180)="a7", 0x1, 0xfffffffffffffffc) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x33, &(0x7f00000a2000)={0x0, 0x0}, 0x10) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/18) 01:51:36 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) add_key$user(&(0x7f0000000100)='user\x00', 0x0, &(0x7f0000000180)="a7", 0x1, 0xfffffffffffffffc) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r0 = open(0x0, 0x141042, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x33, &(0x7f00000a2000)={0x0, 0x0}, 0x10) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x10, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r1 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80}, 0x0, 0x0, 0xffffffffffffffff, 0x1) close(r1) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000140)=""/18) 01:51:36 executing program 2: syz_mount_image$hfs(&(0x7f00000001c0)='hfs\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='quiet']) 01:51:36 executing program 3: openat$uhid(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uhid\x00', 0x0, 0x0) r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000240)='/dev/dlm_plock\x00', 0x800, 0x0) write$FUSE_NOTIFY_STORE(r0, 0x0, 0x2a) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCCONS(0xffffffffffffffff, 0x541d) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x2, 0x0) ioctl$int_in(r1, 0x800000c0045005, &(0x7f00000004c0)=0x100040000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 01:51:36 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c808", 0x1e9, 0x7}]) [ 456.698879][T13492] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 456.707110][T13492] ref_ctr decrement failed for inode: 0x3e02 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000001ab428f6 [ 456.729919][T13492] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 456.738235][T13492] ref_ctr decrement failed for inode: 0x3e02 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000001ab428f6 [ 456.877712][T13498] hfs: can't find a HFS filesystem on dev loop2 [ 456.895425][T13500] loop1: [ 456.898437][T13500] loop1: partition table partially beyond EOD, truncated [ 456.949727][T13493] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 456.957967][T13493] ref_ctr decrement failed for inode: 0x3e02 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000001ab428f6 01:51:36 executing program 3: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x2, 0x3, 0x268, 0x0, 0xd0, 0xd0, 0xd0, 0x4a00, 0x1d0, 0x1d0, 0x1d0, 0x1d0, 0x1d0, 0x3, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0, 0x0, {}, [@common=@unspec=@statistic={{0x38, 'statistic\x00'}}]}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x0, 0x1}}}, {{@ip={@loopback, @multicast1, 0x0, 0x0, 'vlan1\x00', 'vlan0\x00'}, 0x0, 0x98, 0x100, 0x0, {}, [@common=@unspec=@addrtype1={{0x28, 'addrtype\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x2c8) 01:51:36 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2f", 0x1f1, 0x7}]) 01:51:36 executing program 2: syz_mount_image$hfs(&(0x7f00000001c0)='hfs\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='quiet']) 01:51:36 executing program 4: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) socket$alg(0x26, 0x5, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x3c1, 0x3, 0x3c8, 0x0, 0x9403, 0x0, 0x0, 0x2c0, 0x2f8, 0x3d8, 0x3d8, 0x2f8, 0x3d8, 0x3, 0x0, {[{{@ipv6={@private0, @private0, [], [], 'xfrm0\x00', 'lo\x00'}, 0x0, 0x1d0, 0x1f8, 0x0, {}, [@common=@unspec=@cluster={{0x30, 'cluster\x00'}, {0x0, 0x7}}, @common=@inet=@recent0={{0xf8, 'recent\x00'}, {0x0, 0x0, 0x0, 0x0, 'syz1\x00'}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@SET2={0x30, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x428) 01:51:37 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x0, 0x800000003, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETPRL(0xffffffffffffffff, 0x89f4, 0x0) r0 = socket(0x10, 0x3, 0x0) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000180)=0x2f) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@newqdisc={0x64, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x38, 0x2, [@TCA_TBF_RATE64={0xc, 0x4, 0x1d37958ad0add4d5}, @TCA_TBF_PARMS={0x28, 0x1, {{}, {}, 0x81, 0x59}}]}}]}, 0x64}}, 0x0) socket(0x10, 0x3, 0x0) r3 = socket(0x11, 0x0, 0x0) bind(r3, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x0) [ 457.445003][T13522] loop1: [ 457.448271][T13522] loop1: partition table partially beyond EOD, truncated [ 457.621389][T13532] hfs: can't find a HFS filesystem on dev loop2 01:51:37 executing program 3: clone(0x2000000000200500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x2001, 0x3, 0x298, 0x130, 0x150, 0x150, 0x0, 0x150, 0x200, 0x1e8, 0x1e8, 0x200, 0x1e8, 0x3, 0x0, {[{{@uncond, 0x0, 0xc8, 0x130, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}, {0x48}}, @common=@unspec=@mark={{0x30, 'mark\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz0\x00', 'syz0\x00'}}}, {{@ip={@multicast2, @dev, 0x0, 0x0, 'batadv_slave_1\x00', 'veth1_macvtap\x00'}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x2f8) 01:51:39 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r1, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:51:39 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2f", 0x1f1, 0x7}]) 01:51:39 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0x37cb1133) eventfd(0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r2, 0x0, 0x19404, 0x0) 01:51:39 executing program 2: syz_mount_image$hfs(&(0x7f00000001c0)='hfs\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='quiet']) 01:51:39 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r3, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r3, &(0x7f0000000100)="e8", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r3, 0x1) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000000c0)={r5, 0x1, '!'}, &(0x7f0000000000)=0x3e2) 01:51:39 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x80003, 0x7) connect$inet6(r2, &(0x7f0000000040), 0x1c) setsockopt$sock_int(r2, 0x1, 0x29, &(0x7f00000003c0)=0x6, 0x4) sendmmsg(r2, &(0x7f00000092c0), 0x3fffffffffffe9f, 0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0xffffff77, 0x0, 0x0, 0x0) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, 0x0, 0x0) [ 459.900715][T13563] hfs: can't find a HFS filesystem on dev loop2 [ 460.086193][T13567] loop1: [ 460.089661][T13567] loop1: partition table partially beyond EOD, truncated 01:51:40 executing program 2: syz_mount_image$hfs(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='quiet']) 01:51:40 executing program 4: r0 = syz_open_dev$usbmon(&(0x7f0000000380)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f00000000c0)={0x0, 0xffffffffffffffd6}) ioctl$MON_IOCG_STATS(r0, 0x9205, 0x0) 01:51:40 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2f", 0x1f1, 0x7}]) 01:51:40 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000000)='/dev/capi20\x00', 0x0, 0x0) ioctl$CAPI_REGISTER(r0, 0x400c4301, &(0x7f0000000140)={0x0, 0x0, 0x69c4}) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x33, 0x0, 0x0) [ 461.362318][T13595] loop1: [ 461.365623][T13595] loop1: partition table partially beyond EOD, truncated 01:51:41 executing program 4: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f00000001c0)="660f010aa81bd604d604d1c4c38d0a970400000000f6b9817411833ef32e360f09260f01c5f30f090f3226f33e0f32c4c12df81f", 0x34}], 0x15, 0x41, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 01:51:41 executing program 2: syz_mount_image$hfs(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='quiet']) 01:51:42 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r1, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:51:42 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181be", 0x1f5, 0x7}]) 01:51:42 executing program 0: bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x0) openat$uhid(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000240)='/dev/dlm_plock\x00', 0x800, 0x0) write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB="2a00000004003e0000000000000000000300049a71a8000463000000004cf557b492079d4c4a1ac54d3a1425b7fbd17ed411e627500b8d37d786d875c3a99649789b10737fc826e6d774fd624543323bcad068abbaf9eda4b50de1523eece3ef6ce615b09db91a3558412a78edc06b41aa210ea7335ce864de3fc8a87250d19c262cdd3d0e5f2bd9dc6c41b59bbf73eb707ed6ff4a43"], 0x2a) openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$EVIOCGABS2F(0xffffffffffffffff, 0x8018456f, &(0x7f0000000540)=""/136) r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x0, 0x0) ioctl$TIOCCONS(r0, 0x541d) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x2, 0x0) ioctl$int_in(r1, 0x800000c0045005, &(0x7f00000004c0)=0x100040000) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 01:51:42 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) semctl$GETALL(0x0, 0x0, 0xd, &(0x7f0000000140)=""/187) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x10, 0x0, 0x0) socket(0x0, 0x0, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) 01:51:42 executing program 2: syz_mount_image$hfs(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='quiet']) 01:51:42 executing program 4: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f00000001c0)="660f010aa81bd604d604d1c4c38d0a970400000000f6b9817411833ef32e360f09260f01c5f30f090f3226f33e0f32c4c12df81f", 0x34}], 0x15, 0x41, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 463.143018][T13637] Unknown ioctl 21533 [ 463.175388][T13636] loop1: [ 463.178658][T13636] loop1: partition table partially beyond EOD, truncated 01:51:43 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x3, 0x0) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000180)=0x2f) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@newqdisc={0x64, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x38, 0x2, [@TCA_TBF_RATE64={0xc, 0x4, 0x1d37958ad0add4d5}, @TCA_TBF_PARMS={0x28, 0x1, {{}, {}, 0x81, 0x59}}]}}]}, 0x64}}, 0x0) 01:51:43 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181be", 0x1f5, 0x7}]) 01:51:43 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) geteuid() geteuid() socket$inet_udplite(0x2, 0x2, 0x88) add_key$user(&(0x7f0000000100)='user\x00', 0x0, &(0x7f0000000180)="a7", 0x1, 0xfffffffffffffffc) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:51:43 executing program 2: syz_mount_image$hfs(&(0x7f00000001c0)='hfs\x00', 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='quiet']) [ 463.906723][T13661] loop1: [ 463.909923][T13661] loop1: partition table partially beyond EOD, truncated [ 464.008894][T13665] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 464.017642][T13665] ref_ctr decrement failed for inode: 0x3ffb offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000005a0a9aa4 [ 464.067919][T13665] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 464.079704][T13665] ref_ctr decrement failed for inode: 0x3ffb offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000005a0a9aa4 01:51:43 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181be", 0x1f5, 0x7}]) 01:51:43 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semctl$GETALL(0x0, 0x0, 0xd, &(0x7f0000000140)=""/187) [ 464.454920][T13683] loop1: [ 464.458020][T13683] loop1: partition table partially beyond EOD, truncated 01:51:45 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r1, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:51:45 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) geteuid() geteuid() socket$inet_udplite(0x2, 0x2, 0x88) add_key$user(&(0x7f0000000100)='user\x00', 0x0, &(0x7f0000000180)="a7", 0x1, 0xfffffffffffffffc) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:51:45 executing program 3: r0 = socket(0x10, 0x80002, 0x0) sendmsg$NFT_MSG_GETOBJ_RESET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14, 0x15, 0xa, 0x5}, 0x14}}, 0x0) 01:51:45 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181bebc72", 0x1f7, 0x7}]) 01:51:45 executing program 2: syz_mount_image$hfs(&(0x7f00000001c0)='hfs\x00', 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='quiet']) 01:51:45 executing program 4: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005f00)=ANY=[@ANYBLOB="58010000100013070000000000000000fe880000000000000000000000000001ff01000000000000000000000000000100000000000014000000009728000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe88000000000000219aeb45000000000000000032000000e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000cdf10000200000000000000000000000000000000000000000000000000000ffffffffffffffdd0000000000000000000000000020000000ff010000000200000000000000000000006000020063626328646573335f6564652900000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000000000000000000c00000008a6042e48859d57da92f868d02677be7cd7bfdc9018db9fa080018"], 0x158}}, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmmsg(r0, &(0x7f0000000180), 0xf1, 0x0) [ 466.305809][T13703] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2581 sclass=netlink_route_socket pid=13703 comm=syz-executor.3 [ 466.395353][T13702] loop1: [ 466.398525][T13702] loop1: partition table partially beyond EOD, truncated 01:51:46 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x4030582a, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc0000f, 0x0, 0x0, 0x0, 0x10000000002) 01:51:46 executing program 2: syz_mount_image$hfs(&(0x7f00000001c0)='hfs\x00', 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='quiet']) 01:51:46 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181bebc72", 0x1f7, 0x7}]) 01:51:46 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) geteuid() geteuid() socket$inet_udplite(0x2, 0x2, 0x88) add_key$user(&(0x7f0000000100)='user\x00', 0x0, &(0x7f0000000180)="a7", 0x1, 0xfffffffffffffffc) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) [ 467.115881][T13728] loop1: [ 467.119098][T13728] loop1: partition table partially beyond EOD, truncated 01:51:46 executing program 2: syz_mount_image$hfs(&(0x7f00000001c0)='hfs\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 01:51:46 executing program 4: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000019c0)='/dev/sequencer\x00', 0x1, 0x0) r1 = socket$kcm(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000420081aee405e9a4000000000000c6ff07d800400300"/35, 0x23}], 0x1}, 0x0) recvmsg$kcm(r1, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000000140)=[{0x0}, {&(0x7f0000000280)=""/91, 0x5b}, {&(0x7f0000000300)=""/4096, 0x1000}], 0x3}, 0x0) write$sndseq(r0, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xff33) [ 467.288311][T13731] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 467.299091][T13731] ref_ctr decrement failed for inode: 0x3fe8 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000c1dcca2d [ 467.454170][T13731] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 467.462799][T13731] ref_ctr decrement failed for inode: 0x3fe8 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000c1dcca2d 01:51:49 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r1, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:51:49 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_route(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x1420000a79, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff0000f9ffffff000000000000", @ANYRES32, @ANYBLOB="0000000001000000280012800a00010076786c616e000000180002"], 0x3}}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) write$binfmt_elf64(r1, &(0x7f0000000000)=ANY=[], 0xfffffd88) 01:51:49 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) geteuid() geteuid() socket$inet_udplite(0x2, 0x2, 0x88) add_key$user(&(0x7f0000000100)='user\x00', 0x0, &(0x7f0000000180)="a7", 0x1, 0xfffffffffffffffc) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:51:49 executing program 4: openat$mice(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/mice\x00', 0x107200) 01:51:49 executing program 2: syz_mount_image$hfs(&(0x7f00000001c0)='hfs\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 01:51:49 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181bebc72", 0x1f7, 0x7}]) [ 469.665871][T13756] loop1: [ 469.669174][T13756] loop1: partition table partially beyond EOD, truncated [ 469.684207][T13758] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 469.719648][T13752] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 469.727818][T13752] ref_ctr decrement failed for inode: 0x3ff3 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000c84860e3 [ 469.744699][T13752] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 469.752773][T13752] ref_ctr decrement failed for inode: 0x3ff3 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000c84860e3 01:51:49 executing program 2: syz_mount_image$hfs(&(0x7f00000001c0)='hfs\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 01:51:49 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000840)=ANY=[], 0x1a8) 01:51:49 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) geteuid() geteuid() socket$inet_udplite(0x2, 0x2, 0x88) add_key$user(&(0x7f0000000100)='user\x00', 0x0, &(0x7f0000000180)="a7", 0x1, 0xfffffffffffffffc) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) 01:51:49 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181bebc72be", 0x1f8}]) 01:51:49 executing program 2: syz_mount_image$hfs(&(0x7f00000001c0)='hfs\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[]) [ 470.355250][T13784] Dev loop1: unable to read RDB block 1 [ 470.361139][T13784] loop1: unable to read partition table [ 470.367261][T13784] loop1: partition table beyond EOD, truncated [ 470.373659][T13784] loop_reread_partitions: partition scan of loop1 () failed (rc=-5) [ 470.400630][T13777] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 470.409394][T13777] ref_ctr decrement failed for inode: 0x3ffe offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000e05f282b 01:51:50 executing program 3: open(&(0x7f00000000c0)='./file0\x00', 0x18d542, 0x0) mknod(&(0x7f0000000240)='./bus\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000000a000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x8000000200000402, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r0 = open(&(0x7f0000000600)='./bus\x00', 0x22, 0x0) write$P9_RATTACH(r0, &(0x7f0000000080)={0x14}, 0xfffffff4) [ 470.527555][T13777] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 470.536058][T13777] ref_ctr decrement failed for inode: 0x3ffe offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000e05f282b [ 470.637685][T13793] hfs: can't find a HFS filesystem on dev loop2 [ 470.713867][ T33] kauditd_printk_skb: 17 callbacks suppressed [ 470.713924][ T33] audit: type=1800 audit(1595296310.282:528): pid=13797 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=15706 res=0 [ 470.783579][T13797] NFS: Device name not specified [ 470.806768][T13797] NFS: Device name not specified [ 470.840750][ T33] audit: type=1800 audit(1595296310.372:529): pid=13797 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=15706 res=0 [ 472.085788][ T0] NOHZ: local_softirq_pending 08 01:51:52 executing program 5: clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:51:52 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) tkill(0x0, 0x17) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x141042, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[], 0x82) sendfile(r1, r0, 0x0, 0xa198) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) write$binfmt_elf64(r3, &(0x7f0000001580)=ANY=[], 0x119) sendfile(r3, r2, 0x0, 0xa198) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000080)='NLBL_CIPSOv4\x00') 01:51:52 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181bebc72be", 0x1f8}]) 01:51:52 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) geteuid() geteuid() socket$inet_udplite(0x2, 0x2, 0x88) add_key$user(&(0x7f0000000100)='user\x00', 0x0, &(0x7f0000000180)="a7", 0x1, 0xfffffffffffffffc) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) 01:51:52 executing program 2: syz_mount_image$hfs(&(0x7f00000001c0)='hfs\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[]) 01:51:52 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="25bca274769e620a2734fa0095e0612687ecb86a548802a902000000000000004e2f98b579a782d257146d0e0206e73ba8f4952bedc6760253ef", 0x3a, 0x400}], 0x0, &(0x7f00000000c0)={[{@usrjquota_path={'usrjquota', 0x3d, './file1/../file0'}}]}) [ 472.758230][T13818] hfs: can't find a HFS filesystem on dev loop2 [ 472.764379][T13822] EXT4-fs (loop3): quotafile must be on filesystem root [ 472.924903][ T33] audit: type=1804 audit(1595296312.502:530): pid=13832 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir006967905/syzkaller.ixiaIF/83/file0" dev="sda1" ino=16364 res=1 [ 473.014086][T13826] Dev loop1: unable to read RDB block 1 [ 473.019991][T13826] loop1: unable to read partition table [ 473.026289][T13826] loop1: partition table beyond EOD, truncated [ 473.032582][T13826] loop_reread_partitions: partition scan of loop1 () failed (rc=-5) 01:51:52 executing program 2: syz_mount_image$hfs(&(0x7f00000001c0)='hfs\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[]) [ 473.098494][T13817] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 473.106789][T13817] ref_ctr decrement failed for inode: 0x3fe8 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000171afde1 [ 473.159431][ T33] audit: type=1804 audit(1595296312.542:531): pid=13835 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir006967905/syzkaller.ixiaIF/83/file0" dev="sda1" ino=16364 res=1 [ 473.230444][T13817] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 473.238880][T13817] ref_ctr decrement failed for inode: 0x3fe8 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000171afde1 01:51:52 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000840)=ANY=[], 0x1a8) [ 473.490497][T13845] hfs: can't find a HFS filesystem on dev loop2 01:51:53 executing program 2: syz_mount_image$hfs(&(0x7f00000001c0)='hfs\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB]) 01:51:53 executing program 1: syz_read_part_table(0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f0000000000)="4b6972ed24457712752d217851da9e7fbf6a7ae1d7c1312611", 0x19}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181bebc72be", 0x1f8}]) [ 473.522720][ T33] audit: type=1804 audit(1595296313.092:532): pid=13835 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir006967905/syzkaller.ixiaIF/83/file0" dev="sda1" ino=16364 res=1 [ 473.728424][ T33] audit: type=1804 audit(1595296313.142:533): pid=13835 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir006967905/syzkaller.ixiaIF/83/file0" dev="sda1" ino=16364 res=1 [ 473.753024][ T33] audit: type=1804 audit(1595296313.192:534): pid=13847 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir006967905/syzkaller.ixiaIF/83/file0" dev="sda1" ino=16364 res=1 01:51:53 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) geteuid() geteuid() socket$inet_udplite(0x2, 0x2, 0x88) add_key$user(&(0x7f0000000100)='user\x00', 0x0, &(0x7f0000000180)="a7", 0x1, 0xfffffffffffffffc) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) [ 473.778707][ T33] audit: type=1804 audit(1595296313.202:535): pid=13847 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir006967905/syzkaller.ixiaIF/83/file0" dev="sda1" ino=16364 res=1 01:51:53 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) tkill(0x0, 0x17) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x141042, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[], 0x82) sendfile(r1, r0, 0x0, 0xa198) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) write$binfmt_elf64(r3, &(0x7f0000001580)=ANY=[], 0x119) sendfile(r3, r2, 0x0, 0xa198) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000080)='NLBL_CIPSOv4\x00') [ 473.892968][T13854] hfs: can't find a HFS filesystem on dev loop2 [ 474.159882][T13861] Dev loop1: unable to read RDB block 1 [ 474.165931][T13861] loop1: unable to read partition table [ 474.171730][T13861] loop1: partition table beyond EOD, truncated [ 474.178366][T13861] loop_reread_partitions: partition scan of loop1 () failed (rc=-5) [ 474.543043][ T33] audit: type=1804 audit(1595296314.112:536): pid=13870 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir006967905/syzkaller.ixiaIF/84/file0" dev="sda1" ino=16384 res=1 [ 474.580707][ T33] audit: type=1804 audit(1595296314.152:537): pid=13872 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir006967905/syzkaller.ixiaIF/84/file0" dev="sda1" ino=16384 res=1 [ 475.287533][ T0] NOHZ: local_softirq_pending 08 01:51:55 executing program 5: clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:51:55 executing program 2: syz_mount_image$hfs(&(0x7f00000001c0)='hfs\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB]) 01:51:55 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181bebc72be", 0x1f8, 0x7}]) 01:51:55 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) geteuid() geteuid() socket$inet_udplite(0x2, 0x2, 0x88) add_key$user(&(0x7f0000000100)='user\x00', 0x0, &(0x7f0000000180)="a7", 0x1, 0xfffffffffffffffc) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) close(0xffffffffffffffff) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:51:55 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000840)=ANY=[], 0x1a8) 01:51:55 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x0, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$VHOST_SET_VRING_NUM(0xffffffffffffffff, 0x4008af10, &(0x7f0000000100)={0x0, 0x1e2}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='ns\x00') perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_bp={0x0}, 0x48}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 476.147248][T13884] Dev loop1: unable to read RDB block 1 [ 476.152959][T13884] loop1: unable to read partition table [ 476.159048][T13884] loop1: partition table beyond EOD, truncated [ 476.165452][T13884] loop_reread_partitions: partition scan of loop1 () failed (rc=-5) [ 476.223169][T13885] kvm [13882]: vcpu0, guest rIP: 0x14c Hyper-V unhandled wrmsr: 0x40000040 data 0x6 [ 476.330218][T13889] hfs: can't find a HFS filesystem on dev loop2 [ 476.340178][T13885] kvm [13882]: vcpu0, guest rIP: 0x14c Hyper-V unhandled wrmsr: 0x40000053 data 0xe1 [ 476.351553][T13885] kvm [13882]: vcpu0, guest rIP: 0x14c Hyper-V unhandled wrmsr: 0x40000011 data 0x4c [ 476.388692][T13885] kvm [13882]: vcpu0, guest rIP: 0x14c Hyper-V unhandled wrmsr: 0x40000067 data 0x46 [ 476.423827][T13885] kvm [13882]: vcpu0, guest rIP: 0x14c Hyper-V unhandled wrmsr: 0x4000001e data 0x66 [ 476.472379][T13885] kvm [13882]: vcpu0, guest rIP: 0x14c Hyper-V unhandled wrmsr: 0x40000078 data 0x71 01:51:56 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {0x0, 0x0, 0x7}]) [ 476.556758][T13885] kvm [13882]: vcpu0, guest rIP: 0x14c Hyper-V unhandled wrmsr: 0x4000000b data 0x19 01:51:56 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) geteuid() geteuid() socket$inet_udplite(0x2, 0x2, 0x88) add_key$user(&(0x7f0000000100)='user\x00', 0x0, &(0x7f0000000180)="a7", 0x1, 0xfffffffffffffffc) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) close(0xffffffffffffffff) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) [ 476.632462][T13885] kvm [13882]: vcpu0, guest rIP: 0x14c Hyper-V unhandled wrmsr: 0x40000026 data 0x4 01:51:56 executing program 2: syz_mount_image$hfs(&(0x7f00000001c0)='hfs\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB]) [ 476.723036][T13885] kvm [13882]: vcpu0, guest rIP: 0x14c Hyper-V unhandled wrmsr: 0x40000089 data 0x27 [ 476.820797][T13885] kvm [13882]: vcpu0, guest rIP: 0x14c Hyper-V unhandled wrmsr: 0x40000014 data 0x11 [ 477.016837][T13911] loop1: p1 p2 p3 p4 [ 477.021006][T13911] loop1: partition table partially beyond EOD, truncated [ 477.028914][T13911] loop1: p1 start 10 is beyond EOD, truncated [ 477.035205][T13911] loop1: p2 start 25 is beyond EOD, truncated [ 477.041331][T13911] loop1: p3 start 4293001441 is beyond EOD, truncated [ 477.048397][T13911] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 477.095300][T13918] hfs: can't find a HFS filesystem on dev loop2 01:51:56 executing program 4: 01:51:56 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000840)=ANY=[], 0x1a8) 01:51:56 executing program 2: syz_mount_image$hfs(&(0x7f00000001c0)='hfs\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='qui']) [ 477.564783][T13932] hfs: unable to parse mount options 01:51:58 executing program 5: clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:51:58 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) geteuid() geteuid() socket$inet_udplite(0x2, 0x2, 0x88) add_key$user(&(0x7f0000000100)='user\x00', 0x0, &(0x7f0000000180)="a7", 0x1, 0xfffffffffffffffc) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) close(0xffffffffffffffff) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:51:58 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {0x0, 0x0, 0x7}]) 01:51:58 executing program 4: 01:51:58 executing program 2: syz_mount_image$hfs(&(0x7f00000001c0)='hfs\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='qui']) 01:51:58 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000840)=ANY=[], 0x1a8) [ 479.493000][T13950] hfs: unable to parse mount options [ 479.525513][T13949] loop1: p1 p2 p3 p4 [ 479.529883][T13949] loop1: partition table partially beyond EOD, truncated [ 479.537868][T13949] loop1: p1 start 10 is beyond EOD, truncated [ 479.544188][T13949] loop1: p2 start 25 is beyond EOD, truncated [ 479.550319][T13949] loop1: p3 start 4293001441 is beyond EOD, truncated [ 479.557328][T13949] loop1: p4 size 3657465856 extends beyond EOD, truncated 01:51:59 executing program 4: 01:51:59 executing program 2: syz_mount_image$hfs(&(0x7f00000001c0)='hfs\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='qui']) 01:51:59 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) geteuid() geteuid() socket$inet_udplite(0x2, 0x2, 0x88) add_key$user(&(0x7f0000000100)='user\x00', 0x0, &(0x7f0000000180)="a7", 0x1, 0xfffffffffffffffc) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:51:59 