l$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) [ 595.521674][T12210] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 595.623308][T12219] binder: 12216:12219 ioctl c0306201 0 returned -14 00:11:21 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:11:22 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) [ 595.780399][T12224] binder: 12216:12224 ioctl c0306201 20000540 returned -14 00:11:22 executing program 0: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) 00:11:22 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) [ 596.425047][T12237] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:11:22 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:11:22 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:11:22 executing program 0: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) 00:11:22 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 596.888130][T12249] binder: 12245:12249 ioctl c0306201 0 returned -14 00:11:23 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) [ 596.951496][T12258] binder: 12245:12258 ioctl c0306201 20000540 returned -14 [ 596.966801][T12248] kvm_hv_get_msr: 2 callbacks suppressed [ 596.966950][T12248] kvm [12243]: vcpu0, guest rIP: 0x145 Hyper-V unhandled rdmsr: 0x40000006 [ 597.157049][T12264] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:11:23 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) 00:11:23 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:11:23 executing program 0: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) 00:11:23 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:11:23 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) [ 597.570998][T12271] binder: 12269:12271 ioctl c0306201 20000200 returned -14 00:11:23 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 597.631026][T12275] binder: 12269:12275 ioctl c0306201 20000540 returned -14 00:11:24 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) [ 597.873593][T12282] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 597.894357][T12283] selinux_netlink_send: 5 callbacks suppressed [ 597.894408][T12283] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=43 sclass=netlink_route_socket pid=12283 comm=syz-executor.3 00:11:24 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) 00:11:24 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:11:24 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:11:24 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:11:24 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 598.410548][T12300] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:11:24 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 00:11:24 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:11:24 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) [ 598.715018][T12313] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=43 sclass=netlink_route_socket pid=12313 comm=syz-executor.3 [ 598.751887][T12314] binder: 12312:12314 ioctl c0306201 20000200 returned -14 [ 598.855459][T12316] binder: 12312:12316 ioctl c0306201 20000540 returned -14 [ 598.928577][T12319] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:11:25 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 599.008493][T12320] kvm [12309]: vcpu0, guest rIP: 0x135 Hyper-V unhandled rdmsr: 0x40000024 [ 599.017663][T12320] kvm [12309]: vcpu0, guest rIP: 0x145 Hyper-V unhandled rdmsr: 0x40000030 00:11:25 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) socket$inet_udp(0x2, 0x2, 0x0) 00:11:25 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:11:25 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:11:25 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 00:11:25 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) socket$inet_udp(0x2, 0x2, 0x0) 00:11:25 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) [ 599.773197][T12338] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 599.784060][T12340] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=43 sclass=netlink_route_socket pid=12340 comm=syz-executor.3 00:11:26 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(0x0) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 600.127705][T12357] binder: 12352:12357 unknown command 0 [ 600.133517][T12357] binder: 12352:12357 ioctl c0306201 20000200 returned -22 00:11:26 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:11:26 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:11:26 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) [ 600.190726][T12358] binder: 12352:12358 ioctl c0306201 20000540 returned -14 [ 600.519533][T12372] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 600.597508][T12372] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:11:26 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) socket$inet_udp(0x2, 0x2, 0x0) 00:11:26 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:11:27 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) [ 600.736107][T12386] binder: 12383:12386 unknown command 0 [ 600.742260][T12386] binder: 12383:12386 ioctl c0306201 20000200 returned -22 00:11:27 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) [ 600.844991][T12387] binder: 12383:12387 ioctl c0306201 20000540 returned -14 00:11:27 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 601.301617][T12393] kvm [12392]: vcpu0, guest rIP: 0x135 Hyper-V unhandled rdmsr: 0x40000024 [ 601.354635][T12400] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 601.392154][T12400] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:11:27 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(0x0) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:11:27 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:11:27 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) 00:11:27 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:11:27 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:11:27 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:11:28 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(0x0) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 601.893330][T12417] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 601.964025][T12422] binder: 12418:12422 unknown command 0 [ 601.969884][T12422] binder: 12418:12422 ioctl c0306201 20000200 returned -22 [ 602.065896][T12424] binder: 12418:12424 ioctl c0306201 20000540 returned -14 00:11:28 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 00:11:28 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) [ 602.237665][T12433] debugfs: Directory 'vcpu0' with parent '12433-4' already present! 00:11:28 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:11:28 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:11:28 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:11:29 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) [ 602.875496][T12448] __nla_validate_parse: 1 callbacks suppressed [ 602.875528][T12448] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 602.951573][T12452] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:11:29 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:11:29 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) [ 603.466866][T12470] binder: 12468:12470 unknown command 0 [ 603.472792][T12470] binder: 12468:12470 ioctl c0306201 20000200 returned -22 00:11:29 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:11:29 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) [ 603.669715][T12473] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 603.682576][T12470] binder: 12468:12470 ioctl c0306201 20000540 returned -14 [ 603.722680][T12475] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:11:29 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:11:30 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:11:30 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:11:30 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) [ 604.327522][T12499] binder: 12490:12499 unknown command 0 [ 604.333473][T12499] binder: 12490:12499 ioctl c0306201 20000200 returned -22 00:11:30 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 604.393472][T12500] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 604.407249][T12501] binder: 12490:12501 ioctl c0306201 20000540 returned -14 00:11:30 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 604.631675][T12500] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:11:30 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 00:11:31 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) [ 604.936100][T12514] binder: 12513:12514 unknown command 0 [ 604.942055][T12514] binder: 12513:12514 ioctl c0306201 20000200 returned -22 00:11:31 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00'], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) [ 605.010434][T12517] binder: 12513:12517 ioctl c0306201 20000540 returned -14 00:11:31 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup3(0xffffffffffffffff, r1, 0x0) dup2(r3, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:11:31 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 00:11:31 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 605.342399][T12524] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:11:31 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:11:31 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, 0x0, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x10) r3 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r3, 0x84, 0x79, &(0x7f0000000500)={r4, 0x8000}, 0x8) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r5, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r2, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 605.832319][T12532] debugfs: Directory 'vcpu0' with parent '12532-4' already present! [ 606.047070][T12545] binder: 12529:12545 unknown command 25348 [ 606.053385][T12545] binder: 12529:12545 ioctl c0306201 20000200 returned -22 [ 606.081706][T12549] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:11:32 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00'], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:11:32 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 606.098876][T12550] binder: 12529:12550 ioctl c0306201 20000540 returned -14 00:11:32 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 00:11:32 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:11:32 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00'], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) [ 606.473794][T12555] debugfs: Directory 'vcpu0' with parent '12555-4' already present! [ 606.525952][T12558] debugfs: Directory 'vcpu0' with parent '12555-4' already present! [ 606.542727][T12559] binder: 12557:12559 unknown command 25348 [ 606.548959][T12559] binder: 12557:12559 ioctl c0306201 20000200 returned -22 [ 606.603983][T12564] binder: 12557:12564 ioctl c0306201 20000540 returned -14 00:11:32 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, 0x0, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x10) r3 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r3, 0x84, 0x79, &(0x7f0000000500)={r4, 0x8000}, 0x8) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r5, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r2, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:11:33 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup3(0xffffffffffffffff, r1, 0x0) dup2(r3, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) [ 606.848084][T12569] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:11:33 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 00:11:33 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:11:33 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:11:33 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:11:33 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, 0x0, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x10) r3 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r3, 0x84, 0x79, &(0x7f0000000500)={r4, 0x8000}, 0x8) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r5, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r2, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 607.524605][T12588] binder: 12581:12588 unknown command 25348 [ 607.531668][T12588] binder: 12581:12588 ioctl c0306201 20000200 returned -22 [ 607.580347][T12592] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 607.617463][T12596] binder: 12581:12596 ioctl c0306201 20000540 returned -14 00:11:33 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup3(0xffffffffffffffff, r1, 0x0) dup2(r3, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:11:33 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 00:11:34 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:11:34 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:11:34 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="046304"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:11:34 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x10) r3 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r3, 0x84, 0x79, &(0x7f0000000500)={r4, 0x8000}, 0x8) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r5, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r2, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 608.179620][T12621] __nla_validate_parse: 1 callbacks suppressed [ 608.179661][T12621] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 608.242417][T12628] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 608.383283][T12632] binder: 12623:12632 unknown command 287492 [ 608.389585][T12632] binder: 12623:12632 ioctl c0306201 20000200 returned -22 [ 608.478559][T12635] binder: 12623:12635 ioctl c0306201 20000540 returned -14 00:11:34 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = dup3(r2, r1, 0x0) dup2(r3, 0xffffffffffffffff) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:11:34 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 00:11:34 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:11:35 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:11:35 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 00:11:35 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x10) r3 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r3, 0x84, 0x79, &(0x7f0000000500)={r4, 0x8000}, 0x8) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r5, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r2, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 609.008263][T12656] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 609.206361][T12659] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:11:35 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:11:35 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="046304"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:11:35 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = dup3(r2, r1, 0x0) dup2(r3, 0xffffffffffffffff) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:11:35 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:11:35 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) [ 609.767873][ C1] not chained 330000 origins [ 609.772538][ C1] CPU: 1 PID: 8818 Comm: sshd Not tainted 5.6.0-rc7-syzkaller #0 [ 609.780269][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 609.790340][ C1] Call Trace: [ 609.793639][ C1] [ 609.796529][ C1] dump_stack+0x1c9/0x220 [ 609.800919][ C1] kmsan_internal_chain_origin+0x6f/0x130 [ 609.806666][ C1] ? kmsan_internal_chain_origin+0xad/0x130 [ 609.812836][ C1] ? __msan_chain_origin+0x50/0x90 [ 609.817966][ C1] ? __skb_clone+0x863/0x970 [ 609.822574][ C1] ? skb_clone+0x404/0x5d0 [ 609.827014][ C1] ? br_flood+0xd14/0xf90 [ 609.831365][ C1] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 609.837104][ C1] ? br_nf_hook_thresh+0x4f7/0x680 [ 609.842243][ C1] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 609.848512][ C1] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 609.854088][ C1] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 609.859329][ C1] ? br_handle_frame+0xcd2/0x2050 [ 609.864781][ C1] ? __netif_receive_skb_core+0x21de/0x5840 [ 609.870710][ C1] ? process_backlog+0x936/0x1410 [ 609.875760][ C1] ? net_rx_action+0x786/0x1aa0 [ 609.880630][ C1] ? __do_softirq+0x311/0x83d [ 609.885335][ C1] ? do_softirq_own_stack+0x49/0x80 [ 609.890556][ C1] ? __local_bh_enable_ip+0x184/0x1d0 [ 609.895957][ C1] ? local_bh_enable+0x36/0x40 [ 609.900751][ C1] ? ip_finish_output2+0x2115/0x2610 [ 609.906061][ C1] ? __ip_finish_output+0x7fe/0xd80 [ 609.911287][ C1] ? ip_finish_output+0x166/0x410 [ 609.916329][ C1] ? ip_output+0x593/0x680 [ 609.920877][ C1] ? __ip_queue_xmit+0x1b5c/0x21a0 [ 609.926011][ C1] ? ip_queue_xmit+0xcc/0xf0 [ 609.930629][ C1] ? __tcp_transmit_skb+0x439c/0x6090 [ 609.936031][ C1] ? tcp_write_xmit+0x30e1/0xb470 [ 609.941080][ C1] ? __tcp_push_pending_frames+0x124/0x4e0 [ 609.946911][ C1] ? tcp_push+0x6fa/0x8a0 [ 609.951387][ C1] ? tcp_sendmsg_locked+0x5d89/0x6d00 [ 609.956787][ C1] ? tcp_sendmsg+0xb2/0x100 [ 609.963672][ C1] ? inet_sendmsg+0x178/0x2e0 [ 609.968413][ C1] ? sock_write_iter+0x606/0x6d0 [ 609.973384][ C1] ? __vfs_write+0xa5a/0xca0 [ 609.978003][ C1] ? vfs_write+0x44a/0x8f0 [ 