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {0x0, 0x0, 0x7}]) 01:51:59 executing program 4: [ 480.345705][T13973] hfs: unable to parse mount options [ 480.401102][T13974] loop1: p1 p2 p3 p4 [ 480.406141][T13974] loop1: partition table partially beyond EOD, truncated [ 480.413942][T13974] loop1: p1 start 10 is beyond EOD, truncated [ 480.420066][T13974] loop1: p2 start 25 is beyond EOD, truncated [ 480.426295][T13974] loop1: p3 start 4293001441 is beyond EOD, truncated [ 480.433111][T13974] loop1: p4 size 3657465856 extends beyond EOD, truncated 01:52:00 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) 01:52:02 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:52:02 executing program 2: syz_mount_image$hfs(&(0x7f00000001c0)='hfs\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='quie']) 01:52:02 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) geteuid() geteuid() socket$inet_udplite(0x2, 0x2, 0x88) add_key$user(&(0x7f0000000100)='user\x00', 0x0, &(0x7f0000000180)="a7", 0x1, 0xfffffffffffffffc) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:52:02 executing program 4: 01:52:02 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f00000001c0), 0x0, 0x7}]) 01:52:02 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) 01:52:02 executing program 4: [ 482.746372][T14001] loop1: p1 p2 p3 p4 [ 482.750609][T14001] loop1: partition table partially beyond EOD, truncated [ 482.758472][T14001] loop1: p1 start 10 is beyond EOD, truncated [ 482.764717][T14001] loop1: p2 start 25 is beyond EOD, truncated [ 482.770842][T14001] loop1: p3 start 4293001441 is beyond EOD, truncated [ 482.778233][T14001] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 482.852326][T14006] hfs: unable to parse mount options 01:52:02 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) 01:52:02 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) geteuid() geteuid() socket$inet_udplite(0x2, 0x2, 0x88) add_key$user(&(0x7f0000000100)='user\x00', 0x0, &(0x7f0000000180)="a7", 0x1, 0xfffffffffffffffc) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:52:02 executing program 4: 01:52:02 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:52:02 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) 01:52:02 executing program 2: syz_mount_image$hfs(&(0x7f00000001c0)='hfs\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='quie']) 01:52:02 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f00000001c0), 0x0, 0x7}]) [ 483.531780][T14028] hfs: unable to parse mount options 01:52:03 executing program 4: 01:52:03 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) 01:52:03 executing program 5: timer_create(0x0, 0x0, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) [ 483.755025][T14035] loop1: p1 p2 p3 p4 [ 483.759084][T14035] loop1: partition table partially beyond EOD, truncated [ 483.767275][T14035] loop1: p1 start 10 is beyond EOD, truncated [ 483.773591][T14035] loop1: p2 start 25 is beyond EOD, truncated [ 483.779724][T14035] loop1: p3 start 4293001441 is beyond EOD, truncated [ 483.786757][T14035] loop1: p4 size 3657465856 extends beyond EOD, truncated 01:52:03 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) geteuid() geteuid() socket$inet_udplite(0x2, 0x2, 0x88) add_key$user(&(0x7f0000000100)='user\x00', 0x0, &(0x7f0000000180)="a7", 0x1, 0xfffffffffffffffc) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:52:03 executing program 2: syz_mount_image$hfs(&(0x7f00000001c0)='hfs\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='quie']) 01:52:03 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f00000001c0), 0x0, 0x7}]) 01:52:03 executing program 4: 01:52:03 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) [ 484.335178][T14055] hfs: unable to parse mount options 01:52:03 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) [ 484.497650][T14061] loop1: p1 p2 p3 p4 [ 484.501845][T14061] loop1: partition table partially beyond EOD, truncated [ 484.509745][T14061] loop1: p1 start 10 is beyond EOD, truncated [ 484.515957][T14061] loop1: p2 start 25 is beyond EOD, truncated [ 484.522075][T14061] loop1: p3 start 4293001441 is beyond EOD, truncated [ 484.529007][T14061] loop1: p4 size 3657465856 extends beyond EOD, truncated 01:52:04 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) 01:52:04 executing program 4: 01:52:04 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d", 0xfc, 0x7}]) 01:52:04 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) geteuid() geteuid() socket$inet_udplite(0x2, 0x2, 0x88) add_key$user(&(0x7f0000000100)='user\x00', 0x0, &(0x7f0000000180)="a7", 0x1, 0xfffffffffffffffc) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:52:04 executing program 2: 01:52:04 executing program 4: [ 485.089672][T14081] loop1: p1 p2 p3 p4 [ 485.094030][T14081] loop1: partition table partially beyond EOD, truncated [ 485.101638][T14081] loop1: p1 start 10 is beyond EOD, truncated [ 485.107949][T14081] loop1: p2 start 25 is beyond EOD, truncated [ 485.114213][T14081] loop1: p3 start 4293001441 is beyond EOD, truncated [ 485.121033][T14081] loop1: p4 size 3657465856 extends beyond EOD, truncated 01:52:04 executing program 3: r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) 01:52:04 executing program 2: 01:52:04 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d", 0xfc, 0x7}]) 01:52:05 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) geteuid() geteuid() socket$inet_udplite(0x2, 0x2, 0x88) add_key$user(&(0x7f0000000100)='user\x00', 0x0, &(0x7f0000000180)="a7", 0x1, 0xfffffffffffffffc) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:52:05 executing program 2: [ 485.664250][T14098] loop1: p1 p2 p3 p4 [ 485.668517][T14098] loop1: partition table partially beyond EOD, truncated [ 485.676793][T14098] loop1: p1 start 10 is beyond EOD, truncated [ 485.682931][T14098] loop1: p2 start 25 is beyond EOD, truncated [ 485.689282][T14098] loop1: p3 start 4293001441 is beyond EOD, truncated [ 485.696227][T14098] loop1: p4 size 3657465856 extends beyond EOD, truncated 01:52:07 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:52:07 executing program 4: 01:52:07 executing program 2: 01:52:07 executing program 3: r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) 01:52:07 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d", 0xfc, 0x7}]) 01:52:07 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) geteuid() geteuid() socket$inet_udplite(0x2, 0x2, 0x88) add_key$user(&(0x7f0000000100)='user\x00', 0x0, &(0x7f0000000180)="a7", 0x1, 0xfffffffffffffffc) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, 0xffffffffffffffff, 0x0) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r1 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r1) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:52:07 executing program 4: [ 487.920570][T14124] loop1: p1 p2 p3 p4 [ 487.924986][T14124] loop1: partition table partially beyond EOD, truncated [ 487.932525][T14124] loop1: p1 start 10 is beyond EOD, truncated [ 487.938882][T14124] loop1: p2 start 25 is beyond EOD, truncated [ 487.945067][T14124] loop1: p3 start 4293001441 is beyond EOD, truncated [ 487.951876][T14124] loop1: p4 size 3657465856 extends beyond EOD, truncated 01:52:07 executing program 2: 01:52:07 executing program 2: 01:52:07 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f", 0x17a, 0x7}]) 01:52:08 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) geteuid() geteuid() socket$inet_udplite(0x2, 0x2, 0x88) add_key$user(&(0x7f0000000100)='user\x00', 0x0, &(0x7f0000000180)="a7", 0x1, 0xfffffffffffffffc) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, 0xffffffffffffffff, 0x0) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r1 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r1) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:52:08 executing program 4: [ 488.731169][T14146] loop1: p1 p2 p3 p4 [ 488.735376][T14146] loop1: partition table partially beyond EOD, truncated [ 488.742961][T14146] loop1: p1 start 10 is beyond EOD, truncated [ 488.749370][T14146] loop1: p2 start 25 is beyond EOD, truncated [ 488.755583][T14146] loop1: p3 start 4293001441 is beyond EOD, truncated [ 488.762396][T14146] loop1: p4 size 3657465856 extends beyond EOD, truncated 01:52:10 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:52:10 executing program 3: r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) 01:52:10 executing program 2: 01:52:10 executing program 4: 01:52:10 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) geteuid() geteuid() socket$inet_udplite(0x2, 0x2, 0x88) add_key$user(&(0x7f0000000100)='user\x00', 0x0, &(0x7f0000000180)="a7", 0x1, 0xfffffffffffffffc) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, 0xffffffffffffffff, 0x0) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r1 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r1) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:52:10 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f", 0x17a, 0x7}]) 01:52:10 executing program 4: [ 491.048016][T14168] loop1: p1 p2 p3 p4 [ 491.052192][T14168] loop1: partition table partially beyond EOD, truncated [ 491.059990][T14168] loop1: p1 start 10 is beyond EOD, truncated [ 491.066254][T14168] loop1: p2 start 25 is beyond EOD, truncated [ 491.072374][T14168] loop1: p3 start 4293001441 is beyond EOD, truncated [ 491.079349][T14168] loop1: p4 size 3657465856 extends beyond EOD, truncated 01:52:10 executing program 2: 01:52:11 executing program 3: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) 01:52:11 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) geteuid() geteuid() socket$inet_udplite(0x2, 0x2, 0x88) add_key$user(&(0x7f0000000100)='user\x00', 0x0, &(0x7f0000000180)="a7", 0x1, 0xfffffffffffffffc) socket$netlink(0x10, 0x3, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r1 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r1) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:52:11 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f", 0x17a, 0x7}]) 01:52:11 executing program 4: [ 491.949045][T14194] loop1: p1 p2 p3 p4 [ 491.953407][T14194] loop1: partition table partially beyond EOD, truncated [ 491.961027][T14194] loop1: p1 start 10 is beyond EOD, truncated [ 491.967421][T14194] loop1: p2 start 25 is beyond EOD, truncated [ 491.973631][T14194] loop1: p3 start 4293001441 is beyond EOD, truncated [ 491.980454][T14194] loop1: p4 size 3657465856 extends beyond EOD, truncated 01:52:13 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:52:13 executing program 2: 01:52:13 executing program 4: 01:52:13 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) geteuid() geteuid() socket$inet_udplite(0x2, 0x2, 0x88) add_key$user(&(0x7f0000000100)='user\x00', 0x0, &(0x7f0000000180)="a7", 0x1, 0xfffffffffffffffc) socket$netlink(0x10, 0x3, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r1 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r1) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:52:13 executing program 3: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) 01:52:13 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead", 0x1b9, 0x7}]) [ 494.325953][T14207] loop1: [ 494.329237][T14207] loop1: partition table partially beyond EOD, truncated 01:52:14 executing program 4: 01:52:14 executing program 2: 01:52:14 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead", 0x1b9, 0x7}]) 01:52:14 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) geteuid() geteuid() socket$inet_udplite(0x2, 0x2, 0x88) add_key$user(&(0x7f0000000100)='user\x00', 0x0, &(0x7f0000000180)="a7", 0x1, 0xfffffffffffffffc) socket$netlink(0x10, 0x3, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r1 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r1) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:52:14 executing program 3: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) 01:52:14 executing program 4: [ 495.079174][T14232] loop1: [ 495.082258][T14232] loop1: partition table partially beyond EOD, truncated [ 495.763944][ T0] NOHZ: local_softirq_pending 08 01:52:16 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:52:16 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) geteuid() geteuid() socket$inet_udplite(0x2, 0x2, 0x88) add_key$user(&(0x7f0000000100)='user\x00', 0x0, &(0x7f0000000180)="a7", 0x1, 0xfffffffffffffffc) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:52:16 executing program 3: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) 01:52:16 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead", 0x1b9, 0x7}]) 01:52:16 executing program 2: 01:52:16 executing program 4: 01:52:17 executing program 4: 01:52:17 executing program 2: [ 497.526582][T14253] loop1: [ 497.529958][T14253] loop1: partition table partially beyond EOD, truncated 01:52:17 executing program 3: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) [ 497.592531][T14246] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 497.600900][T14246] ref_ctr decrement failed for inode: 0x3ff5 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000e05f282b [ 497.727781][T14246] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 497.736583][T14246] ref_ctr decrement failed for inode: 0x3ff5 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000e05f282b 01:52:17 executing program 4: 01:52:17 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955", 0x1d9, 0x7}]) 01:52:17 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) geteuid() geteuid() socket$inet_udplite(0x2, 0x2, 0x88) add_key$user(&(0x7f0000000100)='user\x00', 0x0, &(0x7f0000000180)="a7", 0x1, 0xfffffffffffffffc) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:52:17 executing program 2: [ 498.125024][T14271] loop1: [ 498.128158][T14271] loop1: partition table partially beyond EOD, truncated [ 498.449202][T14276] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 498.457778][T14276] ref_ctr decrement failed for inode: 0x3ff6 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000171afde1 [ 498.496485][T14276] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 498.504765][T14276] ref_ctr decrement failed for inode: 0x3ff6 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000171afde1 01:52:20 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:52:20 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000240)="6653070000053c27bc3376003639405cb4aed1736b533f9e1623a7cf73af21532ad62f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460000000079aed75d492b415bcee00a06dc9d8e99ad2f81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d86a6a402ce783aa5bfb89e6f2c64884b3c5d052563def19f8b1200eaf284124422d8a4d302e96ea0cdfe02eaf9b66be609c68408e2b060e57495c8613f2351a27be673948c4b8c75a568955bf9da055a6cd0bf8e3b1bf111ed414f039ca4a74e7875034cc371152fa82459bc507495c9a65917e0d952326e50de1e4c276d4041b805c298b1bf280a6d670663fbb151d956ada863d014c200000000000073511b6c51d69d095cee557bd3bef0afd5a2e01b8c42c0150887c80380849547f5", 0x12a}], 0x100002c1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000080)={0x0, @l2tp={0x2, 0x0, @remote}, @phonet, @phonet, 0xfffe}) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) mkdirat(0xffffffffffffffff, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 01:52:20 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955", 0x1d9, 0x7}]) 01:52:20 executing program 3: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) 01:52:20 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) geteuid() geteuid() socket$inet_udplite(0x2, 0x2, 0x88) add_key$user(&(0x7f0000000100)='user\x00', 0x0, &(0x7f0000000180)="a7", 0x1, 0xfffffffffffffffc) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:52:20 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_aout(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="8f"], 0x1) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_opts(r3, 0x29, 0x36, &(0x7f00000004c0)=ANY=[], 0x8) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @rand_addr=0x64010101}, 0x10) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 500.681907][T14290] loop1: [ 500.685256][T14290] loop1: partition table partially beyond EOD, truncated [ 500.889691][T14288] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 500.897968][T14288] ref_ctr decrement failed for inode: 0x3ff4 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007ec688d6 01:52:20 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) [ 500.983870][T14288] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 500.991957][T14288] ref_ctr decrement failed for inode: 0x3ff4 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007ec688d6 01:52:20 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955", 0x1d9, 0x7}]) 01:52:20 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) geteuid() geteuid() socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) [ 501.335388][T14315] loop1: [ 501.338561][T14315] loop1: partition table partially beyond EOD, truncated [ 501.528115][T14321] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 501.536661][T14321] ref_ctr decrement failed for inode: 0x3fff offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000014d84b0 01:52:21 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c808", 0x1e9, 0x7}]) 01:52:21 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c) listen(r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$netlink(0x10, 0x3, 0x8000000004) sendmsg$AUDIT_MAKE_EQUIV(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) writev(r3, &(0x7f0000000080)=[{&(0x7f0000000200)="580000001500add427323b470c45b45602067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac710d1070000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) [ 501.599755][T14321] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 501.608989][T14321] ref_ctr decrement failed for inode: 0x3fff offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000014d84b0 01:52:21 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) [ 501.845534][T14326] loop1: [ 501.848784][T14326] loop1: partition table partially beyond EOD, truncated 01:52:23 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r1, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:52:23 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) geteuid() geteuid() socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:52:23 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c808", 0x1e9, 0x7}]) 01:52:23 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) shutdown(r0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000000080), 0x72a, 0x0, 0x0) 01:52:23 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) 01:52:23 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f0000000100)=0x4) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f00000001c0)='NLBL_CALIPSO\x00') clock_gettime(0x0, &(0x7f00000001c0)) [ 503.947256][T14346] not chained 1060000 origins [ 503.951984][T14346] CPU: 1 PID: 14346 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 503.960640][T14346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 503.970681][T14346] Call Trace: [ 503.973966][T14346] dump_stack+0x1df/0x240 [ 503.978299][T14346] kmsan_internal_chain_origin+0x6f/0x130 [ 503.984009][T14346] ? __skb_wait_for_more_packets+0x770/0x770 [ 503.989981][T14346] ? skb_recv_datagram+0x3ec/0x480 [ 503.995081][T14346] ? kmsan_get_metadata+0x4f/0x180 [ 504.000181][T14346] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 504.005978][T14346] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 504.012033][T14346] ? bt_sock_recvmsg+0x564/0xa00 [ 504.016956][T14346] ? kmsan_get_metadata+0x4f/0x180 [ 504.022054][T14346] ? kmsan_set_origin_checked+0x95/0xf0 [ 504.027591][T14346] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 504.033649][T14346] ? _copy_from_user+0x15b/0x260 [ 504.038576][T14346] ? kmsan_get_metadata+0x4f/0x180 [ 504.043674][T14346] __msan_chain_origin+0x50/0x90 [ 504.048602][T14346] __get_compat_msghdr+0x5be/0x890 [ 504.053712][T14346] get_compat_msghdr+0x108/0x270 [ 504.058641][T14346] do_recvmmsg+0xa6a/0x1ee0 [ 504.063154][T14346] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 504.069223][T14346] ? kmsan_get_metadata+0x4f/0x180 [ 504.074321][T14346] ? kmsan_internal_set_origin+0x75/0xb0 [ 504.079937][T14346] ? __msan_poison_alloca+0xf0/0x120 [ 504.085212][T14346] ? __sys_recvmmsg+0xb4/0x510 [ 504.089960][T14346] ? __sys_recvmmsg+0xb4/0x510 [ 504.094709][T14346] ? kmsan_get_metadata+0x11d/0x180 [ 504.099895][T14346] __sys_recvmmsg+0x4ca/0x510 [ 504.104571][T14346] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 504.110626][T14346] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 504.116850][T14346] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 504.122990][T14346] __do_fast_syscall_32+0x2aa/0x400 [ 504.128179][T14346] do_fast_syscall_32+0x6b/0xd0 [ 504.133017][T14346] do_SYSENTER_32+0x73/0x90 [ 504.137507][T14346] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 504.143816][T14346] RIP: 0023:0xf7fd4549 [ 504.147862][T14346] Code: Bad RIP value. [ 504.151907][T14346] RSP: 002b:00000000f5dcf0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 504.160299][T14346] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000080 [ 504.168257][T14346] RDX: 000000000000072a RSI: 0000000000000000 RDI: 0000000000000000 [ 504.176223][T14346] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 504.184177][T14346] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 504.192131][T14346] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 504.200096][T14346] Uninit was stored to memory at: [ 504.205111][T14346] kmsan_internal_chain_origin+0xad/0x130 [ 504.210812][T14346] __msan_chain_origin+0x50/0x90 [ 504.215735][T14346] __get_compat_msghdr+0x5be/0x890 [ 504.220833][T14346] get_compat_msghdr+0x108/0x270 [ 504.225761][T14346] do_recvmmsg+0xa6a/0x1ee0 [ 504.230247][T14346] __sys_recvmmsg+0x4ca/0x510 [ 504.234910][T14346] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 504.240956][T14346] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 504.247091][T14346] __do_fast_syscall_32+0x2aa/0x400 [ 504.252276][T14346] do_fast_syscall_32+0x6b/0xd0 [ 504.257109][T14346] do_SYSENTER_32+0x73/0x90 [ 504.261594][T14346] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 504.267894][T14346] [ 504.270202][T14346] Uninit was stored to memory at: [ 504.275234][T14346] kmsan_internal_chain_origin+0xad/0x130 [ 504.280936][T14346] __msan_chain_origin+0x50/0x90 [ 504.285857][T14346] __get_compat_msghdr+0x5be/0x890 [ 504.290950][T14346] get_compat_msghdr+0x108/0x270 [ 504.295876][T14346] do_recvmmsg+0xa6a/0x1ee0 [ 504.300363][T14346] __sys_recvmmsg+0x4ca/0x510 [ 504.305019][T14346] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 504.311065][T14346] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 504.317225][T14346] __do_fast_syscall_32+0x2aa/0x400 [ 504.322408][T14346] do_fast_syscall_32+0x6b/0xd0 [ 504.327240][T14346] do_SYSENTER_32+0x73/0x90 [ 504.331727][T14346] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 504.338025][T14346] [ 504.340330][T14346] Uninit was stored to memory at: [ 504.345336][T14346] kmsan_internal_chain_origin+0xad/0x130 [ 504.351035][T14346] __msan_chain_origin+0x50/0x90 [ 504.355954][T14346] __get_compat_msghdr+0x5be/0x890 [ 504.361049][T14346] get_compat_msghdr+0x108/0x270 [ 504.365971][T14346] do_recvmmsg+0xa6a/0x1ee0 [ 504.370455][T14346] __sys_recvmmsg+0x4ca/0x510 [ 504.375113][T14346] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 504.381163][T14346] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 504.387298][T14346] __do_fast_syscall_32+0x2aa/0x400 [ 504.392476][T14346] do_fast_syscall_32+0x6b/0xd0 [ 504.397309][T14346] do_SYSENTER_32+0x73/0x90 [ 504.401793][T14346] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 504.408093][T14346] [ 504.410400][T14346] Uninit was stored to memory at: [ 504.415408][T14346] kmsan_internal_chain_origin+0xad/0x130 [ 504.421110][T14346] __msan_chain_origin+0x50/0x90 [ 504.426030][T14346] __get_compat_msghdr+0x5be/0x890 [ 504.431124][T14346] get_compat_msghdr+0x108/0x270 [ 504.436044][T14346] do_recvmmsg+0xa6a/0x1ee0 [ 504.440529][T14346] __sys_recvmmsg+0x4ca/0x510 [ 504.445192][T14346] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 504.451240][T14346] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 504.457381][T14346] __do_fast_syscall_32+0x2aa/0x400 [ 504.462563][T14346] do_fast_syscall_32+0x6b/0xd0 [ 504.467395][T14346] do_SYSENTER_32+0x73/0x90 [ 504.471879][T14346] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 504.478178][T14346] [ 504.480486][T14346] Uninit was stored to memory at: [ 504.485493][T14346] kmsan_internal_chain_origin+0xad/0x130 [ 504.491191][T14346] __msan_chain_origin+0x50/0x90 [ 504.496116][T14346] __get_compat_msghdr+0x5be/0x890 [ 504.501210][T14346] get_compat_msghdr+0x108/0x270 [ 504.506132][T14346] do_recvmmsg+0xa6a/0x1ee0 [ 504.510617][T14346] __sys_recvmmsg+0x4ca/0x510 [ 504.515288][T14346] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 504.521339][T14346] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 504.527485][T14346] __do_fast_syscall_32+0x2aa/0x400 [ 504.532666][T14346] do_fast_syscall_32+0x6b/0xd0 [ 504.537501][T14346] do_SYSENTER_32+0x73/0x90 [ 504.541988][T14346] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 504.548288][T14346] [ 504.550598][T14346] Uninit was stored to memory at: [ 504.555605][T14346] kmsan_internal_chain_origin+0xad/0x130 [ 504.561305][T14346] __msan_chain_origin+0x50/0x90 [ 504.566224][T14346] __get_compat_msghdr+0x5be/0x890 [ 504.571318][T14346] get_compat_msghdr+0x108/0x270 [ 504.576243][T14346] do_recvmmsg+0xa6a/0x1ee0 [ 504.580732][T14346] __sys_recvmmsg+0x4ca/0x510 [ 504.585394][T14346] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 504.591446][T14346] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 504.597583][T14346] __do_fast_syscall_32+0x2aa/0x400 [ 504.602775][T14346] do_fast_syscall_32+0x6b/0xd0 [ 504.607610][T14346] do_SYSENTER_32+0x73/0x90 [ 504.612096][T14346] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 504.618397][T14346] [ 504.620703][T14346] Uninit was stored to memory at: [ 504.625711][T14346] kmsan_internal_chain_origin+0xad/0x130 [ 504.631421][T14346] __msan_chain_origin+0x50/0x90 [ 504.636349][T14346] __get_compat_msghdr+0x5be/0x890 [ 504.641457][T14346] get_compat_msghdr+0x108/0x270 [ 504.646393][T14346] do_recvmmsg+0xa6a/0x1ee0 [ 504.650889][T14346] __sys_recvmmsg+0x4ca/0x510 [ 504.655554][T14346] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 504.661607][T14346] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 504.667751][T14346] __do_fast_syscall_32+0x2aa/0x400 [ 504.672934][T14346] do_fast_syscall_32+0x6b/0xd0 [ 504.677782][T14346] do_SYSENTER_32+0x73/0x90 [ 504.682277][T14346] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 504.688582][T14346] [ 504.690895][T14346] Local variable ----msg_sys@do_recvmmsg created at: [ 504.697558][T14346] do_recvmmsg+0xc5/0x1ee0 [ 504.701960][T14346] do_recvmmsg+0xc5/0x1ee0 [ 504.807312][T14356] loop1: [ 504.810465][T14356] loop1: partition table partially beyond EOD, truncated 01:52:24 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c808", 0x1e9, 0x7}]) 01:52:24 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) 01:52:24 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) shutdown(r0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000000080), 0x72a, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) dup(0xffffffffffffffff) 01:52:24 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) geteuid() geteuid() socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) [ 505.421033][T14368] loop1: [ 505.424145][T14368] loop1: partition table partially beyond EOD, truncated 01:52:25 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) shutdown(r0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000000080), 0x72a, 0x0, 0x0) 01:52:25 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) [ 505.931290][T14377] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 505.939948][T14377] ref_ctr decrement failed for inode: 0x3fc1 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000004fdb3157 [ 506.011029][T14377] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 506.019395][T14377] ref_ctr decrement failed for inode: 0x3fc1 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000004fdb3157 01:52:27 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2f", 0x1f1, 0x7}]) 01:52:27 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) geteuid() geteuid() socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:52:27 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(sha224-generic)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x68}}, 0x0) 01:52:27 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r1, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:52:27 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) 01:52:27 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) shutdown(r0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000000080), 0x72a, 0x0, 0x0) [ 508.025826][T14401] loop1: [ 508.028890][T14401] loop1: partition table partially beyond EOD, truncated 01:52:27 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) shutdown(r0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000000080), 0x72a, 0x0, 0x0) 01:52:27 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(sha224-generic)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x68}}, 0x0) [ 508.279539][T14398] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 508.287771][T14398] ref_ctr decrement failed for inode: 0x3ff3 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000e05f282b [ 508.374049][T14398] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 508.382273][T14398] ref_ctr decrement failed for inode: 0x3ff3 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000e05f282b 01:52:28 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2f", 