609.982467][ C1] ? ksys_write+0x267/0x450 [ 609.987014][ C1] ? __se_sys_write+0x92/0xb0 [ 609.991716][ C1] ? __x64_sys_write+0x4a/0x70 [ 609.996502][ C1] ? do_syscall_64+0xb8/0x160 [ 610.001201][ C1] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 610.007312][ C1] ? kmsan_memcpy_memmove_metadata+0x10c/0x2e0 [ 610.013625][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 610.018860][ C1] ? kmsan_set_origin_checked+0x95/0xf0 [ 610.024461][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 610.029697][ C1] __msan_chain_origin+0x50/0x90 [ 610.034696][ C1] __skb_clone+0x939/0x970 [ 610.039161][ C1] skb_clone+0x404/0x5d0 [ 610.043469][ C1] br_flood+0xd14/0xf90 [ 610.047718][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 610.053350][ C1] ? brport_get_ownership+0xf0/0xf0 [ 610.058578][ C1] ? brport_get_ownership+0xf0/0xf0 [ 610.063808][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 610.068825][ C1] ? brport_get_ownership+0xf0/0xf0 [ 610.074155][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 610.080251][ C1] ? brport_get_ownership+0xf0/0xf0 [ 610.085520][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 610.090951][ C1] ? br_nf_pre_routing_ipv6+0x7f0/0x7f0 [ 610.096535][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 610.101635][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 610.106881][ C1] ? brnf_device_event+0x3c0/0x3c0 [ 610.112023][ C1] br_handle_frame+0xcd2/0x2050 [ 610.116946][ C1] ? brport_get_ownership+0xf0/0xf0 [ 610.122173][ C1] ? br_pass_frame_up+0x9c0/0x9c0 [ 610.127217][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 610.133189][ C1] ? __msan_poison_alloca+0xf0/0x120 [ 610.138502][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 610.143663][ C1] process_backlog+0x936/0x1410 [ 610.148571][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 610.154610][ C1] ? ip_local_deliver_finish+0x350/0x350 [ 610.160317][ C1] ? rps_trigger_softirq+0x2e0/0x2e0 [ 610.165644][ C1] net_rx_action+0x786/0x1aa0 [ 610.170413][ C1] ? net_tx_action+0xc30/0xc30 [ 610.175219][ C1] __do_softirq+0x311/0x83d [ 610.179781][ C1] do_softirq_own_stack+0x49/0x80 [ 610.184815][ C1] [ 610.187777][ C1] __local_bh_enable_ip+0x184/0x1d0 [ 610.193025][ C1] local_bh_enable+0x36/0x40 [ 610.197649][ C1] ip_finish_output2+0x2115/0x2610 [ 610.202792][ C1] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 610.208884][ C1] ? nf_ct_deliver_cached_events+0x511/0x6c0 [ 610.214889][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 610.220179][ C1] __ip_finish_output+0x7fe/0xd80 [ 610.225288][ C1] ip_finish_output+0x166/0x410 [ 610.230198][ C1] ip_output+0x593/0x680 [ 610.234500][ C1] ? ip_mc_finish_output+0x6c0/0x6c0 [ 610.239811][ C1] ? ip_finish_output+0x410/0x410 [ 610.244855][ C1] __ip_queue_xmit+0x1b5c/0x21a0 [ 610.249818][ C1] ? kmsan_set_origin_checked+0x95/0xf0 [ 610.255401][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 610.260652][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 610.265889][ C1] ip_queue_xmit+0xcc/0xf0 [ 610.270342][ C1] ? tcp_v4_fill_cb+0x580/0x580 [ 610.275239][ C1] __tcp_transmit_skb+0x439c/0x6090 [ 610.280465][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 610.285756][ C1] tcp_write_xmit+0x30e1/0xb470 [ 610.290693][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 610.296649][ C1] __tcp_push_pending_frames+0x124/0x4e0 [ 610.302330][ C1] tcp_push+0x6fa/0x8a0 [ 610.306558][ C1] tcp_sendmsg_locked+0x5d89/0x6d00 [ 610.311944][ C1] tcp_sendmsg+0xb2/0x100 [ 610.316310][ C1] ? tcp_sendmsg_locked+0x6d00/0x6d00 [ 610.321702][ C1] ? tcp_sendmsg_locked+0x6d00/0x6d00 [ 610.327101][ C1] inet_sendmsg+0x178/0x2e0 [ 610.331654][ C1] ? inet_send_prepare+0x600/0x600 [ 610.336791][ C1] ? inet_send_prepare+0x600/0x600 [ 610.341928][ C1] sock_write_iter+0x606/0x6d0 [ 610.346887][ C1] ? sock_read_iter+0x700/0x700 [ 610.351772][ C1] __vfs_write+0xa5a/0xca0 [ 610.356277][ C1] vfs_write+0x44a/0x8f0 [ 610.360578][ C1] ksys_write+0x267/0x450 [ 610.364968][ C1] __se_sys_write+0x92/0xb0 [ 610.369517][ C1] __x64_sys_write+0x4a/0x70 [ 610.374138][ C1] do_syscall_64+0xb8/0x160 [ 610.378681][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 610.384595][ C1] RIP: 0033:0x7f2aadecc970 [ 610.389053][ C1] Code: 73 01 c3 48 8b 0d 28 d5 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 99 2d 2c 00 00 75 10 b8 01 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 7e 9b 01 00 48 89 04 24 [ 610.408688][ C1] RSP: 002b:00007ffc7f4abca8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 610.417127][ C1] RAX: ffffffffffffffda RBX: 00000000000007f4 RCX: 00007f2aadecc970 [ 610.425122][ C1] RDX: 00000000000007f4 RSI: 000056180e57a190 RDI: 0000000000000003 [ 610.433111][ C1] RBP: 000056180e55e750 R08: 00007ffc7f519080 R09: 0000000000000070 [ 610.441203][ C1] R10: 0000000000000261 R11: 0000000000000246 R12: 0000000000000001 [ 610.449219][ C1] R13: 00007ffc7f4abd3f R14: 000056180d8fdbe7 R15: 0000000000000003 [ 610.457243][ C1] Uninit was stored to memory at: [ 610.462298][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 610.468033][ C1] __msan_chain_origin+0x50/0x90 [ 610.472986][ C1] __skb_clone+0x939/0x970 [ 610.477430][ C1] skb_clone+0x404/0x5d0 [ 610.481702][ C1] br_flood+0xa8e/0xf90 [ 610.485875][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 610.491440][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 610.496403][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 610.503631][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 610.509091][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 610.514130][ C1] br_handle_frame+0xcd2/0x2050 [ 610.518997][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 610.524847][ C1] process_backlog+0x936/0x1410 [ 610.530073][ C1] net_rx_action+0x786/0x1aa0 [ 610.534792][ C1] __do_softirq+0x311/0x83d [ 610.539294][ C1] [ 610.541624][ C1] Uninit was stored to memory at: [ 610.546676][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 610.552427][ C1] __msan_chain_origin+0x50/0x90 [ 610.557377][ C1] __skb_clone+0x939/0x970 [ 610.561794][ C1] skb_clone+0x404/0x5d0 [ 610.566040][ C1] br_flood+0xa8e/0xf90 [ 610.570205][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 610.575760][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 610.580719][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 610.586799][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 610.592178][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 610.597211][ C1] br_handle_frame+0xcd2/0x2050 [ 610.602072][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 610.607806][ C1] process_backlog+0x936/0x1410 [ 610.612695][ C1] net_rx_action+0x786/0x1aa0 [ 610.617384][ C1] __do_softirq+0x311/0x83d [ 610.621887][ C1] [ 610.624216][ C1] Uninit was stored to memory at: [ 610.629278][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 610.635013][ C1] __msan_chain_origin+0x50/0x90 [ 610.640759][ C1] __skb_clone+0x939/0x970 [ 610.645180][ C1] skb_clone+0x404/0x5d0 [ 610.649433][ C1] br_flood+0xa8e/0xf90 [ 610.653597][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 610.659154][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 610.664102][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 610.670176][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 610.675563][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 610.680597][ C1] br_handle_frame+0xcd2/0x2050 [ 610.685472][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 610.691214][ C1] process_backlog+0x936/0x1410 [ 610.696076][ C1] net_rx_action+0x786/0x1aa0 [ 610.700775][ C1] __do_softirq+0x311/0x83d [ 610.705268][ C1] [ 610.707591][ C1] Uninit was stored to memory at: [ 610.712628][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 610.718369][ C1] __msan_chain_origin+0x50/0x90 [ 610.723330][ C1] __skb_clone+0x939/0x970 [ 610.727752][ C1] skb_clone+0x404/0x5d0 [ 610.732060][ C1] br_flood+0xa8e/0xf90 [ 610.736228][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 610.742132][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 610.749072][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 610.755152][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 610.760537][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 610.765579][ C1] br_handle_frame+0xcd2/0x2050 [ 610.770451][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 610.776175][ C1] process_backlog+0x936/0x1410 [ 610.781035][ C1] net_rx_action+0x786/0x1aa0 [ 610.785719][ C1] __do_softirq+0x311/0x83d [ 610.790212][ C1] [ 610.792542][ C1] Uninit was stored to memory at: [ 610.797579][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 610.803491][ C1] __msan_chain_origin+0x50/0x90 [ 610.808440][ C1] __skb_clone+0x939/0x970 [ 610.812871][ C1] skb_clone+0x404/0x5d0 [ 610.817133][ C1] br_flood+0xa8e/0xf90 [ 610.821300][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 610.826856][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 610.831809][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 610.837885][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 610.843282][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 610.848320][ C1] br_handle_frame+0xcd2/0x2050 [ 610.853186][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 610.858917][ C1] process_backlog+0x936/0x1410 [ 610.863870][ C1] net_rx_action+0x786/0x1aa0 [ 610.868663][ C1] __do_softirq+0x311/0x83d [ 610.873165][ C1] [ 610.875495][ C1] Uninit was stored to memory at: [ 610.880532][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 610.886262][ C1] __msan_chain_origin+0x50/0x90 [ 610.891215][ C1] __skb_clone+0x863/0x970 [ 610.895721][ C1] skb_clone+0x404/0x5d0 [ 610.900165][ C1] br_flood+0xa8e/0xf90 [ 610.904340][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 610.909905][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 610.914864][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 610.921904][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 610.927412][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 610.932452][ C1] br_handle_frame+0xcd2/0x2050 [ 610.937311][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 610.943151][ C1] process_backlog+0x936/0x1410 [ 610.948024][ C1] net_rx_action+0x786/0x1aa0 [ 610.952722][ C1] __do_softirq+0x311/0x83d [ 610.957226][ C1] [ 610.959560][ C1] Uninit was stored to memory at: [ 610.964617][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 610.970355][ C1] __msan_chain_origin+0x50/0x90 [ 610.975298][ C1] skb_clone+0x486/0x5d0 [ 610.979545][ C1] br_flood+0xa8e/0xf90 [ 610.983714][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 610.989261][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 610.994205][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 611.000275][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 611.005660][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 611.010703][ C1] br_handle_frame+0xcd2/0x2050 [ 611.015566][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 611.021300][ C1] process_backlog+0x936/0x1410 [ 611.026156][ C1] net_rx_action+0x786/0x1aa0 [ 611.030844][ C1] __do_softirq+0x311/0x83d [ 611.035340][ C1] [ 611.037671][ C1] Uninit was created at: [ 611.041926][ C1] kmsan_internal_poison_shadow+0x66/0xd0 [ 611.047785][ C1] kmsan_slab_alloc+0x8a/0xe0 [ 611.052482][ C1] kmem_cache_alloc+0x711/0xd70 [ 611.057347][ C1] skb_clone+0x328/0x5d0 [ 611.061601][ C1] br_flood+0xa8e/0xf90 [ 611.065773][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 611.071323][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 611.076285][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 611.082392][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 611.087770][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 611.092816][ C1] br_handle_frame+0xcd2/0x2050 [ 611.097684][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 611.103411][ C1] process_backlog+0x936/0x1410 [ 611.108282][ C1] net_rx_action+0x786/0x1aa0 [ 611.112973][ C1] __do_softirq+0x311/0x83d 00:11:35 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x10) r3 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r3, 0x84, 0x79, &(0x7f0000000500)={r4, 0x8000}, 0x8) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r5, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r2, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 611.726173][T12689] binder: 12680:12689 unknown command 287492 [ 611.732524][T12689] binder: 12680:12689 ioctl c0306201 20000200 returned -22 [ 611.749387][T12686] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 611.972664][T12693] binder: 12680:12693 ioctl c0306201 20000540 returned -14 [ 611.993038][T12687] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 612.575516][T12715] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 612.591221][T12716] binder: 12713:12716 unknown command 287492 [ 612.597462][T12716] binder: 12713:12716 ioctl c0306201 20000200 returned -22 [ 612.673588][T12720] binder: 12713:12720 ioctl c0306201 20000540 returned -14 [ 612.681668][T12719] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 613.841724][T12749] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 613.906220][T12751] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 614.580425][T12762] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 614.637872][T12766] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:11:37 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 00:11:38 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 00:11:38 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:11:38 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="046304"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:11:38 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x10) r3 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r3, 0x84, 0x79, &(0x7f0000000500)={r4, 0x8000}, 0x8) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r5, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r2, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:11:39 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 00:11:39 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 00:11:39 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:11:40 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = dup3(r2, r1, 0x0) dup2(r3, 0xffffffffffffffff) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:11:40 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:11:40 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x10) r3 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r3, 0x84, 0x79, &(0x7f0000000500)={r4, 0x8000}, 0x8) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r5, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r2, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:11:40 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:11:40 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="00000000000000002800120009000100766574"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:11:40 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:11:40 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x10) r3 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r3, 0x84, 0x79, &(0x7f0000000500)={r4, 0x8000}, 0x8) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r5, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r2, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:11:41 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:11:41 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:11:41 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:11:41 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="00000000000000002800120009000100766574"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:11:41 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:11:41 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, 0x0, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x10) r3 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r3, 0x84, 0x79, &(0x7f0000000500)={r4, 0x8000}, 0x8) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r5, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r2, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:11:42 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) [ 615.860454][T12808] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 615.916298][T12810] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:11:42 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:11:42 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:11:42 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="00000000000000002800120009000100766574"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:11:42 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) [ 616.692443][T12839] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:11:42 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:11:42 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:11:42 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r0, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) 00:11:43 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, 0x0, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x10) r3 