0x1f1, 0x7}]) 01:52:28 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) [ 508.502536][T14416] not chained 1070000 origins [ 508.507274][T14416] CPU: 0 PID: 14416 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 508.515949][T14416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 508.526005][T14416] Call Trace: [ 508.529308][T14416] dump_stack+0x1df/0x240 [ 508.533637][T14416] kmsan_internal_chain_origin+0x6f/0x130 [ 508.539354][T14416] ? __skb_wait_for_more_packets+0x770/0x770 [ 508.545333][T14416] ? skb_recv_datagram+0x3ec/0x480 [ 508.550441][T14416] ? kmsan_get_metadata+0x4f/0x180 [ 508.555538][T14416] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 508.561330][T14416] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 508.567381][T14416] ? bt_sock_recvmsg+0x564/0xa00 [ 508.572308][T14416] ? kmsan_get_metadata+0x4f/0x180 [ 508.577408][T14416] ? kmsan_set_origin_checked+0x95/0xf0 [ 508.582940][T14416] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 508.588996][T14416] ? _copy_from_user+0x15b/0x260 [ 508.593921][T14416] ? kmsan_get_metadata+0x4f/0x180 [ 508.599018][T14416] __msan_chain_origin+0x50/0x90 [ 508.603946][T14416] __get_compat_msghdr+0x5be/0x890 [ 508.609055][T14416] get_compat_msghdr+0x108/0x270 [ 508.613988][T14416] do_recvmmsg+0xa6a/0x1ee0 [ 508.618487][T14416] ? kmsan_internal_set_origin+0x75/0xb0 [ 508.624116][T14416] ? kmsan_get_metadata+0x4f/0x180 [ 508.629216][T14416] ? kmsan_internal_set_origin+0x75/0xb0 [ 508.634958][T14416] ? __msan_poison_alloca+0xf0/0x120 [ 508.640246][T14416] ? __sys_recvmmsg+0xb4/0x510 [ 508.645006][T14416] ? __sys_recvmmsg+0xb4/0x510 [ 508.649856][T14416] ? kmsan_get_metadata+0x11d/0x180 [ 508.655044][T14416] __sys_recvmmsg+0x4ca/0x510 [ 508.659720][T14416] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 508.665779][T14416] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 508.672041][T14416] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 508.678210][T14416] __do_fast_syscall_32+0x2aa/0x400 [ 508.683415][T14416] do_fast_syscall_32+0x6b/0xd0 [ 508.688269][T14416] do_SYSENTER_32+0x73/0x90 [ 508.692766][T14416] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 508.699085][T14416] RIP: 0023:0xf7fd4549 [ 508.703150][T14416] Code: Bad RIP value. [ 508.707206][T14416] RSP: 002b:00000000f5dae0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 508.715623][T14416] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000080 [ 508.723579][T14416] RDX: 000000000000072a RSI: 0000000000000000 RDI: 0000000000000000 [ 508.731530][T14416] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 508.739485][T14416] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 508.747439][T14416] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 508.755401][T14416] Uninit was stored to memory at: [ 508.760417][T14416] kmsan_internal_chain_origin+0xad/0x130 [ 508.766120][T14416] __msan_chain_origin+0x50/0x90 [ 508.771060][T14416] __get_compat_msghdr+0x5be/0x890 [ 508.776159][T14416] get_compat_msghdr+0x108/0x270 [ 508.781081][T14416] do_recvmmsg+0xa6a/0x1ee0 [ 508.785569][T14416] __sys_recvmmsg+0x4ca/0x510 [ 508.790228][T14416] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 508.796308][T14416] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 508.802443][T14416] __do_fast_syscall_32+0x2aa/0x400 [ 508.807627][T14416] do_fast_syscall_32+0x6b/0xd0 [ 508.812467][T14416] do_SYSENTER_32+0x73/0x90 [ 508.816953][T14416] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 508.823252][T14416] [ 508.825557][T14416] Uninit was stored to memory at: [ 508.830564][T14416] kmsan_internal_chain_origin+0xad/0x130 [ 508.836276][T14416] __msan_chain_origin+0x50/0x90 [ 508.841196][T14416] __get_compat_msghdr+0x5be/0x890 [ 508.846297][T14416] get_compat_msghdr+0x108/0x270 [ 508.851218][T14416] do_recvmmsg+0xa6a/0x1ee0 [ 508.855728][T14416] __sys_recvmmsg+0x4ca/0x510 [ 508.860395][T14416] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 508.866453][T14416] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 508.872592][T14416] __do_fast_syscall_32+0x2aa/0x400 [ 508.877777][T14416] do_fast_syscall_32+0x6b/0xd0 [ 508.882610][T14416] do_SYSENTER_32+0x73/0x90 [ 508.887097][T14416] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 508.893399][T14416] [ 508.895707][T14416] Uninit was stored to memory at: [ 508.900717][T14416] kmsan_internal_chain_origin+0xad/0x130 [ 508.906418][T14416] __msan_chain_origin+0x50/0x90 [ 508.911339][T14416] __get_compat_msghdr+0x5be/0x890 [ 508.916438][T14416] get_compat_msghdr+0x108/0x270 [ 508.921360][T14416] do_recvmmsg+0xa6a/0x1ee0 [ 508.925845][T14416] __sys_recvmmsg+0x4ca/0x510 [ 508.930505][T14416] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 508.936552][T14416] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 508.942685][T14416] __do_fast_syscall_32+0x2aa/0x400 [ 508.947868][T14416] do_fast_syscall_32+0x6b/0xd0 [ 508.952701][T14416] do_SYSENTER_32+0x73/0x90 [ 508.957187][T14416] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 508.963489][T14416] [ 508.965796][T14416] Uninit was stored to memory at: [ 508.970800][T14416] kmsan_internal_chain_origin+0xad/0x130 [ 508.976502][T14416] __msan_chain_origin+0x50/0x90 [ 508.981425][T14416] __get_compat_msghdr+0x5be/0x890 [ 508.986537][T14416] get_compat_msghdr+0x108/0x270 [ 508.991464][T14416] do_recvmmsg+0xa6a/0x1ee0 [ 508.995955][T14416] __sys_recvmmsg+0x4ca/0x510 [ 509.000616][T14416] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 509.006670][T14416] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 509.012809][T14416] __do_fast_syscall_32+0x2aa/0x400 [ 509.018007][T14416] do_fast_syscall_32+0x6b/0xd0 [ 509.022839][T14416] do_SYSENTER_32+0x73/0x90 [ 509.027325][T14416] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 509.033627][T14416] [ 509.035936][T14416] Uninit was stored to memory at: [ 509.040944][T14416] kmsan_internal_chain_origin+0xad/0x130 [ 509.046648][T14416] __msan_chain_origin+0x50/0x90 [ 509.051567][T14416] __get_compat_msghdr+0x5be/0x890 [ 509.056661][T14416] get_compat_msghdr+0x108/0x270 [ 509.061582][T14416] do_recvmmsg+0xa6a/0x1ee0 [ 509.066069][T14416] __sys_recvmmsg+0x4ca/0x510 [ 509.070731][T14416] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 509.076785][T14416] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 509.082922][T14416] __do_fast_syscall_32+0x2aa/0x400 [ 509.088103][T14416] do_fast_syscall_32+0x6b/0xd0 [ 509.092936][T14416] do_SYSENTER_32+0x73/0x90 [ 509.097422][T14416] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 509.103723][T14416] [ 509.106030][T14416] Uninit was stored to memory at: [ 509.111037][T14416] kmsan_internal_chain_origin+0xad/0x130 [ 509.116739][T14416] __msan_chain_origin+0x50/0x90 [ 509.121659][T14416] __get_compat_msghdr+0x5be/0x890 [ 509.126754][T14416] get_compat_msghdr+0x108/0x270 [ 509.131674][T14416] do_recvmmsg+0xa6a/0x1ee0 [ 509.136159][T14416] __sys_recvmmsg+0x4ca/0x510 [ 509.140817][T14416] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 509.146867][T14416] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 509.153005][T14416] __do_fast_syscall_32+0x2aa/0x400 [ 509.158191][T14416] do_fast_syscall_32+0x6b/0xd0 [ 509.163032][T14416] do_SYSENTER_32+0x73/0x90 [ 509.167524][T14416] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 509.173825][T14416] [ 509.176151][T14416] Uninit was stored to memory at: [ 509.181160][T14416] kmsan_internal_chain_origin+0xad/0x130 [ 509.186862][T14416] __msan_chain_origin+0x50/0x90 [ 509.191785][T14416] __get_compat_msghdr+0x5be/0x890 [ 509.196881][T14416] get_compat_msghdr+0x108/0x270 [ 509.201805][T14416] do_recvmmsg+0xa6a/0x1ee0 [ 509.206292][T14416] __sys_recvmmsg+0x4ca/0x510 [ 509.210950][T14416] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 509.216999][T14416] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 509.223147][T14416] __do_fast_syscall_32+0x2aa/0x400 [ 509.228330][T14416] do_fast_syscall_32+0x6b/0xd0 [ 509.233164][T14416] do_SYSENTER_32+0x73/0x90 [ 509.237651][T14416] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 509.243950][T14416] [ 509.246259][T14416] Local variable ----msg_sys@do_recvmmsg created at: [ 509.252919][T14416] do_recvmmsg+0xc5/0x1ee0 [ 509.257317][T14416] do_recvmmsg+0xc5/0x1ee0 01:52:29 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) geteuid() socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) [ 509.448476][T14420] loop1: [ 509.451680][T14420] loop1: partition table partially beyond EOD, truncated 01:52:29 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(sha224-generic)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x68}}, 0x0) [ 509.957974][T14433] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 509.966587][T14433] ref_ctr decrement failed for inode: 0x3ffc offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce7d1fc2 [ 510.018932][T14433] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 510.027808][T14433] ref_ctr decrement failed for inode: 0x3ffc offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce7d1fc2 01:52:30 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r1, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:52:30 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2f", 0x1f1, 0x7}]) 01:52:30 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) 01:52:30 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f0000000080), 0x72a, 0x0, 0x0) 01:52:30 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(sha224-generic)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x68}}, 0x0) 01:52:30 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) geteuid() socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) [ 511.504582][T14455] loop1: [ 511.507674][T14455] loop1: partition table partially beyond EOD, truncated 01:52:31 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(sha224-generic)\x00'}, 0x58) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x68}}, 0x0) [ 511.575800][T14454] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 511.584096][T14454] ref_ctr decrement failed for inode: 0x3fed offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000c1dcca2d [ 511.642295][T14454] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 511.650625][T14454] ref_ctr decrement failed for inode: 0x3fed offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000c1dcca2d 01:52:31 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181be", 0x1f5, 0x7}]) 01:52:31 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) 01:52:31 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f0000000080), 0x72a, 0x0, 0x0) 01:52:31 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) [ 512.005797][T14468] loop1: [ 512.008954][T14468] loop1: partition table partially beyond EOD, truncated 01:52:31 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(sha224-generic)\x00'}, 0x58) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x68}}, 0x0) [ 512.447593][T14483] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 512.456454][T14483] ref_ctr decrement failed for inode: 0x3fed offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000c84860e3 [ 512.476871][T14483] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 512.485584][T14483] ref_ctr decrement failed for inode: 0x3fed offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000c84860e3 01:52:34 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:52:34 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) 01:52:34 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181be", 0x1f5, 0x7}]) 01:52:34 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f0000000080), 0x72a, 0x0, 0x0) 01:52:34 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(sha224-generic)\x00'}, 0x58) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x68}}, 0x0) 01:52:34 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r1 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r1) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:52:34 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) [ 514.745554][T14500] loop1: [ 514.748830][T14500] loop1: partition table partially beyond EOD, truncated 01:52:34 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000000080), 0x72a, 0x0, 0x0) 01:52:34 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x68}}, 0x0) 01:52:34 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r1 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r1) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:52:34 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181be", 0x1f5, 0x7}]) 01:52:34 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) [ 515.465988][T14525] loop1: [ 515.469194][T14525] loop1: partition table partially beyond EOD, truncated 01:52:37 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:52:37 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r1 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r1) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:52:37 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181bebc72", 0x1f7, 0x7}]) 01:52:37 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x68}}, 0x0) 01:52:37 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, 0x0, 0x0) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) 01:52:37 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000000080), 0x72a, 0x0, 0x0) [ 517.996119][T14549] loop1: [ 517.999336][T14549] loop1: partition table partially beyond EOD, truncated 01:52:37 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, 0x0, 0x0) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) 01:52:37 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x68}}, 0x0) 01:52:37 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:52:37 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181bebc72", 0x1f7, 0x7}]) [ 518.496340][T14567] loop1: [ 518.499484][T14567] loop1: partition table partially beyond EOD, truncated 01:52:38 executing program 4: bind$alg(0xffffffffffffffff, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(sha224-generic)\x00'}, 0x58) r0 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x68}}, 0x0) [ 518.553964][T14562] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 518.562041][T14562] ref_ctr decrement failed for inode: 0x4000 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000000c0faeff 01:52:38 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, 0x0, 0x0) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) [ 518.632185][T14562] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 518.640548][T14562] ref_ctr decrement failed for inode: 0x4000 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000000c0faeff 01:52:40 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:52:40 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181bebc72", 0x1f7, 0x7}]) 01:52:40 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:52:40 executing program 4: bind$alg(0xffffffffffffffff, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(sha224-generic)\x00'}, 0x58) r0 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x68}}, 0x0) 01:52:40 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000000080), 0x72a, 0x0, 0x0) 01:52:40 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local}, 0x1c) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) 01:52:40 executing program 4: bind$alg(0xffffffffffffffff, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(sha224-generic)\x00'}, 0x58) r0 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x68}}, 0x0) [ 521.164901][T14594] loop1: [ 521.168096][T14594] loop1: partition table partially beyond EOD, truncated [ 521.188687][T14593] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 521.197083][T14593] ref_ctr decrement failed for inode: 0x3e61 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000001498fe82 01:52:40 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local}, 0x1c) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) [ 521.279510][T14593] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 521.288035][T14593] ref_ctr decrement failed for inode: 0x3e61 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000001498fe82 01:52:41 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(sha224-generic)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x68}}, 0x0) 01:52:41 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181bebc72be", 0x1f8}]) 01:52:41 executing program 0: r0 = open(0x0, 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:52:41 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local}, 0x1c) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) [ 521.798730][T14612] Dev loop1: unable to read RDB block 1 [ 521.804744][T14612] loop1: unable to read partition table [ 521.810627][T14612] loop1: partition table beyond EOD, truncated [ 521.817582][T14612] loop_reread_partitions: partition scan of loop1 () failed (rc=-5) 01:52:43 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)) timer_settime(0x0, 0x1, 0x0, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r1, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:52:43 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(sha224-generic)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x68}}, 0x0) 01:52:43 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) 01:52:43 executing program 2: shutdown(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000080), 0x72a, 0x0, 0x0) 01:52:43 executing program 0: r0 = open(0x0, 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:52:43 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181bebc72be", 0x1f8}]) [ 524.324674][T14631] Dev loop1: unable to read RDB block 1 [ 524.330543][T14631] loop1: unable to read partition table [ 524.336640][T14631] loop1: partition table beyond EOD, truncated [ 524.343484][T14631] loop_reread_partitions: partition scan of loop1 () failed (rc=-5) 01:52:44 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) 01:52:44 executing program 2: shutdown(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000080), 0x72a, 0x0, 0x0) 01:52:44 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(sha224-generic)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x68}}, 0x0) 01:52:44 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000180)="020182ffffff0a000000ff45ac0000ffffff8100e931190000000000000680170003a6ffffffe100e2ff877700720030070081ffffff00000000008000da55aa", 0x40, 0x1c0}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181bebc72be", 0x1f8}]) 01:52:44 executing program 0: r0 = open(0x0, 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:52:44 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0, 0x0, 0x0, 0x0, 0xb605}}], 0xc6, 0x0) [ 524.974007][T14653] Dev loop1: unable to read RDB block 1 [ 524.979865][T14653] loop1: unable to read partition table [ 524.986362][T14653] loop1: partition table beyond EOD, truncated [ 524.992698][T14653] loop_reread_partitions: partition scan of loop1 () failed (rc=-5) 01:52:47 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)) timer_settime(0x0, 0x1, 0x0, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r1, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:52:47 executing program 2: shutdown(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000080), 0x72a, 0x0, 0x0) 01:52:47 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x68}}, 0x0) 01:52:47 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:52:47 executing program 1: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181bebc72be", 0x1f8, 0x7}]) 01:52:47 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, 0x0, 0x0, 0x0) 01:52:47 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x68}}, 0x0) 01:52:47 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, 0x0, 0x0, 0x0) 01:52:47 executing program 1: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181bebc72be", 0x1f8, 0x7}]) 01:52:47 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) shutdown(r0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000000080), 0x72a, 0x0, 0x0) 01:52:47 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, 0x0, 0x0, 0x0) 01:52:47 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x68}}, 0x0) 01:52:50 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)) timer_settime(0x0, 0x1, 0x0, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r1, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:52:50 executing program 1: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181bebc72be", 0x1f8, 0x7}]) 01:52:50 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:52:50 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000006d00), 0x0, 0x0) 01:52:50 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) shutdown(r0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000000080), 0x72a, 0x0, 0x0) 01:52:50 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(sha224-generic)\x00'}, 0x58) r1 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x68}}, 0x0) 01:52:50 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(sha224-generic)\x00'}, 0x58) r1 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x68}}, 0x0) 01:52:50 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000006d00), 0x0, 0x0) 01:52:50 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) shutdown(r0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000000080), 0x72a, 0x0, 0x0) 01:52:50 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:52:50 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{0x0, 0x0, 0x1c0}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181bebc72be", 0x1f8, 0x7}]) 01:52:51 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(sha224-generic)\x00'}, 0x58) r1 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x68}}, 0x0) [ 531.714498][T14738] Dev loop1: unable to read RDB block 1 [ 531.720387][T14738] loop1: unable to read partition table [ 531.726431][T14738] loop1: partition table beyond EOD, truncated [ 531.732860][T14738] loop_reread_partitions: partition scan of loop1 () failed (rc=-5) 01:52:53 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) shutdown(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000000080), 0x72a, 0x0, 0x0) 01:52:53 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{0x0}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181bebc72be", 0x1f8, 0x7}]) 01:52:53 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000006d00), 0x0, 0x0) 01:52:53 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(sha224-generic)\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x68}}, 0x0) 01:52:53 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r1, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:52:53 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:52:54 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2c0000000b0605000000000000000800000000000900020073797a3000000000040007800500010006"], 0x2c}}, 0x0) 01:52:54 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(sha224-generic)\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x68}}, 0x0) 01:52:54 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{0x0}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181bebc72be", 0x1f8, 0x7}]) 01:52:54 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:52:54 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f00000000c0)='wg2\x00', 0x4) connect$inet6(r0, &(0x7f0000000140)={0xa, 0xffffffffffffffff, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}, 0x1c) sendmmsg(r0, &(0x7f0000000240), 0x5c3, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_user\x00', 0x275a, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8800}, 0x4040094) ioctl$PPPIOCGMRU(r1, 0x80047453, &(0x7f0000000000)) 01:52:54 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(sha224-generic)\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x68}}, 0x0) 01:52:54 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) shutdown(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000000080), 0x72a, 0x0, 0x0) 01:52:56 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r1, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:52:56 executing program 1: syz_read_part_table(0x0, 0x2, &(0x7f0000000080)=[{0x0}, {&(0x7f00000001c0)="6b47019d7aa060f115057f1d0bcbfba1a36d56a144b0b233728ebefecc3d30b4c6c08a9febfc103b18fa86077038cd528fa698696626584a661c7aab9b07a810374792216cf9b86961908c3bb730ab4032962f9577b191b5d9f1edc6b422c2073d7da95427fd3ad79b6dc11bfe5ba5f14875709a0c5b71bcce5be3f161e63a0404067b0fd8635b1199513b48f2edb01f868752d40ca5fb14288d1dc19ec5667ff87a19a46d720932e4ab65f893eeaac53de8cf1dbf5cbf32e9cdb3a79c8f1bee9f35cf3ff3d584a25f4778f8dd303f042cab399a34e14a4f4a20a119d6da940cd46811a63592d6889e5f150cc09f1af9023b570633c31e2719fd655d4cb62e7fbaa3609e7435894cd39f7002d65e514f3a7c7c17314d5f1a49efb42e962f00fa6048caebf9e5f154244bb624a2f82d3f455f82e8a095549b7f2553f0f897d41938a5a75f4037a309f1f67bd7fad105626040dc0cbf40fa37eb342f36584d4c80b9769f4e7bd8bc4ab966ebd4d82606803768d9ac859889d84d5f1a5f52e7dfe3fc5893038de9fe974b15364ec00d5b0a043288420e184ae954cdd4475bbc49c404d709a1dddc3bc5a4518c8c97ad529b663bca43987aa5dead91c96d8363ae8aacfc3bead66a1e44edcf6c653cc93e255c45034761e07ed955816b9801e73640df824120627396c80829ef9b5486495c2fcd3181bebc72be", 0x1f8, 0x7}]) 01:52:56 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:52:56 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:52:56 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(sha224-generic)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r1, 0x0, 0x0) 01:52:56 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) shutdown(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000000080), 0x72a, 0x0, 0x0) 01:52:57 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x10, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:52:57 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:52:57 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(sha224-generic)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r1, 0x0, 0x0) 01:52:57 executing program 1: pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f00000006c0)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000001c0)='syz_tun\x00', 0x10) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_script(r1, &(0x7f0000000840)={'#! ', './file0', [], 0xa, "cf7dee45639852716c848c2037e6a307b4f0fcb726189854f4aa71ebdb7cc78eb4e5026001fb30f36cffb1ba6b9ae9acd1e9de177fbe4ad0c2d710f0c2c82ca21202749d39677d2398f476c001fefc0c1d074ae585ed2f48d44f9cd3f1b1002b0df3e4c7ea5543ee2e068cbafc1c25c8f25716ff5c04b1df3def7e8445ad09fbbe259223578ba454079a10569bde578b480a21c34445e8f071aeba1a363187f418ecac1bc98b08954a6a568c4e3d87aa74c8536da7bcb86a41f5025bc0272d0bd4e952607477eec25b8aab8745087f14de513d7e0de8e7c82049e2bcae5bfcb14fe574821abe5d3d12965d492566f99bca0dbea573c8edf991fbebd1a4cb4d2b6d0ba6bf3df06520d46a6da393cc3d14a3d4f8b952737fd6c6b183a7740c51bfa63763d9eb4bcc8c7c13352098c1814add86e0ad65086280ed7fa17c11be168df09db10388feff23660b967ae40cca211661ea19ded7c47f39bc8e7cd495bc1b3d24e8d3df653d620cb54e1350061a1b4f3f498c0cc6122afeee3f2ad109dad1dfb2f1931a4b546d4eddba9d68361e2b8a6c27a8356aad64cf33b3090b35337c5ff9"}, 0x1ad) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000100)=0x2, 0x4) splice(r0, 0x0, r2, 0x0, 0x140006, 0x0) 01:52:57 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:52:57 executing program 1: syz_emit_ethernet(0x3e, &(0x7f00000000c0)={@link_local={0x3}, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "bf6411", 0x8, 0x3a, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, @mcast2, {[], @echo_request}}}}}, 0x0) 01:53:00 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r1, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:53:00 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:53:00 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) shutdown(r0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000000080), 0x72a, 0x0, 0x0) 01:53:00 executing program 1: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000002540)={0x3, 0x0, [{0x3000, 0x17, &(0x7f00000000c0)=""/23}, {0x6000, 0x1000, &(0x7f0000001540)=""/4096}, {0x0, 0x97, &(0x7f0000000300)=""/151}]}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000080)=ANY=[]) 01:53:00 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x10, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:00 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(sha224-generic)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r1, 0x0, 0x0) 01:53:00 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:53:00 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(sha224-generic)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) 01:53:00 executing program 1: mkdir(&(0x7f0000000240)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000000)='fuse\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0x0, 0x0}) sendmmsg(r1, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}, 0x51}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0/file0\x00'}, 0x51, &(0x7f0000007380), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="48000000000000000000000000000080b2b6a77f06ddcb330300000000000000fbc6b2c7a0a98601000000000000007e29bc56bb9ed4d8803c7cb00ae99a70317fb463bed350139e79abe8fa8aac7ffc3f000000ff6200"], 0x48}, 0x8}], 0x2, 0x0) statfs(&(0x7f0000000080)='./file0/file1\x00', 0x0) 01:53:00 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x10, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:00 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) shutdown(r0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000000080), 0x72a, 0x0, 0x0) 01:53:01 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) [ 541.657962][T14869] not chained 1080000 origins [ 541.662688][T14869] CPU: 0 PID: 14869 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 541.671362][T14869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 541.681440][T14869] Call Trace: [ 541.684747][T14869] dump_stack+0x1df/0x240 [ 541.689092][T14869] kmsan_internal_chain_origin+0x6f/0x130 [ 541.694801][T14869] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 541.700596][T14869] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 541.706652][T14869] ? do_user_addr_fault+0x1057/0x1600 [ 541.712025][T14869] ? __msan_get_context_state+0x9/0x20 [ 541.717472][T14869] ? idtentry_exit_cond_rcu+0x12/0x50 [ 541.722828][T14869] ? kmsan_get_metadata+0x4f/0x180 [ 541.727924][T14869] ? kmsan_set_origin_checked+0x95/0xf0 [ 541.733459][T14869] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 541.739514][T14869] ? _copy_from_user+0x15b/0x260 [ 541.744437][T14869] ? kmsan_get_metadata+0x4f/0x180 [ 541.749534][T14869] __msan_chain_origin+0x50/0x90 [ 541.754461][T14869] __get_compat_msghdr+0x5be/0x890 [ 541.759574][T14869] get_compat_msghdr+0x108/0x270 [ 541.764512][T14869] do_recvmmsg+0xa6a/0x1ee0 [ 541.769010][T14869] ? kmsan_internal_set_origin+0x75/0xb0 [ 541.774639][T14869] ? kmsan_get_metadata+0x4f/0x180 [ 541.779734][T14869] ? kmsan_internal_set_origin+0x75/0xb0 [ 541.785464][T14869] ? __msan_poison_alloca+0xf0/0x120 [ 541.790742][T14869] ? __sys_recvmmsg+0xb4/0x510 [ 541.795496][T14869] ? __sys_recvmmsg+0xb4/0x510 [ 541.800253][T14869] ? kmsan_get_metadata+0x11d/0x180 [ 541.805450][T14869] __sys_recvmmsg+0x4ca/0x510 [ 541.810128][T14869] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 541.816189][T14869] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 541.822424][T14869] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 541.828569][T14869] __do_fast_syscall_32+0x2aa/0x400 [ 541.833852][T14869] do_fast_syscall_32+0x6b/0xd0 [ 541.838694][T14869] do_SYSENTER_32+0x73/0x90 [ 541.843186][T14869] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 541.849517][T14869] RIP: 0023:0xf7fd4549 [ 541.853565][T14869] Code: Bad RIP value. [ 541.857611][T14869] RSP: 002b:00000000f5dcf0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 541.866016][T14869] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000080 [ 541.873983][T14869] RDX: 000000000000072a RSI: 0000000000000000 RDI: 0000000000000000 [ 541.881942][T14869] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 541.889896][T14869] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 541.897849][T14869] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 541.905812][T14869] Uninit was stored to memory at: [ 541.910827][T14869] kmsan_internal_chain_origin+0xad/0x130 [ 541.916529][T14869] __msan_chain_origin+0x50/0x90 [ 541.921451][T14869] __get_compat_msghdr+0x5be/0x890 [ 541.926546][T14869] get_compat_msghdr+0x108/0x270 [ 541.931466][T14869] do_recvmmsg+0xa6a/0x1ee0 [ 541.936065][T14869] __sys_recvmmsg+0x4ca/0x510 [ 541.940732][T14869] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 541.946783][T14869] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 541.952921][T14869] __do_fast_syscall_32+0x2aa/0x400 [ 541.958199][T14869] do_fast_syscall_32+0x6b/0xd0 [ 541.963034][T14869] do_SYSENTER_32+0x73/0x90 [ 541.967521][T14869] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 541.973823][T14869] [ 541.976127][T14869] Uninit was stored to memory at: [ 541.981134][T14869] kmsan_internal_chain_origin+0xad/0x130 [ 541.986835][T14869] __msan_chain_origin+0x50/0x90 [ 541.991758][T14869] __get_compat_msghdr+0x5be/0x890 [ 541.996853][T14869] get_compat_msghdr+0x108/0x270 [ 542.001775][T14869] do_recvmmsg+0xa6a/0x1ee0 [ 542.006262][T14869] __sys_recvmmsg+0x4ca/0x510 [ 542.010921][T14869] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 542.017024][T14869] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 542.023200][T14869] __do_fast_syscall_32+0x2aa/0x400 [ 542.028394][T14869] do_fast_syscall_32+0x6b/0xd0 [ 542.033235][T14869] do_SYSENTER_32+0x73/0x90 [ 542.037723][T14869] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 542.044026][T14869] [ 542.046333][T14869] Uninit was stored to memory at: [ 542.051340][T14869] kmsan_internal_chain_origin+0xad/0x130 [ 542.057043][T14869] __msan_chain_origin+0x50/0x90 [ 542.061965][T14869] __get_compat_msghdr+0x5be/0x890 [ 542.067059][T14869] get_compat_msghdr+0x108/0x270 [ 542.071978][T14869] do_recvmmsg+0xa6a/0x1ee0 [ 542.076466][T14869] __sys_recvmmsg+0x4ca/0x510 [ 542.081124][T14869] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 542.087176][T14869] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 542.093315][T14869] __do_fast_syscall_32+0x2aa/0x400 [ 542.098505][T14869] do_fast_syscall_32+0x6b/0xd0 [ 542.103339][T14869] do_SYSENTER_32+0x73/0x90 [ 542.107823][T14869] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 542.114124][T14869] [ 542.116431][T14869] Uninit was stored to memory at: [ 542.121440][T14869] kmsan_internal_chain_origin+0xad/0x130 [ 542.127142][T14869] __msan_chain_origin+0x50/0x90 [ 542.132062][T14869] __get_compat_msghdr+0x5be/0x890 [ 542.137156][T14869] get_compat_msghdr+0x108/0x270 [ 542.142076][T14869] do_recvmmsg+0xa6a/0x1ee0 [ 542.146562][T14869] __sys_recvmmsg+0x4ca/0x510 [ 542.151222][T14869] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 542.157273][T14869] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 542.163409][T14869] __do_fast_syscall_32+0x2aa/0x400 [ 542.168590][T14869] do_fast_syscall_32+0x6b/0xd0 [ 542.173424][T14869] do_SYSENTER_32+0x73/0x90 [ 542.177909][T14869] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 542.184214][T14869] [ 542.186523][T14869] Uninit was stored to memory at: [ 542.191529][T14869] kmsan_internal_chain_origin+0xad/0x130 [ 542.197230][T14869] __msan_chain_origin+0x50/0x90 [ 542.202154][T14869] __get_compat_msghdr+0x5be/0x890 [ 542.207249][T14869] get_compat_msghdr+0x108/0x270 [ 542.212170][T14869] do_recvmmsg+0xa6a/0x1ee0 [ 542.216653][T14869] __sys_recvmmsg+0x4ca/0x510 [ 542.221312][T14869] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 542.227360][T14869] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 542.233498][T14869] __do_fast_syscall_32+0x2aa/0x400 [ 542.238678][T14869] do_fast_syscall_32+0x6b/0xd0 [ 542.243511][T14869] do_SYSENTER_32+0x73/0x90 [ 542.247996][T14869] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 542.254302][T14869] [ 542.256611][T14869] Uninit was stored to memory at: [ 542.261617][T14869] kmsan_internal_chain_origin+0xad/0x130 [ 542.267318][T14869] __msan_chain_origin+0x50/0x90 [ 542.272258][T14869] __get_compat_msghdr+0x5be/0x890 [ 542.277352][T14869] get_compat_msghdr+0x108/0x270 [ 542.282273][T14869] do_recvmmsg+0xa6a/0x1ee0 [ 542.286759][T14869] __sys_recvmmsg+0x4ca/0x510 [ 542.291416][T14869] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 542.297470][T14869] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 542.303607][T14869] __do_fast_syscall_32+0x2aa/0x400 [ 542.308787][T14869] do_fast_syscall_32+0x6b/0xd0 [ 542.313619][T14869] do_SYSENTER_32+0x73/0x90 [ 542.318103][T14869] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 542.324403][T14869] [ 542.326711][T14869] Uninit was stored to memory at: [ 542.331738][T14869] kmsan_internal_chain_origin+0xad/0x130 [ 542.337439][T14869] __msan_chain_origin+0x50/0x90 [ 542.342365][T14869] __get_compat_msghdr+0x5be/0x890 [ 542.347459][T14869] get_compat_msghdr+0x108/0x270 [ 542.352380][T14869] do_recvmmsg+0xa6a/0x1ee0 [ 542.356866][T14869] __sys_recvmmsg+0x4ca/0x510 [ 542.361522][T14869] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 542.367568][T14869] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 542.373703][T14869] __do_fast_syscall_32+0x2aa/0x400 [ 542.378894][T14869] do_fast_syscall_32+0x6b/0xd0 [ 542.383732][T14869] do_SYSENTER_32+0x73/0x90 [ 542.388219][T14869] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 542.394520][T14869] [ 542.396830][T14869] Local variable ----msg_sys@do_recvmmsg created at: [ 542.403486][T14869] do_recvmmsg+0xc5/0x1ee0 [ 542.407885][T14869] do_recvmmsg+0xc5/0x1ee0 01:53:03 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, 0x0, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:53:03 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(sha224-generic)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) 01:53:03 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) shutdown(r0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000000080), 0x72a, 0x0, 0x0) 01:53:03 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r1 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r1) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:03 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:53:03 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0x2402, 0x0) 01:53:03 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(sha224-generic)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) 01:53:03 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:53:03 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) shutdown(r0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000000080), 0x72a, 0x0, 0x0) 01:53:04 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, 0x0, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:53:04 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:04 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r1 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r1) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:04 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(sha224-generic)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x68}}, 0x0) 01:53:04 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) [ 544.892036][T14919] kvm: pic: single mode not supported 01:53:04 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, 0x0, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) [ 544.892054][T14919] kvm: pic: level sensitive irq not supported [ 544.991553][T14919] kvm: pic: level sensitive irq not supported [ 545.041117][T14919] kvm: pic: single mode not supported 01:53:04 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r1 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r1) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) [ 545.111145][T14919] kvm: pic: level sensitive irq not supported 01:53:04 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(sha224-generic)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x68}}, 0x0) 01:53:04 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) shutdown(r0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000000080), 0x72a, 0x0, 0x0) [ 545.160754][T14919] kvm: pic: single mode not supported 01:53:04 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) [ 545.238606][T14919] kvm: pic: level sensitive irq not supported [ 545.294238][T14919] kvm: pic: single mode not supported [ 545.339231][T14919] kvm: pic: level sensitive irq not supported [ 545.373528][T14919] kvm: pic: single mode not supported [ 545.404217][T14919] kvm: pic: level sensitive irq not supported [ 545.449995][T14919] kvm: pic: single mode not supported [ 545.484782][T14919] kvm: pic: level sensitive irq not supported 01:53:05 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000), &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) [ 545.532460][T14919] kvm: pic: single mode not supported [ 545.587330][T14919] kvm: pic: level sensitive irq not supported 01:53:05 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(0x0, 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:05 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(sha224-generic)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x68}}, 0x0) 01:53:05 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:05 executing program 3: setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:53:05 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) shutdown(r0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000000080), 0x72a, 0x0, 0x0) [ 545.649653][T14919] kvm: pic: single mode not supported [ 546.293359][T14963] kvm: pic: single mode not supported 01:53:06 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x7f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = epoll_create1(0x0) poll(&(0x7f0000000000)=[{r0}], 0x1, 0xfffffffffffffff8) dup2(0xffffffffffffffff, 0xffffffffffffffff) tkill(0x0, 0x0) 01:53:06 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(0x0, 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) [ 546.298978][T14963] kvm: pic: level sensitive irq not supported 01:53:06 executing program 3: setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) [ 546.449650][T14963] kvm: pic: level sensitive irq not supported 01:53:06 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:06 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) shutdown(r0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000000080), 0x72a, 0x0, 0x0) 01:53:06 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000), &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:53:06 executing program 3: setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:53:06 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(0x0, 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:06 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:06 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:53:07 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) shutdown(r0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000000080), 0x72a, 0x0, 0x0) 01:53:07 executing program 4: r0 = socket$inet(0x2, 0x802, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000eedffc)=0x7c4, 0x4) setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000000040)=0x800003fa, 0x4) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000514ff0)={0x2, 0x4e22, @empty}, 0x10) recvfrom$inet(r0, 0x0, 0x0, 0x2000, 0x0, 0x0) 01:53:07 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000), &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) [ 546.505227][T14963] kvm: pic: single mode not supported [ 548.202743][T15008] not chained 1090000 origins [ 548.212827][T15008] CPU: 0 PID: 15008 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 548.221496][T15008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 548.231543][T15008] Call Trace: [ 548.234836][T15008] dump_stack+0x1df/0x240 [ 548.239159][T15008] kmsan_internal_chain_origin+0x6f/0x130 [ 548.244870][T15008] ? __skb_wait_for_more_packets+0x770/0x770 [ 548.250840][T15008] ? skb_recv_datagram+0x3ec/0x480 [ 548.255939][T15008] ? kmsan_get_metadata+0x4f/0x180 [ 548.261037][T15008] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 548.266831][T15008] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 548.272886][T15008] ? bt_sock_recvmsg+0x564/0xa00 [ 548.277808][T15008] ? kmsan_get_metadata+0x4f/0x180 [ 548.282903][T15008] ? kmsan_set_origin_checked+0x95/0xf0 [ 548.288433][T15008] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 548.294499][T15008] ? _copy_from_user+0x15b/0x260 [ 548.299423][T15008] ? kmsan_get_metadata+0x4f/0x180 [ 548.304518][T15008] __msan_chain_origin+0x50/0x90 [ 548.309450][T15008] __get_compat_msghdr+0x5be/0x890 [ 548.314562][T15008] get_compat_msghdr+0x108/0x270 [ 548.319491][T15008] do_recvmmsg+0xa6a/0x1ee0 [ 548.324002][T15008] ? kmsan_get_metadata+0x4f/0x180 [ 548.329100][T15008] ? kmsan_internal_set_origin+0x75/0xb0 [ 548.334719][T15008] ? __msan_poison_alloca+0xf0/0x120 [ 548.339992][T15008] ? __sys_recvmmsg+0xb4/0x510 [ 548.344840][T15008] ? __sys_recvmmsg+0xb4/0x510 [ 548.349592][T15008] ? kmsan_get_metadata+0x11d/0x180 [ 548.354779][T15008] __sys_recvmmsg+0x4ca/0x510 [ 548.359450][T15008] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 548.365506][T15008] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 548.371731][T15008] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 548.377871][T15008] __do_fast_syscall_32+0x2aa/0x400 [ 548.383063][T15008] do_fast_syscall_32+0x6b/0xd0 [ 548.387906][T15008] do_SYSENTER_32+0x73/0x90 [ 548.392396][T15008] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 548.398703][T15008] RIP: 0023:0xf7fd4549 [ 548.402773][T15008] Code: Bad RIP value. [ 548.406822][T15008] RSP: 002b:00000000f5dcf0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 548.415222][T15008] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000080 [ 548.423181][T15008] RDX: 000000000000072a RSI: 0000000000000000 RDI: 0000000000000000 [ 548.431136][T15008] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 548.439090][T15008] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 548.447145][T15008] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 548.455110][T15008] Uninit was stored to memory at: [ 548.460119][T15008] kmsan_internal_chain_origin+0xad/0x130 [ 548.465821][T15008] __msan_chain_origin+0x50/0x90 [ 548.470742][T15008] __get_compat_msghdr+0x5be/0x890 [ 548.475838][T15008] get_compat_msghdr+0x108/0x270 [ 548.480764][T15008] do_recvmmsg+0xa6a/0x1ee0 [ 548.485249][T15008] __sys_recvmmsg+0x4ca/0x510 [ 548.489906][T15008] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 548.496040][T15008] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 548.502177][T15008] __do_fast_syscall_32+0x2aa/0x400 [ 548.507357][T15008] do_fast_syscall_32+0x6b/0xd0 [ 548.512193][T15008] do_SYSENTER_32+0x73/0x90 [ 548.516687][T15008] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 548.522988][T15008] [ 548.525297][T15008] Uninit was stored to memory at: [ 548.530307][T15008] kmsan_internal_chain_origin+0xad/0x130 [ 548.536008][T15008] __msan_chain_origin+0x50/0x90 [ 548.540941][T15008] __get_compat_msghdr+0x5be/0x890 [ 548.546036][T15008] get_compat_msghdr+0x108/0x270 [ 548.550957][T15008] do_recvmmsg+0xa6a/0x1ee0 [ 548.555444][T15008] __sys_recvmmsg+0x4ca/0x510 [ 548.560101][T15008] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 548.566148][T15008] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 548.572282][T15008] __do_fast_syscall_32+0x2aa/0x400 [ 548.577463][T15008] do_fast_syscall_32+0x6b/0xd0 [ 548.582295][T15008] do_SYSENTER_32+0x73/0x90 [ 548.586779][T15008] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 548.593079][T15008] [ 548.595387][T15008] Uninit was stored to memory at: [ 548.600392][T15008] kmsan_internal_chain_origin+0xad/0x130 [ 548.606091][T15008] __msan_chain_origin+0x50/0x90 [ 548.611013][T15008] __get_compat_msghdr+0x5be/0x890 [ 548.616105][T15008] get_compat_msghdr+0x108/0x270 [ 548.621022][T15008] do_recvmmsg+0xa6a/0x1ee0 [ 548.625507][T15008] __sys_recvmmsg+0x4ca/0x510 [ 548.630165][T15008] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 548.636225][T15008] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 548.642363][T15008] __do_fast_syscall_32+0x2aa/0x400 [ 548.647542][T15008] do_fast_syscall_32+0x6b/0xd0 [ 548.652373][T15008] do_SYSENTER_32+0x73/0x90 [ 548.656858][T15008] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 548.663166][T15008] [ 548.665494][T15008] Uninit was stored to memory at: [ 548.670520][T15008] kmsan_internal_chain_origin+0xad/0x130 [ 548.676239][T15008] __msan_chain_origin+0x50/0x90 [ 548.681166][T15008] __get_compat_msghdr+0x5be/0x890 [ 548.686264][T15008] get_compat_msghdr+0x108/0x270 [ 548.691196][T15008] do_recvmmsg+0xa6a/0x1ee0 [ 548.695685][T15008] __sys_recvmmsg+0x4ca/0x510 [ 548.700343][T15008] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 548.706392][T15008] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 548.712530][T15008] __do_fast_syscall_32+0x2aa/0x400 [ 548.717713][T15008] do_fast_syscall_32+0x6b/0xd0 [ 548.722558][T15008] do_SYSENTER_32+0x73/0x90 [ 548.727042][T15008] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 548.733342][T15008] [ 548.735651][T15008] Uninit was stored to memory at: [ 548.740660][T15008] kmsan_internal_chain_origin+0xad/0x130 [ 548.746358][T15008] __msan_chain_origin+0x50/0x90 [ 548.751302][T15008] __get_compat_msghdr+0x5be/0x890 [ 548.756399][T15008] get_compat_msghdr+0x108/0x270 [ 548.761319][T15008] do_recvmmsg+0xa6a/0x1ee0 [ 548.765803][T15008] __sys_recvmmsg+0x4ca/0x510 [ 548.770462][T15008] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 548.776511][T15008] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 548.782646][T15008] __do_fast_syscall_32+0x2aa/0x400 [ 548.787828][T15008] do_fast_syscall_32+0x6b/0xd0 [ 548.792659][T15008] do_SYSENTER_32+0x73/0x90 [ 548.797143][T15008] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 548.803445][T15008] [ 548.805753][T15008] Uninit was stored to memory at: [ 548.810775][T15008] kmsan_internal_chain_origin+0xad/0x130 [ 548.816486][T15008] __msan_chain_origin+0x50/0x90 [ 548.821432][T15008] __get_compat_msghdr+0x5be/0x890 [ 548.826540][T15008] get_compat_msghdr+0x108/0x270 [ 548.831463][T15008] do_recvmmsg+0xa6a/0x1ee0 [ 548.835955][T15008] __sys_recvmmsg+0x4ca/0x510 [ 548.840636][T15008] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 548.846775][T15008] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 548.852917][T15008] __do_fast_syscall_32+0x2aa/0x400 [ 548.858104][T15008] do_fast_syscall_32+0x6b/0xd0 [ 548.862942][T15008] do_SYSENTER_32+0x73/0x90 [ 548.867437][T15008] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 548.873740][T15008] [ 548.876053][T15008] Uninit was stored to memory at: [ 548.881065][T15008] kmsan_internal_chain_origin+0xad/0x130 [ 548.886780][T15008] __msan_chain_origin+0x50/0x90 [ 548.891705][T15008] __get_compat_msghdr+0x5be/0x890 [ 548.896798][T15008] get_compat_msghdr+0x108/0x270 [ 548.901718][T15008] do_recvmmsg+0xa6a/0x1ee0 [ 548.906204][T15008] __sys_recvmmsg+0x4ca/0x510 [ 548.910862][T15008] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 548.916916][T15008] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 548.923052][T15008] __do_fast_syscall_32+0x2aa/0x400 [ 548.928233][T15008] do_fast_syscall_32+0x6b/0xd0 [ 548.933066][T15008] do_SYSENTER_32+0x73/0x90 [ 548.937555][T15008] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 548.943853][T15008] [ 548.946162][T15008] Local variable ----msg_sys@do_recvmmsg created at: [ 548.952820][T15008] do_recvmmsg+0xc5/0x1ee0 [ 548.957221][T15008] do_recvmmsg+0xc5/0x1ee0 01:53:08 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:53:08 executing program 4: r0 = open(&(0x7f00000000c0)='./bus\x00', 0x1031fe, 0x0) write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="64ff4d436a"], 0x1f) r1 = getpgid(0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r2, 0x2007fff) sendfile(r0, r0, &(0x7f00000001c0), 0x8080fffffffe) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8000fffffffe) creat(&(0x7f0000000100)='./bus\x00', 0x0) 01:53:09 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:09 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:53:09 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 549.786287][ T33] audit: type=1804 audit(1595296389.364:538): pid=15034 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir006967905/syzkaller.ixiaIF/148/bus" dev="sda1" ino=16004 res=1 [ 550.017095][ T33] audit: type=1804 audit(1595296389.474:539): pid=15036 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir006967905/syzkaller.ixiaIF/148/bus" dev="sda1" ino=16004 res=1 [ 550.041749][ T33] audit: type=1804 audit(1595296389.544:540): pid=15034 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir006967905/syzkaller.ixiaIF/148/bus" dev="sda1" ino=16004 res=1 01:53:09 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r1, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:53:09 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x0, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) [ 550.066977][ T33] audit: type=1804 audit(1595296389.544:541): pid=15034 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir006967905/syzkaller.ixiaIF/148/bus" dev="sda1" ino=16004 res=1 [ 550.091472][ T33] audit: type=1804 audit(1595296389.584:542): pid=15037 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir464762773/syzkaller.XcQLtJ/232/bus" dev="sda1" ino=16291 res=1 01:53:09 executing program 4: r0 = open(&(0x7f00000000c0)='./bus\x00', 0x1031fe, 0x0) write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="64ff4d436a"], 0x1f) r1 = getpgid(0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r2, 0x2007fff) sendfile(r0, r0, &(0x7f00000001c0), 0x8080fffffffe) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x8000fffffffe) creat(&(0x7f0000000100)='./bus\x00', 0x0) 01:53:09 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:09 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) shutdown(r0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000000080), 0x72a, 0x0, 0x0) [ 550.412918][T15041] pic_ioport_write: 14 callbacks suppressed [ 550.412934][T15041] kvm: pic: single mode not supported [ 550.420982][T15041] kvm: pic: single mode not supported [ 550.486327][T15041] kvm: pic: single mode not supported 01:53:10 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x0, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) [ 550.512455][T15041] kvm: pic: single mode not supported [ 550.549282][T15041] kvm: pic: single mode not supported [ 550.601964][T15041] kvm: pic: single mode not supported [ 550.656382][T15041] kvm: pic: single mode not supported [ 550.741344][T15041] kvm: pic: single mode not supported [ 550.863407][T15041] kvm: pic: single mode not supported [ 550.902202][T15041] kvm: pic: single mode not supported [ 550.912488][ T33] audit: type=1804 audit(1595296390.274:543): pid=15057 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir464762773/syzkaller.XcQLtJ/233/bus" dev="sda1" ino=15754 res=1 [ 550.942956][ T33] audit: type=1804 audit(1595296390.284:544): pid=15056 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir006967905/syzkaller.ixiaIF/149/bus" dev="sda1" ino=15745 res=1 [ 550.968025][ T33] audit: type=1804 audit(1595296390.374:545): pid=15061 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir006967905/syzkaller.ixiaIF/149/bus" dev="sda1" ino=15745 res=1 01:53:10 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:11 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x0, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:53:11 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r1, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:53:11 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:11 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) shutdown(r0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000080), 0x72a, 0x0, 0x0) 01:53:11 executing program 4: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000005c0)="665307031dc518cd3a5dffcfe60b582f59", 0x11}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1f) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78}, 0x78) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 551.778706][ T33] audit: type=1804 audit(1595296391.354:546): pid=15082 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir464762773/syzkaller.XcQLtJ/234/bus" dev="sda1" ino=16383 res=1 01:53:11 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) shutdown(r0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000080), 0x72a, 0x0, 0x0) 01:53:11 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, 0x0, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) [ 552.031325][T15088] ptrace attach of "/root/syz-executor.4"[15087] was attempted by "/root/syz-executor.4"[15088] 01:53:11 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r2, &(0x7f0000001fc0)=ANY=[@ANYBLOB="0000010000000000000060a5c2680008"], 0xfca) 01:53:11 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x10, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:11 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:12 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) shutdown(r0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000080), 0x72a, 0x0, 0x0) 01:53:12 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, 0x0, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:53:12 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r1, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:53:12 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x10, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:12 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:12 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) shutdown(r0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, 0x0, 0x0, 0x0, 0x0) 01:53:12 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, 0x0, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:53:13 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x10, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:13 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) shutdown(r0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, 0x0, 0x0, 0x0, 0x0) 01:53:13 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) semctl$SETALL(0x0, 0x0, 0x10, 0x0) 01:53:13 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:13 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) shutdown(r0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r0, 0x0, 0x0, 0x0, 0x0) 01:53:13 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:53:13 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r1, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:53:13 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, 0xffffffffffffffff, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:13 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r2, &(0x7f0000001fc0)=ANY=[@ANYBLOB="0000010000000000000060a5c268002806"], 0xfca) 01:53:14 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:53:14 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf2827f0000431ca711fcd0cdfa146ec56175037958e271f60d25b7937f02008b5e5a076d83923dd29c034055b67dafe6c8dc3d5d78c07f34e4d5b318e2ec0efd49897a74a0091ff110026e6d2ef831ab7ea0c34f17e3ad6ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a2d7cbdb9cd38bdb2caa0a777c8c9bddf3f66ea048b8eeb9c15ab3a14817ac61e4dd11183a13477bf7e060e3670ef0e789f65f1328d6704902cbe7bc04b82d2239cb132b8667c21476619f28d9961b63e1a9cf6c2a660a17e3c184b751c51160fbcbbf35b1e7be6148ba532e6c346dfebd31a08b32808b80200000000000000334d83239dd27080e71113610e10d858e8327ef01fb6c86adac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f6c5a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697a6ea0182babc18cae2ed4b4390af9a9ceafd07ed00b0000002cab154ad029a119ca3c97278087001460f7cf5ef5ecdd65ede8d799018fc043a6560fc12c26694dc05f3ee22feea1834ddbda7f4226a1f280b75d279afeabe0839c50851ffded7714dc486acf373a8268f99d0bd888a06070de197afe04811865d22fc9b20313c1a3f0cfca02cf3fad3ec124d0f0843b804a4051e282b89c7f6f6647c5faf864b1c7f43748e5a54367bfbca875a3523edaece4c8e95d548fcf3d3e00ee8080c307acfb54fb01d2981499651bc2a3df822179fd3c27655c2557d2f58f1c2b3b0b96d65ea161ac967d123d18925d2bf499010092e64850ada201d7d3c9d2e1a21d9f4fe61bbfef6030959a53f5010ab906a9c23f0845e5b2d2ed565b67c9d30677d8faf793c5ca6563edecbfaccbf11ee8b5f7c2d592ef89cd42f6fec52ececfc1d60bb40000000000004000ab0a3fb6fa0da10d8675739cf54e02b90fed8e988a8907847b80a1d05c231cb3b59ce44c9c5043f2a412cb1459a1111a04853f62882d2a79150c3889993f029654a4b93b9c10eb6441b7665d4587ffcb638ae934aa152c6b858c50a9743a80b96033deb108c8b3457e55fff1f285c8f5b928a8e26b6312d733cd70aa642ea8fce7d044c35d5c03eaca1c0676eeb62f1f00001dd67460cd276f4f83ae5ff78f008647d88a033bae6b800ccad650568164fcf0200900000000000000ab55bc0f343580f1c8059a716e70734e46285ad94171c2c3b56b507d8a6eafada7eaff41f63634b8b2436cb2fb807987d1093807383dab84ab28461085d67ac5940e3f3bfe39bb5e4b27360c"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x2b, 0xfffffffffffffe7f, &(0x7f0000000500)="b9ff0300600d698cb89e14f008001fffffff1d004000630677fbac14140de934a0a662079f4b4d2f87e5feca6aab845013f2325f1a39010108038da1924425181aa5", 0x0, 0x100, 0x60000000, 0x0, 0xfffffffffffffe09}, 0x28) 01:53:14 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, 0xffffffffffffffff, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:14 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:14 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r1, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:53:15 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, 0xffffffffffffffff, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:15 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:53:15 executing program 4: bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0xe, 0x4, 0x4, 0x2000798b, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x40) 01:53:15 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:15 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:53:15 executing program 2: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 01:53:15 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:15 executing program 4: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000002540)={0x2, 0x0, [{0x0, 0x17, &(0x7f00000000c0)=""/23}, {0x0, 0x1000, &(0x7f0000001540)=""/4096}]}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af30, &(0x7f0000000080)=ANY=[]) 01:53:15 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:16 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r1, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:53:16 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:53:16 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000001280)='cpuset\x00') socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0x80000000) 01:53:16 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:16 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:16 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:16 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:53:16 executing program 4: r0 = socket$inet6(0xa, 0x80003, 0x7) connect$inet6(r0, &(0x7f0000000040), 0x1c) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r0, 0x29, 0x37, &(0x7f0000000000), 0x8) sendmmsg(r0, &(0x7f00000092c0), 0x3fffffffffffe9f, 0x0) 01:53:17 executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf2827f0000431ca711fcd0cdfa146ec56175037958e271f60d25b7937f02008b5e5a076d83923dd29c034055b67dafe6c8dc3d5d78c07f34e4d5b318e2ec0efd49897a74a0091ff110026e6d2ef831ab7ea0c34f17e3ad6ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a2d7cbdb9cd38bdb2caa0a777c8c9bddf3f66ea048b8eeb9c15ab3a14817ac61e4dd11183a13477bf7e060e3670ef0e789f65f1328d6704902cbe7bc04b82d2239cb132b8667c21476619f28d9961b63e1a9cf6c2a660a17e3c184b751c51160fbcbbf35b1e7be6148ba532e6c346dfebd31a08b32808b80200000000000000334d83239dd27080e71113610e10d858e8327ef01fb6c86adac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f6c5a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697a6ea0182babc18cae2ed4b4390af9a9ceafd07ed00b0000002cab154ad029a119ca3c97278087001460f7cf5ef5ecdd65ede8d799018fc043a6560fc12c26694dc05f3ee22feea1834ddbda7f4226a1f280b75d279afeabe0839c50851ffded7714dc486acf373a8268f99d0bd888a06070de197afe04811865d22fc9b20313c1a3f0cfca02cf3fad3ec124d0f0843b804a4051e282b89c7f6f6647c5faf864b1c7f43748e5a54367bfbca875a3523edaece4c8e95d548fcf3d3e00ee8080c307acfb54fb01d2981499651bc2a3df822179fd3c27655c2557d2f58f1c2b3b0b96d65ea161ac967d123d18925d2bf499010092e64850ada201d7d3c9d2e1a21d9f4fe61bbfef6030959a53f5010ab906a9c23f0845e5b2d2ed565b67c9d30677d8faf793c5ca6563edecbfaccbf11ee8b5f7c2d592ef89cd42f6fec52ececfc1d60bb40000000000004000ab0a3fb6fa0da10d8675739cf54e02b90fed8e988a8907847b80a1d05c231cb3b59ce44c9c5043f2a412cb1459a1111a04853f62882d2a79150c3889993f029654a4b93b9c10eb6441b7665d4587ffcb638ae934aa152c6b858c50a9743a80b96033deb108c8b3457e55fff1f285c8f5b928a8e26b6312d733cd70aa642ea8fce7d044c35d5c03eaca1c0676eeb62f1f00001dd67460cd276f4f83ae5ff78f008647d88a033bae6b800ccad650568164fcf0200900000000000000ab55bc0f343580f1c8059a716e70734e46285ad94171c2c3b56b507d8a6eafada7eaff41f63634b8b2436cb2fb807987d1093807383dab84ab28461085d67ac5940e3f3bfe39bb5e4b27360c"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x2b, 0xfffffffffffffe7f, &(0x7f0000000500)="b9ff0300600d698cb89e14f008001fffffff1d004000630477fbac14140de934a0a662079f4b4d2f87e5feca6aab845013f2325f1a39010108038da1924425181aa5", 0x0, 0x100, 0x60000000, 0x0, 0xfffffffffffffe09}, 0x28) 01:53:17 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:17 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x0, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:53:17 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:17 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, 0x0, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:53:17 executing program 2: sched_setscheduler(0x0, 0x5, &(0x7f0000000100)) r0 = socket(0x11, 0x80802, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(r0, 0x8953, &(0x7f0000000500)={@ipv4={[], [], @initdev={0xac, 0x1e, 0x0, 0x0}}}) 01:53:17 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x0, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:53:17 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, 0x0, 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:18 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:18 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, 0x0, 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:18 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x0, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:53:19 executing program 4: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) pipe2(0x0, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) fcntl$setownex(0xffffffffffffffff, 0xf, 0x0) getrandom(&(0x7f0000001200)=""/4129, 0x1021, 0x0) setsockopt$inet_group_source_req(r0, 0x0, 0x0, 0x0, 0x0) 01:53:19 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, 0x0, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:53:19 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:19 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, 0x0, 0x0) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:53:19 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, 0x0, 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:19 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000180)={0x0, 0xea60}, 0x10) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = dup(r0) sendmsg$NL80211_CMD_SET_REG(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) 01:53:19 executing program 2: pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$char_raw(r0, 0x0, 0x0) 01:53:19 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, 0x0, 0x0) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:53:19 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:19 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:20 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, 0x0, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:53:20 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000180)={0x0, 0xea60}, 0x10) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = dup(r0) sendmsg$NL80211_CMD_SET_REG(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) 01:53:20 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, 0x0, 0x0) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:53:20 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:20 executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf2827f0000431ca711fcd0cdfa146ec56175037958e271f60d25b7937f02008b5e5a076d83923dd29c034055b67dafe6c8dc3d5d78c07f34e4d5b318e2ec0efd49897a74a0091ff110026e6d2ef831ab7ea0c34f17e3ad6ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a2d7cbdb9cd38bdb2caa0a777c8c9bddf3f66ea048b8eeb9c15ab3a14817ac61e4dd11183a13477bf7e060e3670ef0e789f65f1328d6704902cbe7bc04b82d2239cb132b8667c21476619f28d9961b63e1a9cf6c2a660a17e3c184b751c51160fbcbbf35b1e7be6148ba532e6c346dfebd31a08b32808b80200000000000000334d83239dd27080e71113610e10d858e8327ef01fb6c86adac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f6c5a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697a6ea0182babc18cae2ed4b4390af9a9ceafd07ed00b0000002cab154ad029a119ca3c97278087001460f7cf5ef5ecdd65ede8d799018fc043a6560fc12c26694dc05f3ee22feea1834ddbda7f4226a1f280b75d279afeabe0839c50851ffded7714dc486acf373a8268f99d0bd888a06070de197afe04811865d22fc9b20313c1a3f0cfca02cf3fad3ec124d0f0843b804a4051e282b89c7f6f6647c5faf864b1c7f43748e5a54367bfbca875a3523edaece4c8e95d548fcf3d3e00ee8080c307acfb54fb01d2981499651bc2a3df822179fd3c27655c2557d2f58f1c2b3b0b96d65ea161ac967d123d18925d2bf499010092e64850ada201d7d3c9d2e1a21d9f4fe61bbfef6030959a53f5010ab906a9c23f0845e5b2d2ed565b67c9d30677d8faf793c5ca6563edecbfaccbf11ee8b5f7c2d592ef89cd42f6fec52ececfc1d60bb40000000000004000ab0a3fb6fa0da10d8675739cf54e02b90fed8e988a8907847b80a1d05c231cb3b59ce44c9c5043f2a412cb1459a1111a04853f62882d2a79150c3889993f029654a4b93b9c10eb6441b7665d4587ffcb638ae934aa152c6b858c50a9743a80b96033deb108c8b3457e55fff1f285c8f5b928a8e26b6312d733cd70aa642ea8fce7d044c35d5c03eaca1c0676eeb62f1f00001dd67460cd276f4f83ae5ff78f008647d88a033bae6b800ccad650568164fcf0200900000000000000ab55bc0f343580f1c8059a716e70734e46285ad94171c2c3b56b507d8a6eafada7eaff41f63634b8b2436cb2fb807987d1093807383dab84ab28461085d67ac5940e3f3bfe39bb5e4b27360c"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x2b, 0xfffffffffffffe7f, &(0x7f0000000500)="b9ff0300600d698cb89e14f008001fffffff1d004000632f77fbac14140de934a0a662079f4b4d2f87e5feca6aab845013f2325f1a39010108038da1924425181aa5", 0x0, 0x100, 0x60000000, 0x0, 0xfffffffffffffe09}, 0x28) 01:53:20 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:20 executing program 4: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001440)={0x4, 0x0, [{0x4, 0xeb, &(0x7f0000000000)=""/235}, {0x1000, 0xec, &(0x7f0000000140)=""/236}, {0x3000, 0xe3, &(0x7f0000000240)=""/227}, {0x0, 0xe0, &(0x7f0000001340)=""/224}]}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000080)=ANY=[]) 01:53:21 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:53:21 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:21 executing program 2: 01:53:21 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:53:21 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:53:21 executing program 4: 01:53:21 executing program 2: 01:53:21 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:21 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:21 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:53:22 executing program 2: 01:53:22 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:53:22 executing program 4: pipe2$9p(&(0x7f0000000a40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) close(r0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket(0xa, 0x2, 0x0) setsockopt$inet_int(r2, 0x0, 0x8, &(0x7f0000000040)=0xd3, 0x4) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000100)={0x0, @rand_addr, @initdev}, &(0x7f0000000180)=0xc) bind$packet(r1, &(0x7f0000000000)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @local}, 0x14) sendmsg$TIPC_NL_BEARER_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 01:53:22 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:22 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:22 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:53:22 executing program 2: r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9c12) write$P9_RREADLINK(0xffffffffffffffff, 0x0, 0x0) unlink(&(0x7f0000000680)='./file0\x00') setxattr$trusted_overlay_nlink(&(0x7f00000001c0)='./file2/file0\x00', 0x0, 0x0, 0x0, 0x0) 01:53:22 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:53:22 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:22 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:53:22 executing program 4: 01:53:22 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:23 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:53:23 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:53:23 executing program 4: 01:53:23 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:23 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:53:23 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:24 executing program 2: 01:53:24 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x0, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:53:24 executing program 4: 01:53:24 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:53:24 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:24 executing program 4: 01:53:24 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x0, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:53:24 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:24 executing program 2: 01:53:24 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, 0x0, 0x0) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:53:24 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:24 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x0, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xbcba3526408cfb77) 01:53:24 executing program 4: 01:53:25 executing program 2: 01:53:25 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, 0x0, 0x0) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:53:25 executing program 4: 01:53:25 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, 0x0, &(0x7f0000001000)) 01:53:25 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:25 executing program 2: 01:53:25 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:25 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, 0x0, 0x0) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:53:25 executing program 4: 01:53:25 executing program 2: 01:53:25 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, 0x0, &(0x7f0000001000)) [ 566.307092][T15509] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 566.315338][T15509] ref_ctr decrement failed for inode: 0x3fe4 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000e05f282b [ 566.383459][T15509] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 566.391673][T15509] ref_ctr decrement failed for inode: 0x3fe4 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000e05f282b 01:53:26 executing program 4: 01:53:26 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 01:53:26 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:26 executing program 2: 01:53:26 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, 0x0, &(0x7f0000001000)) 01:53:26 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100), 0x0) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:53:26 executing program 4: [ 567.122553][T15529] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 567.130925][T15529] ref_ctr decrement failed for inode: 0x3ffc offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000935224ff 01:53:26 executing program 2: 01:53:26 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 567.246870][T15529] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 567.255299][T15529] ref_ctr decrement failed for inode: 0x3ffc offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000935224ff 01:53:26 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, 0x0) 01:53:27 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100), 0x0) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:53:27 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:27 executing program 4: 01:53:27 executing program 2: 01:53:27 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, 0x0) 01:53:27 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 01:53:27 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100), 0x0) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:53:27 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:27 executing program 4: 01:53:27 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0xfd89) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x3, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, 0x0) 01:53:27 executing program 2: 01:53:28 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:28 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{0x0}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:53:28 executing program 2: 01:53:28 executing program 4: 01:53:28 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:28 executing program 3: [ 568.847845][T15575] pic_ioport_write: 28 callbacks suppressed [ 568.847862][T15575] kvm: pic: single mode not supported [ 568.847888][T15575] pic_ioport_write: 16 callbacks suppressed 01:53:28 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{0x0}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) [ 568.847906][T15575] kvm: pic: level sensitive irq not supported 01:53:28 executing program 2: [ 569.122167][T15575] kvm: pic: level sensitive irq not supported [ 569.171145][T15575] kvm: pic: single mode not supported 01:53:28 executing program 4: 01:53:28 executing program 3: [ 569.188769][T15575] kvm: pic: level sensitive irq not supported [ 569.263780][T15575] kvm: pic: single mode not supported [ 569.294970][T15575] kvm: pic: level sensitive irq not supported [ 569.329218][T15575] kvm: pic: single mode not supported [ 569.352996][T15575] kvm: pic: level sensitive irq not supported [ 569.382774][T15575] kvm: pic: single mode not supported [ 569.416979][T15575] kvm: pic: level sensitive irq not supported 01:53:29 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:29 executing program 2: 01:53:29 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:29 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{0x0}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) 01:53:29 executing program 3: 01:53:29 executing program 4: 01:53:29 executing program 2: [ 569.457367][T15575] kvm: pic: single mode not supported [ 570.006247][T15596] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 570.020138][T15596] ref_ctr decrement failed for inode: 0x3ff7 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000420ddac6 01:53:29 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x0, 0x31, 0xffffffffffffffff, 0x0) [ 570.200290][T15596] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 570.209027][T15596] ref_ctr decrement failed for inode: 0x3ff7 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000420ddac6 01:53:29 executing program 4: 01:53:29 executing program 3: 01:53:30 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:30 executing program 2: 01:53:30 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:30 executing program 4: 01:53:30 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x0, 0x31, 0xffffffffffffffff, 0x0) 01:53:30 executing program 3: 01:53:30 executing program 2: 01:53:30 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:30 executing program 4: [ 571.049026][T15626] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 571.057446][T15626] ref_ctr decrement failed for inode: 0x3ff3 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000058030899 [ 571.206385][T15626] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 571.215201][T15626] ref_ctr decrement failed for inode: 0x3ff3 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000058030899 01:53:30 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x0, 0x31, 0xffffffffffffffff, 0x0) 01:53:30 executing program 3: 01:53:30 executing program 2: 01:53:30 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:31 executing program 4: 01:53:31 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:31 executing program 3: 01:53:31 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x10, 0xffffffffffffffff, 0x0) 01:53:31 executing program 2: 01:53:31 executing program 4: [ 571.918938][T15657] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 571.928174][T15657] ref_ctr decrement failed for inode: 0x3ff5 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000420ddac6 01:53:31 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 571.976174][T15657] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 571.984514][T15657] ref_ctr decrement failed for inode: 0x3ff5 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000420ddac6 01:53:31 executing program 3: 01:53:31 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x1) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:32 executing program 2: 01:53:32 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:32 executing program 4: 01:53:32 executing program 3: [ 572.688299][T15676] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 572.696703][T15676] ref_ctr decrement failed for inode: 0x3ff7 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000004fdb3157 01:53:32 executing program 2: [ 572.832879][T15676] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 572.841755][T15676] ref_ctr decrement failed for inode: 0x3ff7 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000004fdb3157 01:53:32 executing program 4: 01:53:32 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x10, 0xffffffffffffffff, 0x0) 01:53:32 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(0xffffffffffffffff, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r0, 0xae80, 0x0) 01:53:32 executing program 3: 01:53:32 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:32 executing program 2: 01:53:32 executing program 4: 01:53:33 executing program 3: 01:53:33 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(0xffffffffffffffff, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r0, 0xae80, 0x0) [ 573.552984][T15700] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 573.561401][T15700] ref_ctr decrement failed for inode: 0x3fff offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000010704351 01:53:33 executing program 2: 01:53:33 executing program 4: [ 573.709411][T15700] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 573.718315][T15700] ref_ctr decrement failed for inode: 0x3fff offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000010704351 01:53:33 executing program 3: 01:53:33 executing program 2: 01:53:33 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000080)={0x0}) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {r0}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/28, 0x4}], 0x1) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x10, 0xffffffffffffffff, 0x0) 01:53:33 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:33 executing program 4: 01:53:33 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(0xffffffffffffffff, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r0, 0xae80, 0x0) 01:53:34 executing program 2: 01:53:34 executing program 3: [ 574.530487][T15717] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 574.538641][T15717] ref_ctr decrement failed for inode: 0x4000 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce7d1fc2 01:53:34 executing program 4: [ 574.578459][T15717] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 574.586919][T15717] ref_ctr decrement failed for inode: 0x4000 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce7d1fc2 01:53:34 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r1, 0xae80, 0x0) 01:53:34 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:34 executing program 4: 01:53:34 executing program 3: 01:53:34 executing program 2: [ 575.196883][T15733] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 575.205387][T15733] ref_ctr decrement failed for inode: 0x3ff2 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce7d1fc2 [ 575.257229][T15733] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 575.265744][T15733] ref_ctr decrement failed for inode: 0x3ff2 offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce7d1fc2 01:53:35 executing program 3: 01:53:35 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r1, 0xae80, 0x0) 01:53:35 executing program 4: 01:53:35 executing program 5: 01:53:35 executing program 2: 01:53:35 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2, 0x2812, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x2812, r1, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfd30) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) 01:53:35 executing program 3: 01:53:35 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r1, 0xae80, 0x0) 01:53:35 executing program 4: 01:53:35 executing program 5: 01:53:35 executing program 2: [ 576.201338][T15748] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 576.209497][T15748] ref_ctr decrement failed for inode: 0x3feb offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce7d1fc2 [ 576.292672][T15748] ref_ctr going negative. vaddr: 0x20002004, curr val: 0, delta: -1 [ 576.301059][T15748] ref_ctr decrement failed for inode: 0x3feb offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000ce7d1fc2 01:53:35 executing program 4: 01:53:35 executing program 3: 01:53:35 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:36 executing program 5: 01:53:36 executing program 2: 01:53:36 executing program 0: 01:53:36 executing program 4: 01:53:36 executing program 3: 01:53:36 executing program 5: 01:53:36 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:36 executing program 2: 01:53:36 executing program 0: 01:53:36 executing program 4: 01:53:36 executing program 3: 01:53:36 executing program 2: 01:53:36 executing program 5: 01:53:36 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:37 executing program 0: 01:53:37 executing program 4: 01:53:37 executing program 3: 01:53:37 executing program 2: 01:53:37 executing program 5: 01:53:37 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r1, 0xae80, 0x0) 01:53:37 executing program 0: 01:53:37 executing program 4: 01:53:37 executing program 3: 01:53:37 executing program 2: 01:53:37 executing program 5: 01:53:37 executing program 0: 01:53:37 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r1, 0xae80, 0x0) 01:53:38 executing program 4: 01:53:38 executing program 3: 01:53:38 executing program 2: 01:53:38 executing program 5: 01:53:38 executing program 0: 01:53:38 executing program 3: 01:53:38 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r1, 0xae80, 0x0) 01:53:38 executing program 2: 01:53:38 executing program 4: 01:53:38 executing program 5: 01:53:38 executing program 0: 01:53:38 executing program 3: 01:53:38 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:39 executing program 4: 01:53:39 executing program 2: 01:53:39 executing program 3: 01:53:40 executing program 5: 01:53:40 executing program 0: 01:53:40 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:40 executing program 3: 01:53:40 executing program 4: 01:53:40 executing program 2: 01:53:40 executing program 5: 01:53:40 executing program 0: 01:53:40 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:40 executing program 4: 01:53:40 executing program 3: 01:53:40 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x7}, 0x0) sched_setattr(0x0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000340)=""/87, 0x57}], 0x1}}, {{&(0x7f00000003c0)=@can, 0x80, &(0x7f0000000880)=[{&(0x7f0000002740)=""/4096, 0x1000}, {&(0x7f00000005c0)=""/68, 0x44}, {0x0}, {&(0x7f0000000ac0)=""/228, 0xe4}, {&(0x7f0000000780)=""/230, 0xe6}], 0x5}, 0xfffff64b}, {{&(0x7f0000000c40)=@in6={0xa, 0x0, 0x0, @initdev}, 0x80, 0x0, 0x0, &(0x7f0000000440)=""/92, 0x5c}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000002440)=""/79, 0x4f}, 0x2}, {{&(0x7f00000024c0)=@l2tp={0x2, 0x0, @local}, 0x80, 0x0, 0x0, &(0x7f00000047c0)=""/26, 0x1a}, 0x10000}], 0x5, 0x10000, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) mkdir(&(0x7f0000000740)='./file1\x00', 0x1a5) socket$inet(0x2, 0x803, 0xa0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$inet6(0xa, 0x2, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bsg\x00', 0x843, 0x0) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet(r4, &(0x7f00000010c0)=[{{&(0x7f00000000c0)={0x2, 0x4e21, @initdev}, 0x10, 0x0, 