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r3, 0x84, 0x79, &(0x7f0000000500)={r4, 0x8000}, 0x8) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r5, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r2, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:11:43 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:11:43 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:11:43 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r0, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) 00:11:43 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, 0x0, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x10) r3 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r3, 0x84, 0x79, &(0x7f0000000500)={r4, 0x8000}, 0x8) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r5, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r2, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 617.367430][T12865] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. [ 617.430886][T12868] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:11:43 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:11:43 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:11:44 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:11:44 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:11:44 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:11:44 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0x0, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:11:44 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r0, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) [ 618.094367][T12894] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. 00:11:44 executing program 0: ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x4c05, &(0x7f0000000080)) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x88442, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) inotify_rm_watch(0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, 0x0, &(0x7f0000000380)) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000ac0)=ANY=[@ANYBLOB="b700000012edffffbfa30000000000000703000028feffff620af0fff8ffffff61a4f0ff000000003e040000000000001d400300000000006504000001ed000067000000170000000c44000000000000630a00fe000000006e40000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50b91f32050e436fe275daf51efd601b6482a7d26f44198efefb202ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd8dff0c710e4cdbf4fc41fbba4f94329e646b8ee6de2109fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b845d8f6365c7109b151b8b9f75dd08d123deda8a3658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d99edc3a6138d5f728d236619074d6ebdf098bc908f50ad228a40f9411fe7226a4040b96e37c4f46010400000000000029faf75ddd1aa96960bca97af13382cb881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7bb2b1ed81d2cf370ee4a2a00ebeb476ea3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb4f8f67b8bb84b0e733a63784ccc214d930cbb7e090d63fcd7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb7a05d9e22ce67f1231bd236486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931485747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee6335eb811a085ca14a7989f9777f600000000000000000000000000000000000000000000000000000000000386000000b854adb4f8080064e8407c6bdb37f4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885f69754932609f19e2f615a01cb6d17fbf5cb5d5514ad8264f7b029b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953b78a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347932a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd239e4a50d7eb8e327fb5db12cbd6a9ef547fd6ee9760d784cb1138e8e671c4f251cabdfe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857f78b2414aa962a055034cb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa232697526e24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066bcfb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f8089322d84ac523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6eedc73a2655ba3a3463a0fb9ed379af0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572c921ac1476027772c87d1767e38ba49e3e57"], &(0x7f00000001c0)='GPL\x00'}, 0x48) r0 = getpid() tkill(r0, 0x23) 00:11:45 executing program 2: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) 00:11:45 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:11:45 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) [ 619.063363][T12921] binder: 12919:12921 ioctl c0306201 20000540 returned -14 [ 619.343136][T12931] __nla_validate_parse: 1 callbacks suppressed [ 619.343168][T12931] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. 00:11:45 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0x0, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:11:45 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:11:45 executing program 2: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) 00:11:45 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) [ 619.421183][T12933] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:11:45 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000000)) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r1 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = dup3(r1, 0xffffffffffffffff, 0x0) dup2(r2, r0) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:11:45 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0x0, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:11:46 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:11:46 executing program 2: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) [ 619.802598][T12940] binder: 12937:12940 ioctl c0306201 20000540 returned -14 [ 620.169664][T12949] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 620.271159][T12956] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 620.788431][T12967] binder: 12962:12967 ioctl c0306201 20000540 returned -14 00:11:46 executing program 0: ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x4c05, &(0x7f0000000080)) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x88442, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) inotify_rm_watch(0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, 0x0, &(0x7f0000000380)) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000ac0)=ANY=[@ANYBLOB="b700000012edffffbfa30000000000000703000028feffff620af0fff8ffffff61a4f0ff000000003e040000000000001d400300000000006504000001ed000067000000170000000c44000000000000630a00fe000000006e40000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50b91f32050e436fe275daf51efd601b6482a7d26f44198efefb202ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd8dff0c710e4cdbf4fc41fbba4f94329e646b8ee6de2109fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b845d8f6365c7109b151b8b9f75dd08d123deda8a3658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d99edc3a6138d5f728d236619074d6ebdf098bc908f50ad228a40f9411fe7226a4040b96e37c4f46010400000000000029faf75ddd1aa96960bca97af13382cb881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7bb2b1ed81d2cf370ee4a2a00ebeb476ea3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb4f8f67b8bb84b0e733a63784ccc214d930cbb7e090d63fcd7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb7a05d9e22ce67f1231bd236486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931485747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee6335eb811a085ca14a7989f9777f600000000000000000000000000000000000000000000000000000000000386000000b854adb4f8080064e8407c6bdb37f4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885f69754932609f19e2f615a01cb6d17fbf5cb5d5514ad8264f7b029b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953b78a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347932a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd239e4a50d7eb8e327fb5db12cbd6a9ef547fd6ee9760d784cb1138e8e671c4f251cabdfe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857f78b2414aa962a055034cb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa232697526e24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066bcfb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f8089322d84ac523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6eedc73a2655ba3a3463a0fb9ed379af0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572c921ac1476027772c87d1767e38ba49e3e57"], &(0x7f00000001c0)='GPL\x00'}, 0x48) r0 = getpid() tkill(r0, 0x23) 00:11:46 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000000)) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r1 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = dup3(r1, 0xffffffffffffffff, 0x0) dup2(r2, r0) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:11:46 