0x0, &(0x7f0000004b40)=ANY=[@ANYBLOB="1800000000000000ff06004a60ebef2c478a8eececab4c7c70e96d508f07fe3b04dc8cb2acd37913b1f73ab71d6dc45954a82057877482992d4182e0000002fec513d12adb64fe868b17ee10d2d603892ae97f2c182307050491e76079b7e99a6e319aad462f9691ba629a777fb5d0a0583b7ec4e36f08d215c2de67708a460a8a29bee41e9ec39b4bc291b928ef9f1b12e68f74ab829bfab487da47081184bf0d92f72e567b07f8112d75f25cfa60b42e5eafe40debd93f5c8843542ce87ccd81b56a7ae49a9d0500298ef7f9267d1200e11df000d9fa45e8a8dcbd98d41df16b4ebd66464d1e7f66e11a5463afc56cd9c3ffa277233a378e5c57f9d18aa6a0eee8e60f2627681241231afcffab6b767130120b75215596d1bc4fb6849874fabbd14fdf723522e65fa0c1c1598d101b737b6dd68457b0b8a034dd0c734ce4e7aab97628569897d804986838614b32e2eb83b4cd080277abb4862824672d7ef659a3c2b217d76be42e595d751d8dde26cecba021e627df1e13015900953b245c3db57fd510dffc9516e6456c9560e298785fe0f9d862f8000000000000b7f90b24202e00ed31748f8283765e1c604f179187f6113b17a1a679eea2c9a8f3ec78f787a020fcdc91fc1b4dc2394b3dc3bf0100000000000000dd5f4baa63f744982ebd6d1a0036e8231e1e5b2df58e0becaa25a3b6e863d4d30be7a1733342ce46adeafa2a6ca643ed1be45c869a8b4b69bd2d0f66c86835eda7b7223864276586b1eb282db29052c8463c09d239ee2aa3a97a170f7f3afa435df3b9b5d1be8527b5acdc7dea2c69bae4d8115fb6a7bc72e15045dd1d4654ba4bfffffffffffffffb36cacd0f0a25955257cac2fbe3b066a59b27df5fb6e122534b2cc6c8c298eaff0149aefd6cc9e559c485b2e9943ffb3414d8713f19009cd2d1c37f68137392f85f04d5791a8a3c2ac7c6e02662b86b577ceef4dcece714c2d5e781774d1aa0ff4e0a6dac6b7b09003a7de4c5d2b6a0124ab2cb83d197059dff5229a6a855a0319ab26e8049f1aec539292912f1d52cffad48cc180c8b082a78496675fb70e50d5184e704d5195a3a487c76145ffde841c0153a5ddbf52a70a63923b5868e5a439b40d359a99965f6cbfbb602e59143a21cf502d524dd1a0000000000000004009adae503c1a2c4f35964f1bc738adf9bff6c2edd8ba60be9f2dd79a0ba73b74c0ebb2d779856e31ab8083702be8173192f38f8edeaf1b05274f84576582d576828025a99d84eea9bb538e4eb5992028044f824137587056b928186aaf2114010d9c4bf39cd87997208c32b1df1a2ed39562630040c603fb5ceeb29c10520df223c4dace8e77345f7b9268af4550f1f6cbbd22c13dbdc602b9f746b293e99015fe0860f83398ce668489f3c7374bf71f755d9a5f51b430516bda0d0c639314a32f81c0858c2355bb680df793f57592b4e48d60f8a2c3faa3356c26fb689d9f4c3a0c1e8edc34073ffea7897e7456a1dfa315144d0bd89c27e2c912f82bc18361464a40802348f920f76a94cf3f102cf07d022ab6bbbb040ff7b2c7aaeb343bf9a401deab24827a5dba43d9a8f86c67542445cafe559021d78fdffebe8957caa6b122becf002068289cf96f5aa8c9dfd1e3687b5afa39e2f576f79c2a373341fb587d458b62b8f6e818b38df932f34bd26d2c66e9510eac33aec0e706be80367a91f71cafa3d645a4003c3dec4b0207e979842d59dbb8086651f57c2e8d44906889226f31b2ba7ac196a78c48f7ded2ddb8791cdc9ae0bfa3027bdf6a217666074b7d50e0b4d51debd0b9c27b5bb6639aeab43efb25177d0a35501643072d046b3b33cb23b8cc44685e9e0de65f6862da6666aea0199a9d6fe2e9887b0e88b5b01767dac4202f9b6468154eba92b411a5aaa55d167c4e3b0703369f75d5e6a6c757ea3532a31ea46abc169f7055497c79cedacde5e382a6028bf409f491963bf60c6de3fb38e669173655692c53d590eb2d56efa0aa2b2578fea58a3d3c503d7ac2dabb9bb1570f3cbb3191066ec50637db1bc1a020000000000000056a5576bcc42e65e98935d46249b97a59823495929e93412ea20459337c9ab0f854964e4ba267ae305b6ee39b47fd3f22af36f1f38f138d9a9913a4bea8da137ace2751f7604e77658cd6eb7ea421b94fbdf99f2cf0801d1de16dd4fa00d13d859e8d6afc5029a36ed522ea252f1fbb361f260e7e80604d71113a63f963526d2abdaf707f158db39b965bfb50a07f11b429c05af2348acb2ec61c06bcb82fa86c6a2c39b74fa0175b84e16553977f1fe1fdd00"/1665], 0x18}}], 0x1b1, 0x0) socket$inet(0x2, 0x0, 0x9) 01:53:41 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000180)='cgroup\x00', 0x0, 0x0) chdir(&(0x7f0000000040)='./file0/file0\x00') r0 = openat$cgroup_int(0xffffffffffffff9c, &(0x7f0000000080)='notify_on_release\x00', 0x2, 0x0) sendfile(r0, r0, 0x0, 0x8) 01:53:41 executing program 5: r0 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r0, &(0x7f0000001440), 0xfffffc41) socketpair$unix(0x1, 0x0, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) fadvise64(r0, 0x0, 0x0, 0x4) mlockall(0x0) 01:53:41 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:41 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x4e, &(0x7f00000000c0)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f100", 0x18, 0x3a, 0x0, @empty, @mcast2, {[], @mld={0x83, 0x0, 0x0, 0x0, 0x0, @mcast1}}}}}}, 0x0) 01:53:41 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) socket$inet(0x2, 0x803, 0xa0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet6(0xa, 0x2, 0x0) openat$bsg(0xffffffffffffff9c, 0x0, 0x843, 0x0) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet(r2, &(0x7f00000010c0)=[{{&(0x7f00000000c0)={0x2, 0x4e21, @initdev}, 0x10, 0x0, 0x0, &(0x7f0000004b40)=ANY=[@ANYBLOB="1800000000000000ff06004a60ebef2c478a8eececab4c7c70e96d508f07fe3b04dc8cb2acd37913b1f73ab71d6dc45954a82057877482992d4182e0000002fec513d12adb64fe868b17ee10d2d603892ae97f2c182307050491e76079b7e99a6e319aad462f9691ba629a777fb5d0a0583b7ec4e36f08d215c2de67708a460a8a29bee41e9ec39b4bc291b928ef9f1b12e68f74ab829bfab487da47081184bf0d92f72e567b07f8112d75f25cfa60b42e5eafe40debd93f5c8843542ce87ccd81b56a7ae49a9d0500298ef7f9267d1200e11df000d9fa45e8a8dcbd98d41df16b4ebd66464d1e7f66e11a5463afc56cd9c3ffa277233a378e5c57f9d18aa6a0eee8e60f2627681241231afcffab6b767130120b75215596d1bc4fb6849874fabbd14fdf723522e65fa0c1c1598d101b737b6dd68457b0b8a034dd0c734ce4e7aab97628569897d804986838614b32e2eb83b4cd080277abb4862824672d7ef659a3c2b217d76be42e595d751d8dde26cecba021e627df1e13015900953b245c3db57fd510dffc9516e6456c9560e298785fe0f9d862f8000000000000b7f90b24202e00ed31748f8283765e1c604f179187f6113b17a1a679eea2c9a8f3ec78f787a020fcdc91fc1b4dc2394b3dc3bf0100000000000000dd5f4baa63f744982ebd6d1a0036e8231e1e5b2df58e0becaa25a3b6e863d4d30be7a1733342ce46adeafa2a6ca643ed1be45c869a8b4b69bd2d0f66c86835eda7b7223864276586b1eb282db29052c8463c09d239ee2aa3a97a170f7f3afa435df3b9b5d1be8527b5acdc7dea2c69bae4d8115fb6a7bc72e15045dd1d4654ba4bfffffffffffffffb36cacd0f0a25955257cac2fbe3b066a59b27df5fb6e122534b2cc6c8c298eaff0149aefd6cc9e559c485b2e9943ffb3414d8713f19009cd2d1c37f68137392f85f04d5791a8a3c2ac7c6e02662b86b577ceef4dcece714c2d5e781774d1aa0ff4e0a6dac6b7b09003a7de4c5d2b6a0124ab2cb83d197059dff5229a6a855a0319ab26e8049f1aec539292912f1d52cffad48cc180c8b082a78496675fb70e50d5184e704d5195a3a487c76145ffde841c0153a5ddbf52a70a63923b5868e5a439b40d359a99965f6cbfbb602e59143a21cf502d524dd1a0000000000000004009adae503c1a2c4f35964f1bc738adf9bff6c2edd8ba60be9f2dd79a0ba73b74c0ebb2d779856e31ab8083702be8173192f38f8edeaf1b05274f84576582d576828025a99d84eea9bb538e4eb5992028044f824137587056b928186aaf2114010d9c4bf39cd87997208c32b1df1a2ed39562630040c603fb5ceeb29c10520df223c4dace8e77345f7b9268af4550f1f6cbbd22c13dbdc602b9f746b293e99015fe0860f83398ce668489f3c7374bf71f755d9a5f51b430516bda0d0c639314a32f81c0858c2355bb680df793f57592b4e48d60f8a2c3faa3356c26fb689d9f4c3a0c1e8edc34073ffea7897e7456a1dfa315144d0bd89c27e2c912f82bc18361464a40802348f920f76a94cf3f102cf07d022ab6bbbb040ff7b2c7aaeb343bf9a401deab24827a5dba43d9a8f86c67542445cafe559021d78fdffebe8957caa6b122becf002068289cf96f5aa8c9dfd1e3687b5afa39e2f576f79c2a373341fb587d458b62b8f6e818b38df932f34bd26d2c66e9510eac33aec0e706be80367a91f71cafa3d645a4003c3dec4b0207e979842d59dbb8086651f57c2e8d44906889226f31b2ba7ac196a78c48f7ded2ddb8791cdc9ae0bfa3027bdf6a217666074b7d50e0b4d51debd0b9c27b5bb6639aeab43efb25177d0a35501643072d046b3b33cb23b8cc44685e9e0de65f6862da6666aea0199a9d6fe2e9887b0e88b5b01767dac4202f9b6468154eba92b411a5aaa55d167c4e3b0703369f75d5e6a6c757ea3532a31ea46abc169f7055497c79cedacde5e382a6028bf409f491963bf60c6de3fb38e669173655692c53d590eb2d56efa0aa2b2578fea58a3d3c503d7ac2dabb9bb1570f3cbb3191066ec50637db1bc1a020000000000000056a5576bcc42e65e98935d46249b97a59823495929e93412ea20459337c9ab0f854964e4ba267ae305b6ee39b47fd3f22af36f1f38f138d9a9913a4bea8da137ace2751f7604e77658cd6eb7ea421b94fbdf99f2cf0801d1de16dd4fa00d13d859e8d6afc5029a36ed522ea252f1fbb361f260e7e80604d71113a63f963526d2abdaf707f158db39b965bfb50a07f11b429c05af2348acb2ec61c06bcb82fa86c6a2c39b74fa0175b84e16553977f1fe1fdd00"/1665], 0x18}}], 0x1b1, 0x0) socket$inet(0x2, 0x0, 0x9) 01:53:41 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$hfsplus(&(0x7f0000000000)='hfsplus\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000009c0)={[{@gid={'gid', 0x3d, 0xffffffffffffffff}}], [{@fsmagic={'fsmagic'}}]}) 01:53:41 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f00000002c0)=0x8f) setsockopt$inet6_MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, &(0x7f0000000480)={{0xa, 0x0, 0x0, @private1, 0x1}, {0xa, 0x0, 0x2806, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x0, [0x5]}, 0x5c) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb57]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000300)) r3 = syz_open_procfs(0x0, 0x0) getsockopt$bt_l2cap_L2CAP_CONNINFO(r3, 0x6, 0x2, &(0x7f0000000080), &(0x7f00000001c0)=0x6) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:41 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 582.164829][T15890] hfsplus: invalid gid specified [ 582.170556][T15890] hfsplus: unable to parse mount options 01:53:41 executing program 4: write$binfmt_aout(0xffffffffffffffff, 0x0, 0xc) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x0, 0x0) umount2(&(0x7f0000000100)='./file0\x00', 0x0) 01:53:41 executing program 3: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) openat(0xffffffffffffff9c, 0x0, 0x1d00, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='veth0_macvtap\x00', 0x10) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @initdev}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x4000000000013, &(0x7f0000000100), 0x1042b) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f00000000c0)={0x1}, 0x8) close(r0) 01:53:42 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$hfsplus(&(0x7f0000000000)='hfsplus\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000009c0)={[{@gid={'gid', 0x3d, 0xffffffffffffffff}}], [{@fsmagic={'fsmagic'}}]}) 01:53:42 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:42 executing program 2: mkdir(&(0x7f0000639000)='./file0\x00', 0x0) mount(0x0, &(0x7f00000007c0)='./file0\x00', &(0x7f0000000800)='sysfs\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000fc0)=""/1670, 0x686) lsetxattr$trusted_overlay_origin(0x0, 0x0, 0x0, 0x0, 0x0) [ 582.948269][T15924] hfsplus: invalid gid specified [ 582.953493][T15924] hfsplus: unable to parse mount options 01:53:42 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x7}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000004a00)=[{{0x0, 0x0, &(0x7f00000006c0)}}, {{&(0x7f0000000ec0)=@tipc=@id, 0x80, 0x0, 0x0, &(0x7f0000002440)=""/79, 0x4f}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TCSETA(r3, 0x5406, &(0x7f0000000100)={0x7, 0x9, 0x0, 0x0, 0x7}) readv(0xffffffffffffffff, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0xfffffffc, 0x6}, 0x0) mkdir(&(0x7f0000000740)='./file0\x00', 0x1c) io_submit(0x0, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet(r4, &(0x7f00000010c0)=[{{&(0x7f00000000c0)={0x2, 0x4e21, @initdev}, 0x10, 0x0, 0x0, &(0x7f00000033c0)=ANY=[@ANYBLOB="1800000000000000ff06004a60ebef2c47fe3b04dc8cb2acd37913b1f73ab71d6dc45954a82057877482992d4182e0000002fec513d12adb64fe868b17ee10d2d603892ae97f2c362307050491e76079b7e99a6e319aad462f9691ba629a777fb5d0a0583b7ec4e36f08d215c2de6770338786a729bee41e9ec39b4bc291b928ef9f1b12e68f74ab829bfab4877b07f8112d75f25cfa60b42e5eafe40debd93f5c8843542ce87ccd81b56a7ae49a9d9c05298ef7f9267d128ce11df000d9fa45e8a8dcbd98d41df16b4ebd66464d1e7f66e11a5463afc56cffa277233a378e5cbdf9d18aa6f823a0eee8e60f2627681200021afcffab6b76713074fabbd14fdf723522e65fa0c1c1598d101b717b6dd68457b0b100000000000000e7aab97628569897d804986838614b32e2eb83b4cd080277abb4862824672d7ef659a3c2b217d76be42e595d751d8dde26cecba021e627df1e13015900953b245c3db57fd510dff19516e6456c9560e298785fe0f90e01c5c5722ea99cfcd862f8000000000000073bf38b6e2649d7370bf6b862765e1c604f179b56c18ab48aed63a39b2229f372759187f6113b17a1a679fea2c9a8f3dc9b0687ced9d170914d7c08ea8a3ffc1b4dc2394b3dc3bfe86452f044183729dd5f4baa63f744982ebd6d1a0036e8231e1e5b2d63d4d30be7a17333424475adeafa2a6ca643ed1be45c869a8b4b69098fd7ad2f8d8b50b1eb282db29052c8463c09d239ee2aa3a97a170f7f3afa435df3b9b5d1be8527b9acdc7dea2c4f5969bae4d8115fb6a7bc72e15045dd1d4654ba4bfffffffffffffffb36cae40f0a25955257cac2fbae73e3b066a59b27df5fb6e122534b2cc6c8c298eafff148aefd6cc9e559c485b2e9943ffb3414d8713f19009cf2d10aab000000000000d6d5791a8a3c2ac7c6e02662b86b577ceef4dcece7141aa0ff4e0a6dac6b7be3983a7de4c5d2b6a0124ab2cb83d197059dff5229a6a8ed66ad4ab6fe55a0319ab26e804bf14d636e292912f1d52cffad48cc180c8b082a78496675fb70e50d5184e704d5195a3a487c76145ffde841c0153a5ddb00000000000000018e5a433969d359a99965f6cbfb7a7916d6b2297fb602e59143a2b2a40bdfb795986feec7021bc1361ad120c45b0f6d561a56fc3bcd51533245ef2905c6fb46ae068575457fe13804b3514b9903b76a1890c0b7f8713c67850fa93536299396de36eb4d5dff234c0fdb4329eb7a412b072b91b220d300002eac42dd451616d6236e86b741facf767cdb379289fb398fafb2cc8337dc54c2214ce0ed6b8295e7d3703c4155a050fd8df6d327039c98e6a18d2e92fb414df2782c99a79ee56b3e0133c92605895bd2e12deab80292ee46b33b3ee024fa6f0113fa784062203100000000000000000000000000000000000000000000004d7df6fe3a8dfdc8c09ef0fa6366022fe8d329f25802d7f69e0047ddc4bac1e5abe0ec025fe0c99253b2fc61155cbbaf22a4b4ee42e4a78aba55e234bd1f7908229371e1821ab83367443c93d7a8e6c0df2c966a3c3e7ae025a84c1830a0c2ba31c6de62873d0578ec085d87c718c0c7d3e6286c98f6e44261ab839f36441c8b09885bd5104632b3ad7de4945b6dc9f51a12f77f9019c38f112d4771a1d06ee1ece6f975fb3a7aa4f84090948955685f7e864bed7417f9256cbf742e546588efa4b169a414116eabcba50eaa36e63feeb1748c8c77939f85cbc7c470cd4baab5efe145ecb41632a9d3004b01158fea35dd5629e9022585d68a16c7535ef11e211e01d1ef0c8604ad8c12a281df04bf13a465e4ceae0bfba098f3cfd5d5518cbf2742881f89e60a3a77c2a97d94512154f392933daf2cd0da58a8ac06e63ef72cd90ec2eb5737002b26db96d1d53d4b500d9409f68635764369e76dcea08c4fe7c28f529ea340da6351c50db6146d7126feb17a00000000000000000000000000deddd47e8e154c0e7ee38b293c7352b48bf324cee466a4070cb37711fd21e197257212ed4b3eca34d62f79a5a9255c7012ddee40ea0a450c95a61f06bd0648532c2e8827305b99d7e2810392000e7a7d428693cebd2b9ff0753d4045fb89b122b55f555f20a45aac094aa2cf0a266e779319cd9694d1e871e6a99609a4ad6db7cec6233324a06ac595d6ddfa51badf4febfa603cf9691d6a9d0722e091ed89893cd40fcdf2f6764e01eb2f1add7ba53d9acb6b314633c4e096589094c97079b7b2ff750649f381e3ee598b78e27fd00a5073b1d710189513d1e07712eb5274f82d00ca1d56fbc5bae35c672a82518100a53cda97137f4da364b7da7740b7405f2633753070fa16e6e908455d877f24d769391bc2cf0e03bc3bfbc39fc6e0435a616ac045dd7687a8345491df8c75a3bab666b00f9dadc972976650e70f5fda2c1b1448b9d7acbe7d357a595cd31f1b0c1aa4c69e670576aa128961c27295142917578e57258c701f931da2b08b007d4bf88d3661e8135c1dc81757374cf1a506a2cbdaece28e898e954e4899dd3ff7ebe5d50524af65b6241903291c791dcf1f585b4d21c2953c9787baf8b644035fbaa63fb75b0daef1623e4ea042a74b160f253adb40c967c5505667ba08434e8df4642980ea2a205dbbd7f780199938ab26768b44b438ea7538a08a26b5959e92342486b7bc2b144d2135dacc8e335d16e805330c1ee3d0b126ca5f04bbec43ffa9baf2f8cc7890ba5bce57cdeced684d66d27fd3d7b18e2f840c0d70ef"], 0x18}}], 0x1b1, 0x0) socket$inet(0x2, 0x0, 0x0) 01:53:42 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x4e, &(0x7f00000000c0)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f100", 0x18, 0x3a, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast2, {[], @mld={0x83, 0x0, 0x0, 0x0, 0x0, @mcast1}}}}}}, 0x0) 01:53:42 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x7}, 0x0) sched_setattr(0x0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = socket$inet6(0xa, 0x2, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bsg\x00', 0x0, 0x0) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet(r3, &(0x7f00000010c0)=[{{&(0x7f00000000c0)={0x2, 0x4e21, @initdev}, 0x10, 0x0, 0x0, &(0x7f0000004b40)=ANY=[@ANYBLOB="1800000000000000ff06004a60ebef2c478a8eececab4c7c70e96d508f07fe3b04dc8cb2acd37913b1f73ab71d6dc45954a82057877482992d4182e0000002fec513d12adb64fe868b17ee10d2d603892ae97f2c182307050491e76079b7e99a6e319aad462f9691ba629a777fb5d0a0583b7ec4e36f08d215c2de67708a460a8a29bee41e9ec39b4bc291b928ef9f1b12e68f74ab829bfab487da47081184bf0d92f72e567b07f8112d75f25cfa60b42e5eafe40debd93f5c8843542ce87ccd81b56a7ae49a9d0500298ef7f9267d1200e11df000d9fa45e8a8dcbd98d41df16b4ebd66464d1e7f66e11a5463afc56cd9c3ffa277233a378e5c57f9d18aa6a0eee8e60f2627681241231afcffab6b767130120b75215596d1bc4fb6849874fabbd14fdf723522e65fa0c1c1598d101b737b6dd68457b0b8a034dd0c734ce4e7aab97628569897d804986838614b32e2eb83b4cd080277abb4862824672d7ef659a3c2b217d76be42e595d751d8dde26cecba021e627df1e13015900953b245c3db57fd510dffc9516e6456c9560e298785fe0f9d862f8000000000000b7f90b24202e00ed31748f8283765e1c604f179187f6113b17a1a679eea2c9a8f3ec78f787a020fcdc91fc1b4dc2394b3dc3bf0100000000000000dd5f4baa63f744982ebd6d1a0036e8231e1e5b2df58e0becaa25a3b6e863d4d30be7a1733342ce46adeafa2a6ca643ed1be45c869a8b4b69bd2d0f66c86835eda7b7223864276586b1eb282db29052c8463c09d239ee2aa3a97a170f7f3afa435df3b9b5d1be8527b5acdc7dea2c69bae4d8115fb6a7bc72e15045dd1d4654ba4bfffffffffffffffb36cacd0f0a25955257cac2fbe3b066a59b27df5fb6e122534b2cc6c8c298eaff0149aefd6cc9e559c485b2e9943ffb3414d8713f19009cd2d1c37f68137392f85f04d5791a8a3c2ac7c6e02662b86b577ceef4dcece714c2d5e781774d1aa0ff4e0a6dac6b7b09003a7de4c5d2b6a0124ab2cb83d197059dff5229a6a855a0319ab26e8049f1aec539292912f1d52cffad48cc180c8b082a78496675fb70e50d5184e704d5195a3a487c76145ffde841c0153a5ddbf52a70a63923b5868e5a439b40d359a99965f6cbfbb602e59143a21cf502d524dd1a0000000000000004009adae503c1a2c4f35964f1bc738adf9bff6c2edd8ba60be9f2dd79a0ba73b74c0ebb2d779856e31ab8083702be8173192f38f8edeaf1b05274f84576582d576828025a99d84eea9bb538e4eb5992028044f824137587056b928186aaf2114010d9c4bf39cd87997208c32b1df1a2ed39562630040c603fb5ceeb29c10520df223c4dace8e77345f7b9268af4550f1f6cbbd22c13dbdc602b9f746b293e99015fe0860f83398ce668489f3c7374bf71f755d9a5f51b430516bda0d0c639314a32f81c0858c2355bb680df793f57592b4e48d60f8a2c3faa3356c26fb689d9f4c3a0c1e8edc34073ffea7897e7456a1dfa315144d0bd89c27e2c912f82bc18361464a40802348f920f76a94cf3f102cf07d022ab6bbbb040ff7b2c7aaeb343bf9a401deab24827a5dba43d9a8f86c67542445cafe559021d78fdffebe8957caa6b122becf002068289cf96f5aa8c9dfd1e3687b5afa39e2f576f79c2a373341fb587d458b62b8f6e818b38df932f34bd26d2c66e9510eac33aec0e706be80367a91f71cafa3d645a4003c3dec4b0207e979842d59dbb8086651f57c2e8d44906889226f31b2ba7ac196a78c48f7ded2ddb8791cdc9ae0bfa3027bdf6a217666074b7d50e0b4d51debd0b9c27b5bb6639aeab43efb25177d0a35501643072d046b3b33cb23b8cc44685e9e0de65f6862da6666aea0199a9d6fe2e9887b0e88b5b01767dac4202f9b6468154eba92b411a5aaa55d167c4e3b0703369f75d5e6a6c757ea3532a31ea46abc169f7055497c79cedacde5e382a6028bf409f491963bf60c6de3fb38e669173655692c53d590eb2d56efa0aa2b2578fea58a3d3c503d7ac2dabb9bb1570f3cbb3191066ec50637db1bc1a020000000000000056a5576bcc42e65e98935d46249b97a59823495929e93412ea20459337c9ab0f854964e4ba267ae305b6ee39b47fd3f22af36f1f38f138d9a9913a4bea8da137ace2751f7604e77658cd6eb7ea421b94fbdf99f2cf0801d1de16dd4fa00d13d859e8d6afc5029a36ed522ea252f1fbb361f260e7e80604d71113a63f963526d2abdaf707f158db39b965bfb50a07f11b429c05af2348acb2ec61c06bcb82fa86c6a2c39b74fa0175b84e16553977f1fe1fdd00"/1665], 0x18}}], 0x1b1, 0x0) socket$inet(0x2, 0x0, 0x9) 01:53:42 executing program 0: perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$GIO_FONTX(0xffffffffffffffff, 0x4b6b, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000003c0)}) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/raw6\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0xffffff7f) 01:53:43 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:43 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x3e, &(0x7f0000000140)={@multicast, @random="a7abb235d4dd", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000010", 0x8, 0x3a, 0x0, @empty, @mcast2, {[], @ndisc_rs}}}}}, 0x0) 01:53:43 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x80, 0x0) ioctl$KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee3, &(0x7f00000001c0)={0x0, 0x9, 0xa4, &(0x7f0000000180)=0x800}) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000000c80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000380)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x8) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300)='trusted.overlay.redirect\x00', &(0x7f0000000340)='./file1\x00', 0x8, 0x1) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='rpc_pipefs\x00', 0x2008480, &(0x7f000000a000)) 01:53:43 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=@newsa={0x13c, 0x10, 0x713, 0x0, 0x0, {{@in6=@private1, @in6=@mcast2}, {@in6=@empty, 0x0, 0x32}, @in=@empty, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_crypt={0x49, 0x2, {{'ecb(cipher_null)\x00'}, 0x8, '\\'}}]}, 0x13c}}, 0x0) 01:53:43 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:43 executing program 0: syz_mount_image$hfsplus(&(0x7f0000000000)='hfsplus\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000009c0)={[{@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 01:53:43 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0x0, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 01:53:43 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, 0x0) creat(&(0x7f00000002c0)='./bus\x00', 0x0) lseek(0xffffffffffffffff, 0x0, 0x0) r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) syncfs(r0) 01:53:43 executing program 4: perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$GIO_FONTX(0xffffffffffffffff, 0x4b6b, &(0x7f00000007c0)={0x191, 0x6, &(0x7f00000003c0)}) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/raw6\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0xffffff7f) getpeername$netlink(0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000100)=0xc) 01:53:43 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0x0, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000040)={{0x108, 0x2, 0xcf, 0xf5, 0x207, 0x8, 0x0, 0x74}, "84ba6ab09b0de15d36", [[]]}, 0x129) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x0) arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 01:53:44 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 584.436984][T15981] hfsplus: invalid gid specified [ 584.442307][T15981] hfsplus: unable to parse mount options [ 584.628033][T15981] hfsplus: invalid gid specified [ 584.633606][T15981] hfsplus: unable to parse mount options 01:53:44 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000140)="2600000022004701050000000000000005006d", 0x13) recvmmsg(0xffffffffffffffff, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x208200) sendmsg(r0, &(0x7f0000000240)={&(0x7f0000000000)=@pppoe={0x18, 0x0, {0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, 'vlan1\x00'}}, 0x80, &(0x7f0000002440)=[{&(0x7f00000001c0)="d9acfef8efbb89b89b79e8f95986a38bec6d1ad52518343a65fa88e3ff2cc4acbfde91a23deba967b714418e1dd42ec969f4ba81709a2f2dc622a1aa1cd173e1fe2c", 0x42}, {&(0x7f00000000c0)="42ffa06eb29ed148bda3256836293daeea03e489862f72c575da58c7a547227cc3", 0x21}, {&(0x7f0000000440)}, {&(0x7f00000002c0)="f7945dce9283394772341cf2b52a610294686d9d95d0be28baef036879497b220ab5142e4534826c654af3f3a283fb99fd4a5899ea8ea646aec75d15b0dcb0f08286ab0279ed8a18d415732497c2b20d21c365bc272e1a1cec668e5ca4f238927cc4962ca07977b50814044a1e98", 0x6e}, {&(0x7f0000001440)="25622bdfce52cf5cbf346661ead6c7af578e555aff20548fd110073482c475f41b45b84c7a343858edc5cc7bed30ed65419f5e5e01cbb6b5cdcccbdd4cea3e9697a3170890031abf4b4b35e0e873289549d64a84b1c24b24d687051dfff789be64013a12720dfd8ec83f9b5951a1d3d19cc29a64dd5333cf58f77cb81443b6370ad3d4aa2695cb7921b63b8882570f204bbe706a60b30141467860f04e4427c126e0befb17e7d18635666445fdeeccc576d21e0f1760082b54de1b4c6c1a27830bb69f46242064e9a7124d9edd75150e2bafb7a745c70f0b3de954ae85ef6479e27f53077c491e058ca1caa020ac4a684c3b97987d3fecd6b4d414b2b6b2f58d870ff3e56473857b699688bba21ff7999151ed8ba6bef86c2b764d7eb490985f122b10e6662dded9962d95bb56304504dcf1cc1c63e2f75e7b9cbeba0a9dfc563d6310aff8234b34a17aca4c9286a14b47bf2eb911f2b736754fee6c562caf7b61bf8616d16b7f971e005de804b10fc2895c6ce01d974b3fef0e5b8a3fb54cdb094d10726c044d390cfb883642608e5e5a50470bf4df34792d971b467a909ee5581b041897b7b1a2920dfa7e5e035e7d2535b1ea632a2a8daa11529d0540b93824a341934ce7d5fe552ec6c719a7468fb49ced32d04dc484a02e6a76aadd21145ddcaa630bd6b1325dc550a3e5f4e7f8d6b111d641c4bc53217f56f5012241b2d6ead16857a6fadcd91c4e5d2ed8bdaba2b6542767d0d8d06e5d390cb63b1d42f22b3c7c31ec6dbfca4127292fa5131f0a15a5fe717e01f44cbac5586e6452096a9819fb3780cf5decd740b0f39d1ac0ec6a048a27ad2b6038eb9863ede991c7ad739ffc0ce04e776adbb0d8421ddc070ab719863725fb50a72535dfad79a62b0842a8e61556f03805bc8948ba2d1a8e7b67ab123e22b91a06d7d8d52081f626017158d80f0f9f7fc5627804baa225e8bba39fb6dae3dc882a972bf975e7c2c37e604724f860b9f3cd466ba33fd91155fbbe071ee780b62df6d2e6da0bd0df5063894614c79bc7e53bdcb6eccdbafd6cd2ce460b160d18f7aabdb69fe80cb60dd995ac28bd134bf1ba85c453e3cde8b785f4fae8c85fd14ebaf469bb78555bc86141fd7948ccb980e2bbfb1781cc4948f1a9d2814441f8aaa91ef0ad19931ef59e5e1d22478f838e95175ae505b8cd9e450131963b23568332008af663e82aa1d0e04f68fdac2994f7c1a63a83e58322189bfe45bb044d7aeeb7596569db7dee331a9e7fb316fe917e3de18c10f27e831dd55f0bc90cb46cd5c37694e5b78358f18c17a43589575a95d0236b5bc2cc3de62f2b69cac74514cfb3cece30691e86a842ba7121597afb88877f2fab85aa4c1feb4065bc439fa90129d1aa598bb51ba20b31742234b9c2287e08293a9a2f39a1aa953bf4fb15f47d5723317c6c9f5688d7e6ddc3c8b0ab04a43c14a3468adc438b7f0f52e8a1f5030d23ca949d060c5ac78746d09e5e267d80bc8362bfe510654f73cdc70c505aae4d32a6f5a3e0a6259c0dde58f5735570fac1d5a1008cf5a7b0345ee604e2a50dec0d5c08466ba3881669893c35ff309f805eb9ce2094cc582507b738d57c97f231cd5d75a027754d5417303228c418bb15e1890a7cfa8703d9180ffeb50a4b4c43954ff062fce81c36d0968b9869a14416746a31ff7770c3f6163e5260ea8f452d331155ed8a7ab0852c384a193eb0f0808b11eb0c71283dc2c8f1961caa2221be672da952b1b28fc7d156bcac7ca4658b718cd8731930834e1d6f97dc4fbf9a015329aa30c031abf983a44a937bdb57f55bddd4a1555bfa288dc0c19f50db422f9eb2fc6509093c8baf776f0bdc6e3b6fb162a3a6f201cb62e56ec686cb55f9645bc85341104899ab633b688ef28b376539ff60f30fb3746ba724eb70ec1e132699a9e2580e658a53d8f27231f69c2ad240f129f0fdf19782ff32e90d84ba25083bd70e2ae9f50e559e4f83f2565f53ed484f29bfe9191f1fd65b722ad26e36abc2fa1c297299e520fb609e8243a063a7299a07be0141ea4dcd0bb9e21b9ca1ce0cd7525ba14850125e13eb7bf5e151eb68b7f7d80fa315afcbe73c98932c684ae5f5ec68fba442dc427c0895ae2860024a782028d5cf87eed39b6271195268dc1f57435bcc0bbd9bf352f8ee36e490be6dafec766ea661d6624e6b90a84b8e26c38b47f228fd9eb499ae1a3b9bd963c25f4a37a6b229f47df06bbb0fb4dd970c1a0aee58c1950dfcd708a38049f4d3018d9562827bb1f32fe757367e836fe35a96b66c0049988a5b496aec9c1bf0c34f3b3cf06d3451f00a622bdb1327faaa4e9cd48e30fd58b91fc8d0d04734023ae18b9e96f43a4e458122655cd44d04ac86943ef209660eb52cfd2f50e6804368f88164fba91e194a1a7fe2648127508c700331e07361895854d70941b912bb1cff87dbf7e728fa6d58ca97e86813e7121e48de581e4e5df82ce0fd0f01b04e4249d3f071e7f0fe7d5aeb403113e1fb6cf5513bdb1c11f10657845f34cc125d68dc465157bbcb8f01d3da45b3e37d7c12c4d0c29d76f01f2b8d0ead67aa4098cb1a37af98b81b66bf67a630cbc45ebc97cbef089ce95941f0c6d3ad1838b41a690998f27e078945e32a6b6ee4f240e3f5272b37c622b426aa76d332ebb259da653e386a58c15c43c1171b0a0a3c775e1f610138a2fa7670dca081d237b78162695bb0407a8131c8bb9e8d8f569c9c2d6696a9dee0a73cd4faa9bd8bf44e608569e685f53102bcdb7a5c50e9a03c04936a02a264bd090ea86c220df1145b1e5222cc612d22de65f90c5887c016c67337c358d69606e0dc364f0ba74e8a3ec767d55b6e729e41386d7dcf875228e26fe6fa0544ef19e381d61f79bb89c374b344a2959059f9dc5efb3fd3633e414f68b32c74b399acf8031ca260e6c5c0a8c4ce687a7bc79bad1906cff6744b45fad6a8e2b10f2418935d5d4201e3aec679edbebee1430f3072b8e02fc461361e318a1cf68960dc4d4a1346e0d67d645c1bd7d0a263d717ae35c915fd0dc43fc394fde80029ca7f5d80befaf85ac53545a515db217eab39df54236beecd0c3de2ec95196f83659e983b163fc492a7310f9f90702ff32c0c615b582f03e201f40977be43df009cf1f57a9a4636c3c73d86bc2dc7e2a63e92d1f15affb3cf4ee8043b55c8a1bfa0f05d1f371e18d52958084bc9ae194ef66d8a402f22b872710422d84374ed6a99607b0450ed9a7bfed838a825d8df7c6a409938fdcbf19f5b1f0bebc540b4a6c771cd5b65b74f17dca5f8540a85b3b450ab80d5f370746cf8cf2dd490d7edb159d4e5e90a1232aff4844df54919f2b6a2810b0992dab82d4215c2a77559b4101d1e2c4164bf38b4239503318ff2f83ddab89719da1419ba1c3147d997e9957225748e9f55f4a20cbb2bea032dc90238d8623878e77e619e8b91faa462ada61187482238961431c17a24759606fe230875e3a62281fa6930018c234f8386985a2bf32e158103a5d714eca663512481176bf4b351be5b5e52cdd179fe1a4d29e4dee18c476237a034a286a0869ebf2351ff1b718fe8f3bda6647ff4a5782f45c32dd614c71429cb75fd6553825dad5a725fca6238dfca4aea659e153d3c90da81e02749a8e169eefe916f7b293ee80d16d3ea5032547210d6d7f36c6c8ccede8a4b568c5d0b427c1cbb820ef53b66325b23f7151d5688e1ba021c66bddc431e37a6bb648ddfb25373b7068975eb17ee446916fa8b3da3929cf364e56ce5bb67acd687b19a357c750080dcda0ca8ff631139c021a8a524eb16570025c1ac107a125cf1f595d62a80454d510be762218fea21b8badb18c5d893f89955ffb2fd8884e4c32eb96961d1e7955da7fa2026e96f72d928f72b7e116a17d781a44b524d4b97c875724bb6b6248713778fd93ccbd51dbd35b0b25004ac72847235a00d4289f0985787ceac8565d8731f8515a72371cf8f326df6180bcc6907dd12c53daef7645445fd7f168d1128eb5a42041e361814b118a3a894393ce796abd0f1dfa7ad06300987516d47392edf3e351ba51dd5f8d597bb7fc3b5ed20dd5a516a28d0ccbc9ffb660bf003df933bc48c95bbbf88773ff46158d151af93c2f14fb6a0bdb6b6367160428dba6f42ecb8f0f19970b757565ca40baae96dcfaeb16be396b1bce51fa92cbad8d4df9ba5f56fda9fc61c9368fa876f8f57c35a0ff880401631ac084dfa1e9b517afb29fbcbe5f2ab3a623c7bdd08ce831ced19dc373ee4b5980fe400797deccd8acc9501dbaf6d4e8a26aecf405df0ad5542b582b7d93c7f4d531d40f6cbc4e4127fd0e81b7934c416b86c97bad88238dd86f1fbc3a30cae024e64fea5b3709cef20b90f6b2e36475419ec18a60459dd685be3a1e9758f2e0214f9a1f97ada48c9dcc2871c498f1531a6c978bff27b0f14abb92384b76560694aab0c9cabe54a39b253745fb8ffc59b2f961ed7db3155db687ea879001d6f3da0afc1e7d5cb46d0e31f0eec2f37c3b690a00669c6d353649263ae5844bfd023bb0ee3b367e787c6a4f0dea3ecd115f1d4b3fb3d00b49b92d7fc0162d2b2f8d76cd8f8f5da3ac3030fc9e385e4972f5b9bc203d837c22ded6e5f0e67b0a0595811eaed15138544839ccaf3e9df3e48c6d2cf06a81ea2d8e4e2ccbbc288bfe861e618a364178771f2a293c06919facc6a6e0bd71c0f919c770a1926e8ce77bc48fa7c9b512439532072e498f6e3c9f61e74288cf5d031820606f83ab4b6818493ece1628af2bb0f01f06e5a31c3b15b0320d22f51accbdff43b6035bdbd57d29e213f20ff8e9f0174ec1fd8a99a5f88d138dadd7993c4f016a2ba308625f5adbc0084dc1c56f1bf670354d8ea7d1f53885251c8658f690583b779cadfde0fdf71bdc1aa8ebb341a8c9272a2e473eadca51b91a59f332b9c75e7824b300e15a2e2ad73af6148f1b87b2513c18ef88e72814fabcc5a4dab8b7297d2ba333b8455e611d234641bc47d9d2f5a18ff59491111af67469220bd6fb1534a7b5ecc76ef04abf2793263f676b87f87c22a9c288605f54e122bd4a6df344cb28c41aa302b7872bc06f6b7600c97a005e40bda79b11e85755aa41fa75640394f1bd7da9862050274a10ae29ebc4e9c08d4e922050bab41bb22bf7b9f1052b77226336e43ffae2060c9fb1590dd5ec5237caff1816d8b0bb9f9f882c67c8765e8e37cb54861d735367f91ea2fb311cfb2255fbc6d4ac6a9182be075345a1a4aa53d4e7aac226882f34b433fd733e1463f96146ff340863a35819c09ca49c646b6f75949d4542751282e51847d644fc85be2032fd3b1d279cc4a8b929ecc20f9ce8cc1ab67cc13301093a226937c6e91a6beea6afe3be686183bfb386f280f01deb35dbe296dcd1f931bae79a88414a131ee682fe267c3b8a62f7ae7ff894db481ea95dd95fff2deed43ed6597a9eefd303771d8d98bc63b76953db8e54e7af7af6d94ac33d2c209728b6d2a632bf20b2c38fb15225f34d5091dc0acba829e1b58ca5ca90a66f2c3e5203946ec92b3e578db402e3aad6dbaf87cd88db107e777ec0b4a26adca6807a60a1e32d5e6ef6cfedfc645ab66d5ffc22c50c36c36ba090a66dce0400036a80ba21d9b85364a89a4d60100d5af423bb145f70e1fcc6e427bfc536c429261c55a350f3b0a3e36e61e5f91b8d2a58d012fa2c21575940709f8e108f8dd90b15655e8a17c5205d075d2b90ae1fff01e64f975220b2c1734e85c859df94a6ff8a831a6f73052fb", 