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:11:46 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(0xffffffffffffffff, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:11:46 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:11:47 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000000)) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r1 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = dup3(r1, 0xffffffffffffffff, 0x0) dup2(r2, r0) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:11:47 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:11:47 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:11:47 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(0xffffffffffffffff, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 621.427327][T12984] binder: 12980:12984 ioctl c0306201 0 returned -14 [ 621.481470][T12984] binder: 12980:12984 ioctl c0306201 20000540 returned -14 00:11:47 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000000)) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r2 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = dup3(r2, r0, 0x0) dup2(r3, r1) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) [ 626.738295][ C1] not chained 340000 origins [ 626.743135][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.6.0-rc7-syzkaller #0 [ 626.751502][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 626.761807][ C1] Call Trace: [ 626.765161][ C1] dump_stack+0x1c9/0x220 [ 626.769903][ C1] kmsan_internal_chain_origin+0x6f/0x130 [ 626.775673][ C1] ? kmsan_internal_chain_origin+0xad/0x130 [ 626.781618][ C1] ? __msan_chain_origin+0x50/0x90 [ 626.787071][ C1] ? __skb_clone+0x863/0x970 [ 626.791696][ C1] ? skb_clone+0x404/0x5d0 [ 626.796242][ C1] ? br_flood+0xa8e/0xf90 [ 626.800695][ C1] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 626.806454][ C1] ? br_nf_hook_thresh+0x4f7/0x680 [ 626.811811][ C1] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 626.818495][ C1] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 626.824238][ C1] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 626.829675][ C1] ? br_handle_frame+0xcd2/0x2050 [ 626.834878][ C1] ? __netif_receive_skb_core+0x21de/0x5840 [ 626.841923][ C1] ? __netif_receive_skb_list_core+0x315/0x1380 [ 626.848214][ C1] ? netif_receive_skb_list_internal+0xf62/0x1620 [ 626.854893][ C1] ? napi_gro_receive+0xae7/0xf90 [ 626.859957][ C1] ? gro_cell_poll+0x24c/0x400 [ 626.864764][ C1] ? net_rx_action+0x786/0x1aa0 [ 626.869765][ C1] ? __do_softirq+0x311/0x83d [ 626.875525][ C1] ? run_ksoftirqd+0x25/0x40 [ 626.880152][ C1] ? smpboot_thread_fn+0x493/0x980 [ 626.885722][ C1] ? kthread+0x4b5/0x4f0 [ 626.890260][ C1] ? ret_from_fork+0x35/0x40 [ 626.895129][ C1] ? skb_clone+0x486/0x5d0 [ 626.899670][ C1] ? br_flood+0xa8e/0xf90 [ 626.905148][ C1] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 626.911047][ C1] ? br_nf_hook_thresh+0x4f7/0x680 [ 626.916297][ C1] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 626.922672][ C1] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 626.928527][ C1] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 626.933995][ C1] ? br_handle_frame+0xcd2/0x2050 [ 626.939064][ C1] ? __netif_receive_skb_core+0x21de/0x5840 [ 626.944997][ C1] ? __netif_receive_skb_list_core+0x315/0x1380 [ 626.951275][ C1] ? netif_receive_skb_list_internal+0xf62/0x1620 [ 626.957958][ C1] ? napi_gro_receive+0xae7/0xf90 [ 626.963027][ C1] ? gro_cell_poll+0x24c/0x400 [ 626.968237][ C1] ? net_rx_action+0x786/0x1aa0 [ 626.973181][ C1] ? __do_softirq+0x311/0x83d [ 626.978048][ C1] ? kmsan_memcpy_memmove_metadata+0x10c/0x2e0 [ 626.984268][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 626.989745][ C1] ? kmsan_set_origin_checked+0x95/0xf0 [ 626.995365][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 627.000775][ C1] __msan_chain_origin+0x50/0x90 [ 627.005899][ C1] __skb_clone+0x939/0x970 [ 627.010515][ C1] skb_clone+0x404/0x5d0 [ 627.014825][ C1] br_flood+0xa8e/0xf90 [ 627.019193][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 627.024837][ C1] ? brport_get_ownership+0xf0/0xf0 [ 627.030308][ C1] ? brport_get_ownership+0xf0/0xf0 [ 627.035623][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 627.041169][ C1] ? brport_get_ownership+0xf0/0xf0 [ 627.046693][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 627.052892][ C1] ? brport_get_ownership+0xf0/0xf0 [ 627.058336][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 627.063869][ C1] ? br_nf_pre_routing_ipv6+0x7f0/0x7f0 [ 627.069543][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 627.074652][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 627.079886][ C1] ? brnf_device_event+0x3c0/0x3c0 [ 627.085181][ C1] br_handle_frame+0xcd2/0x2050 [ 627.090262][ C1] ? brport_get_ownership+0xf0/0xf0 [ 627.096328][ C1] ? br_pass_frame_up+0x9c0/0x9c0 [ 627.101528][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 627.107886][ C1] ? ipv6_gro_receive+0x25e2/0x2960 [ 627.113584][ C1] ? check_preempt_wakeup+0x167/0x15d0 [ 627.119138][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 627.124412][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 627.130525][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 627.135947][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 627.141456][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 627.148788][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 627.154745][ C1] napi_gro_receive+0xae7/0xf90 [ 627.159770][ C1] gro_cell_poll+0x24c/0x400 [ 627.164609][ C1] ? gro_cells_init+0x510/0x510 [ 627.169803][ C1] net_rx_action+0x786/0x1aa0 [ 627.174569][ C1] ? net_tx_action+0xc30/0xc30 [ 627.179395][ C1] __do_softirq+0x311/0x83d [ 627.183977][ C1] ? ksoftirqd_should_run+0x30/0x30 [ 627.189231][ C1] ? takeover_tasklets+0x8f0/0x8f0 [ 627.194598][ C1] run_ksoftirqd+0x25/0x40 [ 627.199324][ C1] smpboot_thread_fn+0x493/0x980 [ 627.204611][ C1] kthread+0x4b5/0x4f0 [ 627.209071][ C1] ? cpu_report_death+0x180/0x180 [ 627.214584][ C1] ? kthread_blkcg+0xf0/0xf0 [ 627.219431][ C1] ret_from_fork+0x35/0x40 [ 627.225556][ C1] Uninit was stored to memory at: [ 627.232130][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 627.238581][ C1] __msan_chain_origin+0x50/0x90 [ 627.243854][ C1] __skb_clone+0x939/0x970 [ 627.248445][ C1] skb_clone+0x404/0x5d0 [ 627.253758][ C1] br_flood+0xa8e/0xf90 [ 627.259858][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 627.265810][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 627.273077][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 627.282514][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 627.288244][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 627.293398][ C1] br_handle_frame+0xcd2/0x2050 [ 627.298532][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 627.304727][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 627.311504][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 627.318461][ C1] napi_gro_receive+0xae7/0xf90 [ 627.323873][ C1] gro_cell_poll+0x24c/0x400 [ 627.328592][ C1] net_rx_action+0x786/0x1aa0 [ 627.334113][ C1] __do_softirq+0x311/0x83d [ 627.338725][ C1] [ 627.341266][ C1] Uninit was stored to memory at: [ 627.346349][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 627.352563][ C1] __msan_chain_origin+0x50/0x90 [ 627.358278][ C1] __skb_clone+0x939/0x970 [ 627.362732][ C1] skb_clone+0x404/0x5d0 [ 627.368422][ C1] br_flood+0xa8e/0xf90 [ 627.374851][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 627.383052][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 627.390017][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 627.398620][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 627.406294][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 627.413258][ C1] br_handle_frame+0xcd2/0x2050 [ 627.420901][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 627.429577][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 627.438221][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 627.448769][ C1] napi_gro_receive+0xae7/0xf90 [ 627.455365][ C1] gro_cell_poll+0x24c/0x400 [ 627.460832][ C1] net_rx_action+0x786/0x1aa0 [ 627.468296][ C1] __do_softirq+0x311/0x83d [ 627.474569][ C1] [ 627.478152][ C1] Uninit was stored to memory at: [ 627.485238][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 627.491195][ C1] __msan_chain_origin+0x50/0x90 [ 627.496369][ C1] __skb_clone+0x939/0x970 [ 627.501118][ C1] skb_clone+0x404/0x5d0 [ 627.505895][ C1] br_flood+0xa8e/0xf90 [ 627.511133][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 627.517237][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 627.522444][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 627.528939][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 627.534540][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 627.540000][ C1] br_handle_frame+0xcd2/0x2050 [ 627.545080][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 627.551162][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 627.559253][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 627.568653][ C1] napi_gro_receive+0xae7/0xf90 [ 627.576067][ C1] gro_cell_poll+0x24c/0x400 [ 627.582149][ C1] net_rx_action+0x786/0x1aa0 [ 627.588212][ C1] __do_softirq+0x311/0x83d [ 627.592852][ C1] [ 627.595923][ C1] Uninit was stored to memory at: [ 627.602403][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 627.609148][ C1] __msan_chain_origin+0x50/0x90 [ 627.614282][ C1] __skb_clone+0x939/0x970 [ 627.619193][ C1] skb_clone+0x404/0x5d0 [ 627.623523][ C1] br_flood+0xa8e/0xf90 [ 627.627831][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 627.633729][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 627.639905][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 627.646223][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 627.651784][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 627.656858][ C1] br_handle_frame+0xcd2/0x2050 [ 627.662218][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 627.668300][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 627.674809][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 627.681271][ C1] napi_gro_receive+0xae7/0xf90 [ 627.686332][ C1] gro_cell_poll+0x24c/0x400 [ 627.691348][ C1] net_rx_action+0x786/0x1aa0 [ 627.696492][ C1] __do_softirq+0x311/0x83d [ 627.701411][ C1] [ 627.705189][ C1] Uninit was stored to memory at: [ 627.710417][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 627.716261][ C1] __msan_chain_origin+0x50/0x90 [ 627.721376][ C1] pskb_expand_head+0x1750/0x1b00 [ 627.727278][ C1] geneve_build_skb+0x4c0/0xe00 [ 627.733841][ C1] geneve_xmit+0x25a3/0x2c20 [ 627.738639][ C1] dev_hard_start_xmit+0x531/0xab0 [ 627.744341][ C1] __dev_queue_xmit+0x2f8d/0x3b20 [ 627.749847][ C1] dev_queue_xmit+0x4b/0x60 [ 627.756183][ C1] br_dev_queue_push_xmit+0x7f5/0x8b0 [ 627.762087][ C1] br_nf_dev_queue_xmit+0x693/0x1910 [ 627.768200][ C1] br_nf_post_routing+0x152e/0x17e0 [ 627.773463][ C1] nf_hook_slow+0x16e/0x400 [ 627.780220][ C1] br_forward_finish+0x24a/0x3f0 [ 627.785230][ C1] br_nf_forward_finish+0xf47/0x11a0 [ 627.790545][ C1] br_nf_forward_ip+0x1d4e/0x1f30 [ 627.795941][ C1] nf_hook_slow+0x16e/0x400 [ 627.801566][ C1] __br_forward+0x75c/0xe30 [ 627.806851][ C1] br_flood+0xb0b/0xf90 [ 627.811054][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 627.817071][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 627.822137][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 627.828677][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 627.834218][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 627.839441][ C1] br_handle_frame+0xcd2/0x2050 [ 627.844567][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 627.850451][ C1] process_backlog+0x936/0x1410 [ 627.856535][ C1] net_rx_action+0x786/0x1aa0 [ 627.861372][ C1] __do_softirq+0x311/0x83d [ 627.865900][ C1] [ 627.868374][ C1] Uninit was stored to memory at: [ 627.873430][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 627.879314][ C1] __msan_chain_origin+0x50/0x90 [ 627.884309][ C1] __skb_clone+0x863/0x970 [ 627.890290][ C1] skb_clone+0x404/0x5d0 [ 627.895118][ C1] br_flood+0xa8e/0xf90 [ 627.899401][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 627.905261][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 627.912295][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 627.918412][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 627.924009][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 627.929297][ C1] br_handle_frame+0xcd2/0x2050 [ 627.934284][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 627.940033][ C1] process_backlog+0x936/0x1410 [ 627.945015][ C1] net_rx_action+0x786/0x1aa0 [ 627.949990][ C1] __do_softirq+0x311/0x83d [ 627.954985][ C1] [ 627.957345][ C1] Uninit was stored to memory at: [ 627.962795][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 627.969140][ C1] __msan_chain_origin+0x50/0x90 [ 627.976659][ C1] skb_clone+0x486/0x5d0 [ 627.981237][ C1] br_flood+0xa8e/0xf90 [ 627.985796][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 627.992616][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 627.998175][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 628.004892][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 628.011908][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 628.017302][ C1] br_handle_frame+0xcd2/0x2050 [ 628.022316][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 628.028092][ C1] process_backlog+0x936/0x1410 [ 628.033415][ C1] net_rx_action+0x786/0x1aa0 [ 628.038844][ C1] __do_softirq+0x311/0x83d [ 628.043357][ C1] [ 628.045704][ C1] Uninit was created at: [ 628.049981][ C1] kmsan_internal_poison_shadow+0x66/0xd0 [ 628.056620][ C1] kmsan_slab_alloc+0x8a/0xe0 [ 628.062881][ C1] kmem_cache_alloc+0x711/0xd70 [ 628.069536][ C1] skb_clone+0x328/0x5d0 [ 628.074287][ C1] br_flood+0xa8e/0xf90 [ 628.078520][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 628.084549][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 628.089966][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 628.096080][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 628.101585][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 628.108669][ C1] br_handle_frame+0xcd2/0x2050 [ 628.113682][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 628.119698][ C1] process_backlog+0x936/0x1410 [ 628.125866][ C1] net_rx_action+0x786/0x1aa0 [ 628.132035][ C1] __do_softirq+0x311/0x83d 00:12:00 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:12:00 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:12:00 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:12:00 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(0xffffffffffffffff, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:12:00 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000000)) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r2 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = dup3(r2, r0, 0x0) dup2(r3, r1) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:12:00 executing program 0: ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x4c05, &(0x7f0000000080)) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x88442, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) inotify_rm_watch(0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, 0x0, &(0x7f0000000380)) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000ac0)=ANY=[@ANYBLOB="b700000012edffffbfa30000000000000703000028feffff620af0fff8ffffff61a4f0ff000000003e040000000000001d400300000000006504000001ed000067000000170000000c44000000000000630a00fe000000006e40000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50b91f32050e436fe275daf51efd601b6482a7d26f44198efefb202ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd8dff0c710e4cdbf4fc41fbba4f94329e646b8ee6de2109fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b845d8f6365c7109b151b8b9f75dd08d123deda8a3658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d99edc3a6138d5f728d236619074d6ebdf098bc908f50ad228a40f9411fe7226a4040b96e37c4f46010400000000000029faf75ddd1aa96960bca97af13382cb881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7bb2b1ed81d2cf370ee4a2a00ebeb476ea3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb4f8f67b8bb84b0e733a63784ccc214d930cbb7e090d63fcd7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb7a05d9e22ce67f1231bd236486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931485747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee6335eb811a085ca14a7989f9777f600000000000000000000000000000000000000000000000000000000000386000000b854adb4f8080064e8407c6bdb37f4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885f69754932609f19e2f615a01cb6d17fbf5cb5d5514ad8264f7b029b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953b78a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347932a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd239e4a50d7eb8e327fb5db12cbd6a9ef547fd6ee9760d784cb1138e8e671c4f251cabdfe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857f78b2414aa962a055034cb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa232697526e24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066bcfb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f8089322d84ac523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6eedc73a2655ba3a3463a0fb9ed379af0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572c921ac1476027772c87d1767e38ba49e3e57"], &(0x7f00000001c0)='GPL\x00'}, 