0x1000}, {&(0x7f0000000340)="c227489bce885ec4334fda151d6c96ed61fc7dd2c415376808786b9f7aaf617510e22350164f9eab489199f10a40c1b86373f62ec09d9970dbb10236827dd510afc6debe45812a4f05ac2b99157e3d868a047105270b264f3c80b622730226dd8267852f105b40d611f4e02620de6572b9867059b31f2ac0ef33399949a8ed5bf8e6c4d8cc4fde614a29c588161f3e87d5b95fa7b1694aa1cc0fee7fbbd2c2ddf488e1", 0xa3}], 0x6, &(0x7f0000002600)=ANY=[@ANYBLOB="00010000000000000000000004000000bcafd84544ff84d0a204ad5a87ec7d9292be2bedd5d9cd9d1bbf53b7d6b892a41ec99b15da1aa9dbc3819d9347deaf281204120a4f5fbd66c08cf1c98664b92f589e7542a439ca81365dd6d76c5075b32133b603677212af3cb5fa3f0d5d737e70f59039d0aa2e29ceb0c17a19417279fd0cfb9cc21fb18d15b7cc3f64e6c879f091cf2fa43de282f39b1737c0747ded37bc4aef63475f314d6f2515609ce680a2ce71311446b5d46c13202a45845c896e6eef4b8b641546fe7e55b0aeb7b02befbae7d9c9e0b256c9237f40702783117360fc8522ee4984c3768c89151e0e9de4925ffc20ee96bffea719871441575af16d3fc81fdc3a0c8f"], 0x100}, 0x20008041) r1 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) read(r1, &(0x7f0000000180)=""/19, 0xfffffe47) 01:53:44 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:44 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_emit_ethernet(0x4a, 0x0, 0x0) syz_open_procfs(0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000640)='/dev/uhid\x00', 0x802, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="0b00000073797a31000000000000000000000000000000000000000000000000000000ecdf40e65cc780220000000000000000000000000000000300df0000000000000000000084000000000000000000000000000000000000000000000000200000000000000000000000000000000001000000000000000000000000000000000100258d7a3500000000000000000000000000000000000000000000feffffff00000000000000000000000000000074b6628ddfb1cc186d6300000000000000000073797a310000000000000000000000010000000000030000cf0a000000000000000000000900000000000000000000000000000000000000000000000000000016000000000000000000000000000000000000003b38e967ac8206eaba86b97eec0b2bed1ee23364b10d6a"], 0x12e) r1 = creat(&(0x7f0000000180)='./bus\x00', 0x0) dup2(r1, r0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000280)) write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x12e) dup2(0xffffffffffffffff, 0xffffffffffffffff) 01:53:44 executing program 4: openat$tun(0xffffffffffffff9c, &(0x7f0000000440)='/dev/net/tun\x00', 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000400)='net/raw\x00') setsockopt$inet_tcp_buf(r0, 0x6, 0x21, &(0x7f00000002c0)="87922e1baef8528224b757fd3aa66889cb68829077bd726da1a83d4cce586d19211e02ea1217e0ddae3e15fbc6b4e71eb259e06ef7c3fa619c1fd865d265da677bdb4e9192738bf2c379a40254b81591226b557cf82878e178ad3406586f7096e5df01dee795e1101e4f17d157", 0x6d) syz_open_procfs(0x0, &(0x7f0000000000)='net/anycast6\x00') ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xfbffffffffffffff, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x2000007, 0x12, 0xffffffffffffffff, 0xfffffffffffffffe) perf_event_open(&(0x7f0000000200)={0x5, 0x70, 0x7f, 0x0, 0x0, 0x2, 0x0, 0x0, 0x52048, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000, 0x2}, 0x80000, 0x20ff241a, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0xb) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/igmp\x00') shutdown(0xffffffffffffffff, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS3\x00', 0x802, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000180), 0x10) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f0000000280)={0x0, 0xffffffffffffffff, 0x0, 0x400, 0x1, 0xfffffffffffffff4}) setsockopt$SO_BINDTODEVICE_wg(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000140)='wg2\x00', 0x4) sendfile(r2, r1, 0x0, 0x20000000000000d8) 01:53:44 executing program 2: r0 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r0, &(0x7f0000001440), 0xfffffc41) socketpair$unix(0x1, 0x0, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(0xffffffffffffffff, 0xc0305302, 0x0) fadvise64(r0, 0x0, 0x0, 0x4) mlockall(0x1) listen(0xffffffffffffffff, 0x0) 01:53:44 executing program 3: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000180)='cgroup\x00', 0x0, 0x0) chdir(&(0x7f0000000040)='./file0/file0\x00') r0 = openat$cgroup_int(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.memory_spread_page\x00', 0x2, 0x0) sendfile(r0, r0, 0x0, 0x8) [ 585.252502][ T3081] hid-generic 0000:0000:0000.0001: ignoring exceeding usage max [ 585.416536][ T3081] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on %z5 [ 585.518767][ T3081] hid-generic 0000:0000:0000.0002: ignoring exceeding usage max 01:53:45 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 585.695565][ T3081] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on %z5 01:53:45 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = memfd_create(&(0x7f0000000500)='+\x8b\x8a\xa9\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\x94a\xac', 0x3) write$binfmt_misc(r3, &(0x7f0000000c40)=ANY=[], 0xff67) sendfile(r2, r3, &(0x7f00000000c0), 0xffff) fcntl$addseals(r3, 0x409, 0x8) dup2(r0, r1) 01:53:45 executing program 3: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000180)='cgroup\x00', 0x0, 0x0) chdir(&(0x7f0000000040)='./file0/file0\x00') r0 = openat$cgroup_int(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage\x00', 0x2, 0x0) sendfile(r0, r0, 0x0, 0x8) 01:53:45 executing program 0: perf_event_open(&(0x7f0000000100)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'\x00', 0xd102}) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) socket(0x400000000000010, 0x3, 0x0) 01:53:45 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:46 executing program 4: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000180)='cgroup\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat$cgroup_int(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.memory_spread_page\x00', 0x2, 0x0) sendfile(r0, r0, 0x0, 0x8) [ 587.870564][ T33] audit: type=1800 audit(1595296427.456:547): pid=16021 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed comm="syz-executor.5" name="bus" dev="ramfs" ino=50486 res=0 01:53:47 executing program 5: perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x800000020010c516, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x42, 0x0, 0x0, 0x6b, 0x0, 0x0, 0x40000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00', 0x0) recvfrom$unix(0xffffffffffffffff, 0x0, 0x0, 0x2120, 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) syncfs(r0) fstatfs(r0, &(0x7f0000000640)=""/236) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) syncfs(r1) 01:53:47 executing program 3: openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) r0 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r0, &(0x7f0000001440), 0xfffffc41) socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000280)) setuid(0x0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(0xffffffffffffffff, 0xc0305302, 0x0) fadvise64(r0, 0x0, 0x0, 0x4) listen(r0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) 01:53:47 executing program 0: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0x0, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000040)={{0x108, 0x2, 0xcf, 0xf5, 0x207, 0x8, 0x0, 0x74}, "84ba6a", [[]]}, 0x123) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x0) arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x0) 01:53:47 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:48 executing program 2: perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x800000020010c516, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x42, 0x0, 0x0, 0x6b, 0x0, 0x0, 0x40000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00', 0x0) recvfrom$unix(0xffffffffffffffff, 0x0, 0x0, 0x2120, 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) syncfs(r0) fstatfs(r0, &(0x7f0000000640)=""/236) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) syncfs(r1) 01:53:48 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@getae={0x4c, 0x1f, 0x1, 0x0, 0x0, {{@in=@loopback}, @in6=@local}, [@mark={0xc}]}, 0x4c}}, 0x0) 01:53:48 executing program 0: socket$packet(0x11, 0x3, 0x300) r0 = socket$inet6(0xa, 0x3, 0x40) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) sendmmsg(r0, &(0x7f000000ac80), 0x66, 0x0) 01:53:48 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:48 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x3d, 0x0) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000100)) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000001c0)) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xe847, 0x0, "0100002789361c00"}) r1 = syz_open_pts(r0, 0x0) dup3(r1, r0, 0x0) read(r0, &(0x7f00000000c0)=""/19, 0x13) 01:53:48 executing program 5: perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x800000020010c516, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x42, 0x0, 0x0, 0x6b, 0x0, 0x0, 0x40000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00', 0x0) recvfrom$unix(0xffffffffffffffff, 0x0, 0x0, 0x2120, 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) syncfs(r0) fstatfs(r0, &(0x7f0000000640)=""/236) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) syncfs(r1) 01:53:49 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="5c010000100013070000000000000000fc020000000000000000000000000000ff02000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000003200000000000000000000000000000000000000ff0f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000048000200656362286369706865725f6e756c6c2900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080018000000010010000a"], 0x15c}}, 0x0) 01:53:49 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000180)='cgroup\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat$cgroup_int(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.memory_spread_page\x00', 0x2, 0x0) sendfile(r0, r0, 0x0, 0x8) 01:53:49 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet(r0, &(0x7f00000010c0)=[{{&(0x7f00000000c0)={0x2, 0x4e21, @initdev}, 0x10, 0x0, 0x0, &(0x7f00000024c0)=ANY=[@ANYBLOB="1800000000000000ff"], 0x18}}], 0x1, 0x0) 01:53:49 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:49 executing program 4: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') readv(0xffffffffffffffff, &(0x7f0000002340)=[{&(0x7f00000001c0)=""/4096, 0x141b}], 0x1) readv(r0, &(0x7f0000000580), 0x3c1) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000180)='cgroup\x00', 0x0, 0x0) 01:53:49 executing program 5: write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) r0 = socket(0x2, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000002c0)='bridge0\x00', 0x10) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendto$unix(r0, &(0x7f0000000000)="2e1dea298000d9", 0xfdfe, 0x4008000, &(0x7f00000001c0)=@file={0x0, './file0\x00'}, 0x6e) sendto$unix(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=@abs={0x0, 0x0, 0xd0800e0}, 0x1d) 01:53:50 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0x0, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000040)={{0x108, 0x2, 0x0, 0x0, 0x207, 0x0, 0x3df, 0x74}, "84ba6ab09b0de15d36", [[]]}, 0x129) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 01:53:50 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x42, 0x0, 0x0, 0x6b, 0x0, 0x0, 0x40000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00', 0x0) recvfrom$unix(0xffffffffffffffff, 0x0, 0x0, 0x2120, 0x0, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) syncfs(r0) fstatfs(r0, &(0x7f0000000640)=""/236) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) syncfs(r1) [ 590.588713][T16159] raw_sendmsg: syz-executor.5 forgot to set AF_INET. Fix it! 01:53:50 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:50 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f00000000c0)=[{0x80000006, 0x0, 0x0, 0x8}]}, 0x10) r1 = socket$inet6(0xa, 0x3, 0x40) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg(r1, &(0x7f000000ac80), 0x66, 0x0) 01:53:50 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x3d, 0x0) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000100)) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000001c0)) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xe847, 0x0, "0100002789361c00"}) r1 = syz_open_pts(r0, 0x0) dup3(r1, r0, 0x0) read(r0, &(0x7f00000000c0)=""/19, 0x13) 01:53:50 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0) chdir(0x0) r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x208200) sendmsg(r0, &(0x7f0000000240)={&(0x7f0000000000)=@pppoe={0x18, 0x0, {0x0, @link_local, 'vlan1\x00'}}, 0x80, 0x0, 0x0, 0x0, 0x100}, 0x20008041) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000400)='./bus\x00', 0x0, 0x0) ioctl$DRM_IOCTL_MODE_ATOMIC(0xffffffffffffffff, 0xc03864bc, 0x0) read(r1, &(0x7f0000000180)=""/19, 0xfffffe47) 01:53:50 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000180)='cgroup\x00', 0x0, 0x0) chdir(&(0x7f0000000040)='./file0/file0\x00') r0 = openat$cgroup_int(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.memory_spread_page\x00', 0x2, 0x0) sendfile(r0, r0, 0x0, 0x8) [ 591.307491][ T33] audit: type=1804 audit(1595296430.886:548): pid=16192 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir006967905/syzkaller.ixiaIF/213/bus" dev="sda1" ino=15829 res=1 01:53:51 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x3d, 0x0) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000100)) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000001c0)) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xe847, 0x0, "0100002789361c00"}) r1 = syz_open_pts(r0, 0x0) dup3(r1, r0, 0x0) read(r0, &(0x7f00000000c0)=""/19, 0x13) 01:53:51 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:51 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() r1 = openat$null(0xffffffffffffff9c, 0x0, 0x80, 0x0) ioctl$KVM_HAS_DEVICE_ATTR(r1, 0x4018aee3, &(0x7f00000001c0)={0x0, 0x9, 0xa4, &(0x7f0000000180)=0x800}) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x200, 0x0, 0x20}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000000c80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000380)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x8) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300)='trusted.overlay.redirect\x00', &(0x7f0000000340)='./file1\x00', 0x8, 0x1) perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2026c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8}, 0x8000000200036150, 0x200800007b, 0x0, 0x0, 0x0, 0x10000001}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='rpc_pipefs\x00', 0x2008480, &(0x7f000000a000)) 01:53:51 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000004ca]}) pipe(0x0) perf_event_open(&(0x7f00000002c0)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000500)={{{@in=@dev, @in=@loopback}}, {{@in=@empty}, 0x0, @in6=@loopback}}, &(0x7f0000000340)=0xe8) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, &(0x7f0000000180)={'ip6gre0\x00', 0x0}) setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f00000001c0)=0x1, 0x4) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4) recvmmsg(0xffffffffffffffff, &(0x7f0000005040)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000005240)) sendmmsg(r2, &(0x7f0000007f40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000400)="9f", 0x2bf}], 0x1}}, {{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000940)='!', 0x1}], 0x1}}], 0x127ad, 0x0) [ 592.511795][T16218] rpc_pipefs: Unknown parameter '' 01:53:52 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/fib_trie\x00') openat(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) pipe(&(0x7f0000000840)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) ppoll(&(0x7f0000000140)=[{}, {r2}], 0x2, &(0x7f00000001c0)={0x0, r3+30000000}, 0x0, 0x0) mount(0x0, 0x0, &(0x7f0000000180)='cgroup\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./file0\x00') 01:53:52 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:52 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x3d, 0x0) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000100)) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000001c0)) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xe847, 0x0, "0100002789361c00"}) r1 = syz_open_pts(r0, 0x0) dup3(r1, r0, 0x0) read(r0, &(0x7f00000000c0)=""/19, 0x13) 01:53:52 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0x0, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r1) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000100)=""/70, 0x46}], 0x1, 0x5) perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x0) 01:53:53 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:53 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000004ca]}) pipe(0x0) perf_event_open(&(0x7f00000002c0)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000500)={{{@in=@dev, @in=@loopback}}, {{@in=@empty}, 0x0, @in6=@loopback}}, &(0x7f0000000340)=0xe8) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, &(0x7f0000000180)={'ip6gre0\x00', 0x0}) setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f00000001c0)=0x1, 0x4) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4) recvmmsg(0xffffffffffffffff, &(0x7f0000005040)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000005240)) sendmmsg(r2, &(0x7f0000007f40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000400)="9f", 0x2bf}], 0x1}}, {{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000940)='!', 0x1}], 0x1}}], 0x127ad, 0x0) [ 594.254295][ T33] audit: type=1800 audit(1595296433.836:549): pid=16192 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed comm="syz-executor.4" name="bus" dev="sda1" ino=15829 res=0 01:53:54 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x42, 0x0, 0x0, 0x6b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffffff, 0x0, 0x0) recvfrom$unix(0xffffffffffffffff, 0x0, 0x0, 0x2120, 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) syncfs(r0) fstatfs(r0, &(0x7f0000000640)=""/236) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) syncfs(0xffffffffffffffff) ioctl$KDFONTOP_COPY(0xffffffffffffffff, 0x4b72, 0x0) 01:53:54 executing program 0: r0 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r0, &(0x7f0000001440), 0xfffffc41) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) setuid(0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fadvise64(r0, 0x0, 0x0, 0x4) mlockall(0x0) 01:53:54 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x3d, 0x0) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000100)) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000001c0)) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xe847, 0x0, "0100002789361c00"}) r1 = syz_open_pts(r0, 0x0) dup3(r1, r0, 0x0) read(r0, &(0x7f00000000c0)=""/19, 0x13) 01:53:54 executing program 5: perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$GIO_FONTX(0xffffffffffffffff, 0x4b6b, &(0x7f00000007c0)={0x0, 0x6, &(0x7f00000003c0)}) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/raw6\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0xffffff7f) 01:53:54 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:54 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000040)={{0x0, 0x2, 0xcf, 0xf5, 0x0, 0x8, 0x3df}, "", [[]]}, 0x120) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) 01:53:54 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:54 executing program 2: ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f00000002c0)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f00000001c0)=0x1, 0x4) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4) sendmmsg(r0, &(0x7f0000007f40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000400)="9f", 0x2bf}], 0x1}}, {{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000940)='!', 0x1}], 0x1}}], 0x127ad, 0x0) 01:53:54 executing program 5: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000012c0)='syz_tun\x00', 0xd4) sendto$unix(r0, 0x0, 0x0, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x6e) 01:53:55 executing program 4: creat(&(0x7f00000002c0)='./bus\x00', 0x0) 01:53:55 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, 0x0, 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:55 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) setresgid(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x2, 0x1, 0x0, 0x4}, 0x0) statfs(0x0, &(0x7f0000000340)=""/102) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x40000000011, r1, 0x6980b000) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x6100) write$cgroup_type(r2, &(0x7f0000000200)='threaded\x00', 0x175d900f) 01:53:55 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x3d, 0x0) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000100)) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000001c0)) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xe847, 0x0, "0100002789361c00"}) syz_open_pts(r0, 0x0) read(r0, &(0x7f00000000c0)=""/19, 0x13) 01:53:55 executing program 0: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='syz_tun\x00', 0x4d) sendto$unix(r0, 0x0, 0x0, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x6e) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) sendmsg$TIPC_CMD_GET_NODES(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x40000000}, 0xc, 0x0}, 0x0) recvmmsg(r0, &(0x7f0000000240)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffec8}}], 0x4000000000002c5, 0x2, 0x0) 01:53:55 executing program 2: socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1c891}, 0x0, 0x0, 0xffffffffffffffff, 0x0) memfd_create(0x0, 0x0) socket(0x100000000018, 0x0, 0x3) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x24004040, 0x0, 0x0) r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x84003ff) recvmmsg(0xffffffffffffffff, &(0x7f0000001d80)=[{{0x0, 0x0, &(0x7f0000001cc0)=[{0x0}, {0x0}, {&(0x7f0000001940)=""/77, 0x4d}, {0x0}, {&(0x7f0000001ac0)=""/3, 0x3}, {&(0x7f0000001bc0)=""/201, 0xc9}], 0x6}, 0xf8}], 0x1, 0x10002, 0x0) 01:53:55 executing program 4: symlink(&(0x7f0000000200)='./file0/../file0/file0\x00', &(0x7f00000001c0)='./file0\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0x0, 0x0}) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) execve(0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmmsg(r0, &(0x7f0000008600)=[{{0x0, 0x4a, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0/../file0/file0\x00'}, 0x32, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) 01:53:55 executing program 5: openat$tun(0xffffffffffffff9c, &(0x7f0000000440)='/dev/net/tun\x00', 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000400)='net/raw\x00') setsockopt$inet_tcp_buf(r0, 0x6, 0x21, &(0x7f00000002c0)="87922e1baef8528224b757fd3aa66889cb68829077bd726da1a83d4cce586d19211e02ea1217e0ddae3e15fbc6b4e71eb259e06ef7c3fa619c1fd865d265da677bdb4e9192738bf2c379a40254b81591226b557cf82878e178ad3406586f7096e5df01dee795e1101e4f17d1570fc6c7", 0x70) syz_open_procfs(0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xfbffffffffffffff, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x2000007, 0x12, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xb) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/igmp\x00') shutdown(0xffffffffffffffff, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS3\x00', 0x802, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f0000000280)={0x0, 0xffffffffffffffff, 0x1, 0x400, 0x0, 0xfffffffffffffff4}) setsockopt$SO_BINDTODEVICE_wg(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000140)='wg2\x00', 0x4) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f00000001c0), 0x4) sendfile(r2, r1, 0x0, 0x20000000000000d8) 01:53:56 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, 0x0, 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:56 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0x0, 0xac141403}}, 0x1c) 01:53:56 executing program 4: r0 = socket$inet6(0x10, 0x2, 0x0) sendto$inet6(r0, &(0x7f0000000140)="1ba0000016001d0d89fdc5cbdd045798707bed4dca141a780f0f8e", 0xff3b, 0x0, 0x0, 0x0) recvfrom$inet6(r0, &(0x7f0000000000)=""/98, 0x62, 0x0, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="9000000019001f", 0x7, 0x0, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="fd20000015", 0x2e, 0x0, 0x0, 0x0) r1 = socket$inet6(0x10, 0x3, 0x0) sendto$inet6(r1, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) r2 = socket$inet6_udp(0xa, 0x2, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 01:53:56 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r0, &(0x7f0000001440), 0xfffffc41) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(0xffffffffffffffff, 0xc0305302, 0x0) fadvise64(r0, 0x0, 0x0, 0x4) mlockall(0x0) 01:53:56 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00', 0x0) recvfrom$unix(0xffffffffffffffff, 0x0, 0x0, 0x2120, 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(0x0, 0x0) syncfs(0xffffffffffffffff) ioctl$EVIOCGABS0(0xffffffffffffffff, 0x80184540, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) lseek(0xffffffffffffffff, 0x0, 0x0) r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) syncfs(r0) 01:53:56 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, 0x0, 0x100, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:56 executing program 2: sendmsg$NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=ANY=[@ANYBLOB="94033204", @ANYRES16=0x0, @ANYBLOB="0000000000000000000010000000080026000000000075038000927c0f88bcba2fc093be5d9c9c0c99f6061d8d63e5c9187df8a0aca90b6c96124413fde417d42be6a98c8945be018bd988974ac102a1c573cbb62e3e39bbcf7ec7b7e817eb8b0b14b82af666701a07ea69ee6f82a576d31eeda26e9f83344c8cf178920c3a13b1b3019e0b48a4c4bf335dad3aeadfcd200081a488db2be88d0ad3fd8f0f15ed1cbeee490ef2e60ea49bffdd06416c4bf034c6d5cb6e857b1295cd9ac09e921d1f415fd7d0e77e7c9496b8c2c523a3d9209b5d93fa8797b1513868aa56f07894265e2ce7e8d6c89cdf5ff1e6e8a8eb84491eb762010f2a22b1d587191a2dbcecb1e9dffb70b5a80bfe2ae81ef4fb2ad87ae2b54d5d3173fc7455055409bdac432924407953db3806ec323ddd2a45d421fd2d74fc82eb9a1d729d5ac44acf0c526ea4e5f5ab7aa2cea2a96481723290de87dbe2ce0c8c7bc4759b8e4009d0414983b8b306e045021bff84b3e28ab53f2484c151f582fe54bd50981e8c72745a15944f7a84df632ed2c7819df3560d080391fbbe6ec420d9b612315556131bb71e94467c02df1ed4b85909ca978994dc175d935df3d7eb03a71f15824c421fd524dfd21a912511bfe9351e89cfc859f5e7b4894c279d1218b825226cf55289874863b24b69aefdd84e1f00d35fd0e1abe13ff4c44ff8fea65ca7494e46da3d0b74dcc538f1c7ec0dcdd5c81259a1ea917ccd88b0797758d6ceecd160498ecb534ab84ea2a73cdb6f75138bb8a9557027cffb37c3dc8aeeac9f990060c691c21ce65e04eb22b66d1dad7174ed91fb588089d6118b9cde05dc2da3a14d58efa7627776c08c9e927b55deb8be55cae7cca266b57a3ccd023c5cb1c79201c36b47706ee51780af911e0bedb357b5abef573e73938cf0272eebcfc5e50b959bd76ee133e93a8847b4822164909bc99f1716bd7d9260fdaa4119d9a43721c0b2ae751fe72c16be545a48060a928804f2cfe895a943cd748830a9450b7527961bdb036da79bb528576f41d7d8eb83d0a7e03156a849e556d344d9e56558f3fd636fe5cec8a02d3ed241de0d4af7a62754874688fca8a39b03604d671f63a262d3f73307b0be2d608161f5d46b64a593266d31a474e515e29d2ed48dc0ae7c350e9ace044e2e281eacb3538b8bfe8be7486e7c4765041667ed31e090cf82f88e07beb8453172b50cfc518711da578cc041541a7fdc5a2c0de9cf0578ca33bd125f87930fcb8af6f490a83a4349e40470"], 0x394}}, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f0000000800)='mptcp_pm\x00') r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKPG(r0, 0x1269, &(0x7f0000000040)={0x3, 0x0, 0x0, &(0x7f0000000800)}) 01:53:56 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x3d, 0x0) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000100)) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000001c0)) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xe847, 0x0, "0100002789361c00"}) syz_open_pts(r0, 0x0) read(r0, &(0x7f00000000c0)=""/19, 0x13) 01:53:57 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x8000000004) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) writev(r1, &(0x7f0000000100)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c10000000000000000000", 0x58}], 0x1) 01:53:57 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="5c010000100013070000000000000000fc020000000000000000000000000000ff02000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000003200000000000000000000000000000000000000ff0f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000048000200656362286369706865725f6e756c6c29"], 0x15c}}, 0x0) [ 597.728012][T16372] netlink: 8155 bytes leftover after parsing attributes in process `syz-executor.4'. 01:53:57 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:53:57 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0x0, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000040)={{0x108, 0x2, 0x0, 0xf5, 0x207, 0x0, 0x0, 0x74}, "", [[]]}, 0x120) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r1) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000100)=""/70, 0x46}], 0x1, 0x5) perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x0) [ 598.261951][T16387] kvm: pic: single mode not supported 01:53:57 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() ioctl$KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee3, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x200, 0x0, 0x20}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000000c80), 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000380)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x8) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300)='trusted.overlay.redirect\x00', &(0x7f0000000340)='./file1\x00', 0x8, 0x1) perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2026c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8}, 0x8000000200036150, 0x200800007b, 0x0, 0x0, 0x0, 0x10000001, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='rpc_pipefs\x00', 0x0, &(0x7f000000a000)) 01:53:58 executing program 4: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000180)='cgroup\x00', 0x0, 0x0) chdir(&(0x7f0000000040)='./file0/file0\x00') r0 = openat$cgroup_int(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.cpu_exclusive\x00', 0x2, 0x0) sendfile(r0, r0, 0x0, 0x8) 01:53:58 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x3d, 0x0) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000100)) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000001c0)) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xe847, 0x0, "0100002789361c00"}) syz_open_pts(r0, 0x0) read(r0, &(0x7f00000000c0)=""/19, 0x13) [ 598.261969][T16387] kvm: pic: level sensitive irq not supported [ 598.423848][T16387] kvm: pic: level sensitive irq not supported [ 598.497998][T16387] kvm: pic: single mode not supported [ 598.547303][T16387] kvm: pic: level sensitive irq not supported 01:53:58 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00', 0x0) recvfrom$unix(0xffffffffffffffff, 0x0, 0x0, 0x2120, 0x0, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) syncfs(r0) fstatfs(r0, &(0x7f0000000640)=""/236) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) syncfs(r1) [ 598.593578][T16387] kvm: pic: single mode not supported 01:53:58 executing program 2: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000180)='cgroup\x00', 0x0, 0x0) chdir(&(0x7f0000000040)='./file0/file0\x00') r0 = openat$cgroup_int(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.mems\x00', 0x2, 0x0) sendfile(r0, r0, 0x0, 0x8) [ 598.645724][T16387] kvm: pic: level sensitive irq not supported [ 598.693395][T16387] kvm: pic: single mode not supported [ 598.732757][T16387] kvm: pic: level sensitive irq not supported 01:53:58 executing program 4: socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000000)=0x9759, 0xa2) recvmmsg(r0, &(0x7f0000008880), 0x4000000000005e3, 0x44000102, 0x0) select(0x0, 0x0, &(0x7f0000000080)={0x80, 0xffffffffffffffff, 0x7}, 0x0, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(0x0) [ 598.784120][T16387] kvm: pic: single mode not supported [ 598.832547][T16387] kvm: pic: level sensitive irq not supported [ 598.877651][T16387] kvm: pic: single mode not supported 01:53:58 executing program 0: perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$GIO_FONTX(0xffffffffffffffff, 0x4b6b, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000003c0)}) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/raw6\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0xffffff7f) 01:53:58 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00', 0x0) recvfrom$unix(0xffffffffffffffff, 0x0, 0x0, 0x2120, 0x0, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) syncfs(r0) fstatfs(r0, &(0x7f0000000640)=""/236) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) syncfs(r1) 01:53:58 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00', 0x0) recvfrom$unix(0xffffffffffffffff, 0x0, 0x0, 0x2120, 0x0, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) syncfs(r0) fstatfs(r0, &(0x7f0000000640)=""/236) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) syncfs(r1) 01:53:58 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 598.916759][T16387] kvm: pic: level sensitive irq not supported [ 599.317411][T16423] not chained 1100000 origins [ 599.333807][T16423] CPU: 0 PID: 16423 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 599.342458][T16423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 599.352494][T16423] Call Trace: [ 599.355775][T16423] dump_stack+0x1df/0x240 [ 599.360096][T16423] kmsan_internal_chain_origin+0x6f/0x130 [ 599.365817][T16423] ? kmsan_get_metadata+0x4f/0x180 [ 599.370914][T16423] ? kmsan_set_origin_checked+0x95/0xf0 [ 599.376447][T16423] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 599.382501][T16423] ? _copy_from_user+0x15b/0x260 [ 599.387422][T16423] ? kmsan_get_metadata+0x4f/0x180 [ 599.392519][T16423] __msan_chain_origin+0x50/0x90 [ 599.397466][T16423] __get_compat_msghdr+0x5be/0x890 [ 599.402587][T16423] get_compat_msghdr+0x108/0x270 [ 599.407519][T16423] do_recvmmsg+0xa6a/0x1ee0 [ 599.412016][T16423] ? kmsan_get_metadata+0x11d/0x180 [ 599.417213][T16423] ? idle_cpu+0x9a/0x1d0 [ 599.421452][T16423] ? sysvec_apic_timer_interrupt+0x11e/0x130 [ 599.427426][T16423] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 599.433570][T16423] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 599.439803][T16423] __sys_recvmmsg+0x4ca/0x510 [ 599.444477][T16423] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 599.450535][T16423] ? __x32_compat_sys_recvmmsg_time64+0x80/0x80 [ 599.456761][T16423] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 599.462907][T16423] __do_fast_syscall_32+0x2aa/0x400 [ 599.468097][T16423] do_fast_syscall_32+0x6b/0xd0 [ 599.472937][T16423] do_SYSENTER_32+0x73/0x90 [ 599.477451][T16423] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 599.483772][T16423] RIP: 0023:0xf7f4c549 [ 599.487822][T16423] Code: Bad RIP value. [ 599.491873][T16423] RSP: 002b:00000000f5d470cc EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 599.500274][T16423] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020008880 [ 599.508235][T16423] RDX: 00000000000005e3 RSI: 0000000044000102 RDI: 0000000000000000 [ 599.516194][T16423] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 599.524157][T16423] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 599.532113][T16423] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 599.540076][T16423] Uninit was stored to memory at: [ 599.545088][T16423] kmsan_internal_chain_origin+0xad/0x130 [ 599.550803][T16423] __msan_chain_origin+0x50/0x90 [ 599.555738][T16423] __get_compat_msghdr+0x5be/0x890 [ 599.560842][T16423] get_compat_msghdr+0x108/0x270 [ 599.565775][T16423] do_recvmmsg+0xa6a/0x1ee0 [ 599.570263][T16423] __sys_recvmmsg+0x4ca/0x510 [ 599.574922][T16423] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 599.580970][T16423] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 599.587104][T16423] __do_fast_syscall_32+0x2aa/0x400 [ 599.592296][T16423] do_fast_syscall_32+0x6b/0xd0 [ 599.597127][T16423] do_SYSENTER_32+0x73/0x90 [ 599.601619][T16423] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 599.607920][T16423] [ 599.610227][T16423] Uninit was stored to memory at: [ 599.615236][T16423] kmsan_internal_chain_origin+0xad/0x130 [ 599.620937][T16423] __msan_chain_origin+0x50/0x90 [ 599.625865][T16423] __get_compat_msghdr+0x5be/0x890 [ 599.630963][T16423] get_compat_msghdr+0x108/0x270 [ 599.635888][T16423] do_recvmmsg+0xa6a/0x1ee0 [ 599.640372][T16423] __sys_recvmmsg+0x4ca/0x510 [ 599.645032][T16423] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 599.651081][T16423] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 599.657217][T16423] __do_fast_syscall_32+0x2aa/0x400 [ 599.662401][T16423] do_fast_syscall_32+0x6b/0xd0 [ 599.667236][T16423] do_SYSENTER_32+0x73/0x90 [ 599.671723][T16423] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 599.678034][T16423] [ 599.680349][T16423] Uninit was stored to memory at: [ 599.685378][T16423] kmsan_internal_chain_origin+0xad/0x130 [ 599.691099][T16423] __msan_chain_origin+0x50/0x90 [ 599.696021][T16423] __get_compat_msghdr+0x5be/0x890 [ 599.701117][T16423] get_compat_msghdr+0x108/0x270 [ 599.706037][T16423] do_recvmmsg+0xa6a/0x1ee0 [ 599.710633][T16423] __sys_recvmmsg+0x4ca/0x510 [ 599.715293][T16423] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 599.721342][T16423] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 599.727480][T16423] __do_fast_syscall_32+0x2aa/0x400 [ 599.732666][T16423] do_fast_syscall_32+0x6b/0xd0 [ 599.737501][T16423] do_SYSENTER_32+0x73/0x90 [ 599.741987][T16423] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 599.748288][T16423] [ 599.750607][T16423] Uninit was stored to memory at: [ 599.755638][T16423] kmsan_internal_chain_origin+0xad/0x130 [ 599.761352][T16423] __msan_chain_origin+0x50/0x90 [ 599.766291][T16423] __get_compat_msghdr+0x5be/0x890 [ 599.771400][T16423] get_compat_msghdr+0x108/0x270 [ 599.776323][T16423] do_recvmmsg+0xa6a/0x1ee0 [ 599.780812][T16423] __sys_recvmmsg+0x4ca/0x510 [ 599.785472][T16423] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 599.791518][T16423] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 599.797658][T16423] __do_fast_syscall_32+0x2aa/0x400 [ 599.802860][T16423] do_fast_syscall_32+0x6b/0xd0 [ 599.807699][T16423] do_SYSENTER_32+0x73/0x90 [ 599.812191][T16423] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 599.818496][T16423] [ 599.820804][T16423] Uninit was stored to memory at: [ 599.825813][T16423] kmsan_internal_chain_origin+0xad/0x130 [ 599.831515][T16423] __msan_chain_origin+0x50/0x90 [ 599.836436][T16423] __get_compat_msghdr+0x5be/0x890 [ 599.841531][T16423] get_compat_msghdr+0x108/0x270 [ 599.846453][T16423] do_recvmmsg+0xa6a/0x1ee0 [ 599.851040][T16423] __sys_recvmmsg+0x4ca/0x510 [ 599.855717][T16423] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 599.861872][T16423] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 599.868019][T16423] __do_fast_syscall_32+0x2aa/0x400 [ 599.873296][T16423] do_fast_syscall_32+0x6b/0xd0 [ 599.878132][T16423] do_SYSENTER_32+0x73/0x90 [ 599.882620][T16423] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 599.888921][T16423] [ 599.891229][T16423] Uninit was stored to memory at: [ 599.896237][T16423] kmsan_internal_chain_origin+0xad/0x130 [ 599.901938][T16423] __msan_chain_origin+0x50/0x90 [ 599.906859][T16423] __get_compat_msghdr+0x5be/0x890 [ 599.911951][T16423] get_compat_msghdr+0x108/0x270 [ 599.916876][T16423] do_recvmmsg+0xa6a/0x1ee0 [ 599.921362][T16423] __sys_recvmmsg+0x4ca/0x510 [ 599.926022][T16423] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 599.932069][T16423] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 599.938204][T16423] __do_fast_syscall_32+0x2aa/0x400 [ 599.943557][T16423] do_fast_syscall_32+0x6b/0xd0 [ 599.948388][T16423] do_SYSENTER_32+0x73/0x90 [ 599.952876][T16423] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 599.959177][T16423] [ 599.961485][T16423] Uninit was stored to memory at: [ 599.966493][T16423] kmsan_internal_chain_origin+0xad/0x130 [ 599.972202][T16423] __msan_chain_origin+0x50/0x90 [ 599.977124][T16423] __get_compat_msghdr+0x5be/0x890 [ 599.982222][T16423] get_compat_msghdr+0x108/0x270 [ 599.987143][T16423] do_recvmmsg+0xa6a/0x1ee0 [ 599.991628][T16423] __sys_recvmmsg+0x4ca/0x510 [ 599.996284][T16423] __se_compat_sys_recvmmsg_time32+0xfb/0x120 [ 600.002330][T16423] __ia32_compat_sys_recvmmsg_time32+0x62/0x80 [ 600.008465][T16423] __do_fast_syscall_32+0x2aa/0x400 [ 600.013648][T16423] do_fast_syscall_32+0x6b/0xd0 [ 600.018480][T16423] do_SYSENTER_32+0x73/0x90 [ 600.022964][T16423] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 600.029266][T16423] [ 600.031749][T16423] Local variable ----msg_sys@do_recvmmsg created at: [ 600.038409][T16423] do_recvmmsg+0xc5/0x1ee0 [ 600.042806][T16423] do_recvmmsg+0xc5/0x1ee0 01:53:59 executing program 0: perf_event_open(&(0x7f00000002c0)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f00000001c0)=0x1, 0x4) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4) sendmmsg(r0, &(0x7f0000007f40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000400)="9f", 0x2bf}], 0x1}}, {{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000940)='!', 0x1}], 0x1}}], 0x127ad, 0x0) 01:53:59 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x3d, 0x0) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000100)) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000001c0)) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xe847, 0x0, "0100002789361c00"}) dup3(0xffffffffffffffff, r0, 0x0) read(r0, &(0x7f00000000c0)=""/19, 0x13) 01:54:00 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/raw6\x00') execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 01:54:00 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:54:00 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00', 0x0) recvfrom$unix(0xffffffffffffffff, 0x0, 0x0, 0x2120, 0x0, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) syncfs(r0) fstatfs(r0, &(0x7f0000000640)=""/236) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) syncfs(r1) 01:54:00 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0x0, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000040)={{0x108, 0x2, 0x0, 0xf5, 0x207, 0x0, 0x0, 0x74}, "", [[]]}, 0x120) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000100)=""/70, 0x46}], 0x1, 0x5) 01:54:00 executing program 5: r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000080)={@multicast1, @local}, 0xc) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000100)={@multicast2, @local}, 0xc) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)={@multicast1, @local, 0x1}, 0x10) 01:54:00 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201, 0x0, 0x4c8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:54:01 executing program 2: r0 = perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 01:54:01 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x80, 0x0) ioctl$KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee3, &(0x7f00000001c0)={0x0, 0x9, 0xa4, &(0x7f0000000180)=0x800}) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000000c80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000380)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x8) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000300)='trusted.overlay.redirect\x00', &(0x7f0000000340)='./file1\x00', 0x8, 0x1) perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2026c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8}, 0x8000000200036150, 0x200800007b, 0x0, 0x0, 0x0, 0x10000001, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='rpc_pipefs\x00', 0x2008480, &(0x7f000000a000)) 01:54:01 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x3d, 0x0) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000100)) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000001c0)) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xe847, 0x0, "0100002789361c00"}) dup3(0xffffffffffffffff, r0, 0x0) read(r0, &(0x7f00000000c0)=""/19, 0x13) 01:54:01 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$getflags(r0, 0x1) 01:54:01 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendto$unix(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)=@file={0x0, './file0/../file0\x00'}, 0x6e) 01:54:01 executing program 0: mknod(&(0x7f0000000040)='./bus\x00', 0x2080008002, 0x28ad) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r0, 0xa, 0xffffffffffffffff) 01:54:01 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 601.896131][T16489] rpc_pipefs: Unknown parameter '' 01:54:01 executing program 2: r0 = socket(0x18, 0x1, 0x0) getsockopt(r0, 0x29, 0x11, 0x0, 0x0) 01:54:01 executing program 4: r0 = socket(0x2, 0x3, 0x0) getsockopt$sock_timeval(r0, 0xffff, 0x100c, 0x0, 0x0) 01:54:01 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) symlinkat(&(0x7f00000000c0)='/', r0, &(0x7f0000d06ff8)='./file0\x00') rename(&(0x7f0000001100)='./file0\x00', &(0x7f0000000000)='./file0/file0\x00') 01:54:01 executing program 5: r0 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r0, &(0x7f0000001440), 0xfffffc41) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)) dup(0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fadvise64(r0, 0x0, 0x0, 0x4) listen(0xffffffffffffffff, 0x0) 01:54:02 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000600)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000f4020000cc000000cc000000cc010000cc0100000000000060020000600200006002000060020000600200000400000000000000ac1e00010000000000000000000000007665746830000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000cc0020000000000000000000000000000000000000005c00484d41524b0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000001000000000000000000000000000000000000000000000000000000000000000810000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc0000010000000000000000000000000000000800000000480069707673000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000240073746174650000000000000000000000000000000000000000000000000000000000240052454a4543540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700094000000000000000000000000000000000000000000240052454a4543540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700094000000000000000000000000000000000000000000240000000000000000000000000000000000000000cf00000000080000000000feffffff"], 0x1) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_inet_SIOCSIFADDR(r2, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r1, &(0x7f0000000240)={@void, @val, @mpls={[], @ipv4=@icmp={{0x8, 0x4, 0x0, 0x0, 0x1002, 0x0, 0x0, 0x0, 0x1, 0x0, @dev, @remote={0xac, 0x14, 0x8}}, @timestamp}}}, 0x100c) 01:54:02 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 602.583135][T16521] x_tables: duplicate underflow at hook 2 01:54:02 executing program 2: perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@random="552968034bfa", @dev, @void, {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x0, @multicast, @remote, @dev, @local}}}}, 0x0) 01:54:02 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x3d, 0x0) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000100)) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000001c0)) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xe847, 0x0, "0100002789361c00"}) dup3(0xffffffffffffffff, r0, 0x0) read(r0, &(0x7f00000000c0)=""/19, 0x13) 01:54:02 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f00000001c0)={'bridge0\x00', &(0x7f0000000000)=@ethtool_cmd={0xa, 0x0, 0xf00}}) 01:54:02 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 603.166817][T16521] x_tables: duplicate underflow at hook 2 01:54:02 executing program 2: syz_emit_ethernet(0x26, &(0x7f0000000040)={@local, @dev, @void, {@ipv4={0x800, @generic={{0x6, 0x4, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0, 0x0, 0x0, @private=0xa010100, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@timestamp={0x7, 0x4, 0x4}]}}}}}}, 0x0) 01:54:03 executing program 4: mknod(&(0x7f0000000040)='./bus\x00', 0x8000, 0x6b2) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) readv(r0, &(0x7f00000021c0)=[{&(0x7f0000000080)=""/5, 0x5}], 0x1) 01:54:03 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:54:03 executing program 4: r0 = socket(0x2, 0x3, 0x0) getsockname$unix(r0, 0x0, 0x0) 01:54:03 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0002000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="380000002400070f56900f4c178a3a77baff0500", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newtfilter={0x4c, 0x2c, 0xe27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xfff1}}, [@filter_kind_options=@f_bpf={{0x8, 0x1, 'bpf\x00'}, {0x20, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6}]}}, @TCA_BPF_FLAGS={0x8, 0x8, 0x1}]}}]}, 0x4c}}, 0x0) 01:54:03 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendto$inet(r0, &(0x7f0000000000)="e6", 0x1, 0x0, 0x0, 0x0) 01:54:03 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uinput\x00', 0x2, 0x0) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x61) write$uinput_user_dev(r0, &(0x7f0000000d00)={'syz1\x00', {}, 0x41}, 0x45c) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$input_event(r0, &(0x7f0000000000)={{0x77359400}, 0x15, 0x61}, 0xfe4f) 01:54:03 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x3d, 0x0) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000100)) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000001c0)) r1 = syz_open_pts(r0, 0x0) dup3(r1, r0, 0x0) read(r0, &(0x7f00000000c0)=""/19, 0x13) [ 604.036931][T16571] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 01:54:03 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 604.254546][T16584] input: syz1 as /devices/virtual/input/input5 [ 604.497863][T16597] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 01:54:04 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() tkill(r0, 0x37) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = memfd_create(&(0x7f0000000040)='+\x8b\x8a\xa9\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\x94a\xac', 0x3) write$binfmt_misc(r2, &(0x7f0000000c40)=ANY=[], 0xff67) socket(0x10, 0x0, 0x0) ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000240)={0x6, 'lo\x00', {}, 0x2}) sendfile(r1, r2, &(0x7f0000000000), 0xffff) fcntl$addseals(r2, 0x409, 0x8) [ 604.546181][T16584] input: syz1 as /devices/virtual/input/input6 01:54:04 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000201]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:54:04 executing program 0: r0 = socket$inet6(0x10, 0x3, 0x0) perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendto$inet6(r0, &(0x7f0000000040)="900000001c001f4d154a817393278bff0a808f78020000006c36710014000100ac1414bb0542d6401051a2d708f37ac8da1a29760099c5ac0000c5b068d0bf47d3234565778d8757006113ffaf6c3efed495a46215be0000766426c0c80cef41d7891664969270b6507022d28581d158ba86c9d2896c342a033a0000000b001500de1df32c1739d7fbee9aa2417318e9", 0x90, 0x0, 0x0, 0x0) 01:54:04 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/packet\x00') r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendfile(r1, r0, 0x0, 0x80000002) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/netlink\x00') r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000001000)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000000c0)="0000000000800000", 0x8) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, 0x0, 0x0) r4 = accept4$alg(r3, 0x0, 0x0, 0x0) sendfile(r4, r2, 0x0, 0x20000002) [ 604.878264][T16571] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 01:54:04 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000000780)=[{{&(0x7f0000000240)={0xa, 0x4e25, 0x0, @remote}, 0x1c, 0x0}}], 0x1, 0x0) [ 605.072636][T16618] netlink: 96 bytes leftover after parsing attributes in process `syz-executor.0'. [ 605.094769][T16617] ===================================================== [ 605.101751][T16617] BUG: KMSAN: uninit-value in selinux_netlink_send+0x413/0xba0 [ 605.109309][T16617] CPU: 1 PID: 16617 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 605.117977][T16617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 605.128034][T16617] Call Trace: [ 605.131324][T16617] dump_stack+0x1df/0x240 [ 605.135653][T16617] kmsan_report+0xf7/0x1e0 [ 605.140064][T16617] __msan_warning+0x58/0xa0 [ 605.144554][T16617] selinux_netlink_send+0x413/0xba0 [ 605.149748][T16617] ? kmsan_get_metadata+0x11d/0x180 [ 605.154944][T16617] ? kmsan_get_metadata+0x11d/0x180 [ 605.160140][T16617] ? selinux_vm_enough_memory+0x1a0/0x1a0 [ 605.166017][T16617] security_netlink_send+0xef/0x1e0 [ 605.171209][T16617] netlink_sendmsg+0x1008/0x14d0 [ 605.176149][T16617] ? netlink_getsockopt+0x1440/0x1440 [ 605.181507][T16617] kernel_sendmsg+0x433/0x440 [ 605.186177][T16617] sock_no_sendpage+0x235/0x300 [ 605.191026][T16617] ? sock_no_mmap+0x30/0x30 [ 605.195515][T16617] sock_sendpage+0x1e1/0x2c0 [ 605.200099][T16617] pipe_to_sendpage+0x38c/0x4c0 [ 605.204939][T16617] ? sock_fasync+0x250/0x250 [ 605.209524][T16617] __splice_from_pipe+0x565/0xf00 [ 605.214536][T16617] ? generic_splice_sendpage+0x2d0/0x2d0 [ 605.220167][T16617] generic_splice_sendpage+0x1d5/0x2d0 [ 605.225617][T16617] ? iter_file_splice_write+0x1800/0x1800 [ 605.231322][T16617] direct_splice_actor+0x1fd/0x580 [ 605.236423][T16617] ? kmsan_get_metadata+0x4f/0x180 [ 605.241524][T16617] splice_direct_to_actor+0x6b2/0xf50 [ 605.246884][T16617] ? do_splice_direct+0x580/0x580 [ 605.251911][T16617] do_splice_direct+0x342/0x580 [ 605.256756][T16617] do_sendfile+0x101b/0x1d40 [ 605.261349][T16617] __se_compat_sys_sendfile+0x301/0x3c0 [ 605.266889][T16617] ? kmsan_get_metadata+0x11d/0x180 [ 605.272074][T16617] ? __ia32_sys_sendfile64+0x70/0x70 [ 605.277345][T16617] __ia32_compat_sys_sendfile+0x56/0x70 [ 605.282883][T16617] __do_fast_syscall_32+0x2aa/0x400 [ 605.288073][T16617] do_fast_syscall_32+0x6b/0xd0 [ 605.292912][T16617] do_SYSENTER_32+0x73/0x90 [ 605.297403][T16617] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 605.303711][T16617] RIP: 0023:0xf7f4c549 [ 605.307757][T16617] Code: Bad RIP value. [ 605.311803][T16617] RSP: 002b:00000000f5d470cc EFLAGS: 00000296 ORIG_RAX: 00000000000000bb [ 605.320197][T16617] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000003 [ 605.328164][T16617] RDX: 0000000000000000 RSI: 0000000080000002 RDI: 0000000000000000 [ 605.340206][T16617] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 605.348158][T16617] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 605.356114][T16617] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 605.364077][T16617] [ 605.366384][T16617] Uninit was stored to memory at: [ 605.371395][T16617] kmsan_internal_chain_origin+0xad/0x130 [ 605.377094][T16617] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 605.383052][T16617] kmsan_memcpy_metadata+0xb/0x10 [ 605.388058][T16617] __msan_memcpy+0x43/0x50 [ 605.392458][T16617] _copy_from_iter_full+0xbfe/0x13b0 [ 605.397728][T16617] netlink_sendmsg+0xfaa/0x14d0 [ 605.402560][T16617] kernel_sendmsg+0x433/0x440 [ 605.407217][T16617] sock_no_sendpage+0x235/0x300 [ 605.412062][T16617] sock_sendpage+0x1e1/0x2c0 [ 605.416647][T16617] pipe_to_sendpage+0x38c/0x4c0 [ 605.421480][T16617] __splice_from_pipe+0x565/0xf00 [ 605.426487][T16617] generic_splice_sendpage+0x1d5/0x2d0 [ 605.431927][T16617] direct_splice_actor+0x1fd/0x580 [ 605.437020][T16617] splice_direct_to_actor+0x6b2/0xf50 [ 605.442376][T16617] do_splice_direct+0x342/0x580 [ 605.447215][T16617] do_sendfile+0x101b/0x1d40 [ 605.451790][T16617] __se_compat_sys_sendfile+0x301/0x3c0 [ 605.457313][T16617] __ia32_compat_sys_sendfile+0x56/0x70 [ 605.462840][T16617] __do_fast_syscall_32+0x2aa/0x400 [ 605.468021][T16617] do_fast_syscall_32+0x6b/0xd0 [ 605.472851][T16617] do_SYSENTER_32+0x73/0x90 [ 605.477339][T16617] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 605.483637][T16617] [ 605.485943][T16617] Uninit was created at: [ 605.490168][T16617] kmsan_save_stack_with_flags+0x3c/0x90 [ 605.495781][T16617] kmsan_alloc_page+0xb9/0x180 [ 605.500524][T16617] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 605.506053][T16617] alloc_pages_current+0x672/0x990 [ 605.511143][T16617] push_pipe+0x605/0xb70 [ 605.515366][T16617] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 605.521069][T16617] do_splice_to+0x4fc/0x14f0 [ 605.525642][T16617] splice_direct_to_actor+0x45c/0xf50 [ 605.530996][T16617] do_splice_direct+0x342/0x580 [ 605.535827][T16617] do_sendfile+0x101b/0x1d40 [ 605.540400][T16617] __se_compat_sys_sendfile+0x301/0x3c0 [ 605.545925][T16617] __ia32_compat_sys_sendfile+0x56/0x70 [ 605.551450][T16617] __do_fast_syscall_32+0x2aa/0x400 [ 605.556631][T16617] do_fast_syscall_32+0x6b/0xd0 [ 605.561464][T16617] do_SYSENTER_32+0x73/0x90 [ 605.565958][T16617] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 605.572257][T16617] ===================================================== [ 605.579167][T16617] Disabling lock debugging due to kernel taint [ 605.585298][T16617] Kernel panic - not syncing: panic_on_warn set ... [ 605.591870][T16617] CPU: 1 PID: 16617 Comm: syz-executor.4 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 605.601919][T16617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 605.611962][T16617] Call Trace: [ 605.615252][T16617] dump_stack+0x1df/0x240 [ 605.619573][T16617] panic+0x3d5/0xc3e [ 605.623482][T16617] kmsan_report+0x1df/0x1e0 [ 605.627978][T16617] __msan_warning+0x58/0xa0 [ 605.632472][T16617] selinux_netlink_send+0x413/0xba0 [ 605.637668][T16617] ? kmsan_get_metadata+0x11d/0x180 [ 605.642856][T16617] ? kmsan_get_metadata+0x11d/0x180 [ 605.648048][T16617] ? selinux_vm_enough_memory+0x1a0/0x1a0 [ 605.653749][T16617] security_netlink_send+0xef/0x1e0 [ 605.658938][T16617] netlink_sendmsg+0x1008/0x14d0 [ 605.663873][T16617] ? netlink_getsockopt+0x1440/0x1440 [ 605.669229][T16617] kernel_sendmsg+0x433/0x440 [ 605.673897][T16617] sock_no_sendpage+0x235/0x300 [ 605.678757][T16617] ? sock_no_mmap+0x30/0x30 [ 605.683263][T16617] sock_sendpage+0x1e1/0x2c0 [ 605.687855][T16617] pipe_to_sendpage+0x38c/0x4c0 [ 605.692696][T16617] ? sock_fasync+0x250/0x250 [ 605.697282][T16617] __splice_from_pipe+0x565/0xf00 [ 605.702292][T16617] ? generic_splice_sendpage+0x2d0/0x2d0 [ 605.707924][T16617] generic_splice_sendpage+0x1d5/0x2d0 [ 605.713374][T16617] ? iter_file_splice_write+0x1800/0x1800 [ 605.719078][T16617] direct_splice_actor+0x1fd/0x580 [ 605.724181][T16617] ? kmsan_get_metadata+0x4f/0x180 [ 605.729290][T16617] splice_direct_to_actor+0x6b2/0xf50 [ 605.734645][T16617] ? do_splice_direct+0x580/0x580 [ 605.739669][T16617] do_splice_direct+0x342/0x580 [ 605.744515][T16617] do_sendfile+0x101b/0x1d40 [ 605.749108][T16617] __se_compat_sys_sendfile+0x301/0x3c0 [ 605.754661][T16617] ? kmsan_get_metadata+0x11d/0x180 [ 605.759865][T16617] ? __ia32_sys_sendfile64+0x70/0x70 [ 605.765175][T16617] __ia32_compat_sys_sendfile+0x56/0x70 [ 605.770714][T16617] __do_fast_syscall_32+0x2aa/0x400 [ 605.775907][T16617] do_fast_syscall_32+0x6b/0xd0 [ 605.780753][T16617] do_SYSENTER_32+0x73/0x90 [ 605.785244][T16617] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 605.791553][T16617] RIP: 0023:0xf7f4c549 [ 605.795595][T16617] Code: Bad RIP value. [ 605.799641][T16617] RSP: 002b:00000000f5d470cc EFLAGS: 00000296 ORIG_RAX: 00000000000000bb [ 605.808049][T16617] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000003 [ 605.816017][T16617] RDX: 0000000000000000 RSI: 0000000080000002 RDI: 0000000000000000 [ 605.823979][T16617] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 605.831936][T16617] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 605.839975][T16617] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 605.849316][T16617] Kernel Offset: 0x2800000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 605.860942][T16617] Rebooting in 86400 seconds..