0x48) r0 = getpid() tkill(r0, 0x23) [ 633.844341][T13006] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 633.928050][T13015] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 634.007973][T13020] binder: 13014:13020 ioctl c0306201 0 returned -14 [ 634.018701][T13020] binder: 13014:13020 ioctl c0306201 20000540 returned -14 00:12:00 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) [ 634.424010][ C0] not chained 350000 origins [ 634.428675][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.6.0-rc7-syzkaller #0 [ 634.437073][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 634.447154][ C0] Call Trace: [ 634.450489][ C0] dump_stack+0x1c9/0x220 [ 634.455352][ C0] kmsan_internal_chain_origin+0x6f/0x130 [ 634.461373][ C0] ? kmsan_internal_chain_origin+0xad/0x130 [ 634.467304][ C0] ? __msan_chain_origin+0x50/0x90 [ 634.472910][ C0] ? __skb_clone+0x863/0x970 [ 634.477792][ C0] ? skb_clone+0x404/0x5d0 [ 634.482238][ C0] ? br_flood+0xa8e/0xf90 [ 634.486606][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 634.492805][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 634.498041][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 634.505171][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 634.510759][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 634.515994][ C0] ? br_handle_frame+0xcd2/0x2050 [ 634.521056][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 634.527044][ C0] ? process_backlog+0x936/0x1410 [ 634.532239][ C0] ? net_rx_action+0x786/0x1aa0 [ 634.537150][ C0] ? __do_softirq+0x311/0x83d [ 634.542623][ C0] ? run_ksoftirqd+0x25/0x40 [ 634.547849][ C0] ? smpboot_thread_fn+0x493/0x980 [ 634.553999][ C0] ? kthread+0x4b5/0x4f0 [ 634.558435][ C0] ? ret_from_fork+0x35/0x40 [ 634.563887][ C0] ? __msan_chain_origin+0x50/0x90 [ 634.569031][ C0] ? skb_clone+0x486/0x5d0 [ 634.573565][ C0] ? br_flood+0xa8e/0xf90 [ 634.578021][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 634.583767][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 634.589948][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 634.596226][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 634.602072][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 634.607662][ C0] ? br_handle_frame+0xcd2/0x2050 [ 634.612731][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 634.618777][ C0] ? process_backlog+0x936/0x1410 [ 634.623899][ C0] ? net_rx_action+0x786/0x1aa0 [ 634.629044][ C0] ? __do_softirq+0x311/0x83d [ 634.633757][ C0] ? run_ksoftirqd+0x25/0x40 [ 634.638381][ C0] ? smpboot_thread_fn+0x493/0x980 [ 634.643530][ C0] ? kthread+0x4b5/0x4f0 [ 634.647807][ C0] ? ret_from_fork+0x35/0x40 [ 634.652434][ C0] ? kmsan_memcpy_memmove_metadata+0x10c/0x2e0 [ 634.658638][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 634.664041][ C0] ? kmsan_set_origin_checked+0x95/0xf0 [ 634.669794][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 634.675578][ C0] __msan_chain_origin+0x50/0x90 [ 634.680550][ C0] __skb_clone+0x939/0x970 [ 634.685555][ C0] skb_clone+0x404/0x5d0 [ 634.689955][ C0] br_flood+0xa8e/0xf90 [ 634.694211][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 634.701235][ C0] ? brport_get_ownership+0xf0/0xf0 [ 634.707173][ C0] ? brport_get_ownership+0xf0/0xf0 [ 634.712406][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 634.717416][ C0] ? brport_get_ownership+0xf0/0xf0 [ 634.722690][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 634.728792][ C0] ? brport_get_ownership+0xf0/0xf0 [ 634.734066][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 634.739493][ C0] ? br_nf_pre_routing_ipv6+0x7f0/0x7f0 [ 634.745095][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 634.750192][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 634.755454][ C0] ? brnf_device_event+0x3c0/0x3c0 [ 634.760956][ C0] br_handle_frame+0xcd2/0x2050 [ 634.765884][ C0] ? brport_get_ownership+0xf0/0xf0 [ 634.771131][ C0] ? br_pass_frame_up+0x9c0/0x9c0 [ 634.776321][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 634.782213][ C0] ? __msan_poison_alloca+0xf0/0x120 [ 634.788024][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 634.793714][ C0] process_backlog+0x936/0x1410 [ 634.798603][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 634.804460][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 634.809840][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 634.815331][ C0] ? rps_trigger_softirq+0x2e0/0x2e0 [ 634.820859][ C0] net_rx_action+0x786/0x1aa0 [ 634.825956][ C0] ? net_tx_action+0xc30/0xc30 [ 634.830752][ C0] __do_softirq+0x311/0x83d [ 634.835398][ C0] ? ksoftirqd_should_run+0x30/0x30 [ 634.840724][ C0] ? takeover_tasklets+0x8f0/0x8f0 [ 634.845864][ C0] run_ksoftirqd+0x25/0x40 [ 634.850406][ C0] smpboot_thread_fn+0x493/0x980 [ 634.855502][ C0] kthread+0x4b5/0x4f0 [ 634.859865][ C0] ? cpu_report_death+0x180/0x180 [ 634.864945][ C0] ? kthread_blkcg+0xf0/0xf0 [ 634.869659][ C0] ret_from_fork+0x35/0x40 [ 634.874812][ C0] Uninit was stored to memory at: [ 634.879875][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 634.887193][ C0] __msan_chain_origin+0x50/0x90 [ 634.894841][ C0] __skb_clone+0x939/0x970 [ 634.900423][ C0] skb_clone+0x404/0x5d0 [ 634.905474][ C0] br_flood+0xa8e/0xf90 [ 634.909655][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 634.915564][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 634.921213][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 634.927845][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 634.934901][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 634.939957][ C0] br_handle_frame+0xcd2/0x2050 [ 634.945190][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 634.951023][ C0] process_backlog+0x936/0x1410 [ 634.955895][ C0] net_rx_action+0x786/0x1aa0 [ 634.960593][ C0] __do_softirq+0x311/0x83d [ 634.965125][ C0] [ 634.967461][ C0] Uninit was stored to memory at: [ 634.972875][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 634.978646][ C0] __msan_chain_origin+0x50/0x90 [ 634.983809][ C0] __skb_clone+0x939/0x970 [ 634.988849][ C0] skb_clone+0x404/0x5d0 [ 634.993128][ C0] br_flood+0xa8e/0xf90 [ 634.997303][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 635.002958][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 635.007918][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 635.014005][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 635.020355][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 635.026870][ C0] br_handle_frame+0xcd2/0x2050 [ 635.032531][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 635.038441][ C0] process_backlog+0x936/0x1410 [ 635.044560][ C0] net_rx_action+0x786/0x1aa0 [ 635.049258][ C0] __do_softirq+0x311/0x83d [ 635.053774][ C0] [ 635.056112][ C0] Uninit was stored to memory at: [ 635.061171][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 635.067179][ C0] __msan_chain_origin+0x50/0x90 [ 635.072684][ C0] __skb_clone+0x939/0x970 [ 635.077314][ C0] skb_clone+0x404/0x5d0 [ 635.081832][ C0] br_flood+0xa8e/0xf90 [ 635.086439][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 635.092022][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 635.097073][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 635.104042][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 635.109602][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 635.114775][ C0] br_handle_frame+0xcd2/0x2050 [ 635.119645][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 635.125472][ C0] process_backlog+0x936/0x1410 [ 635.130425][ C0] net_rx_action+0x786/0x1aa0 [ 635.135136][ C0] __do_softirq+0x311/0x83d [ 635.139752][ C0] [ 635.142085][ C0] Uninit was stored to memory at: [ 635.147148][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 635.152895][ C0] __msan_chain_origin+0x50/0x90 [ 635.157877][ C0] __skb_clone+0x939/0x970 [ 635.162311][ C0] skb_clone+0x404/0x5d0 [ 635.166667][ C0] br_flood+0xa8e/0xf90 [ 635.171622][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 635.177547][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 635.183027][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 635.189220][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 635.194631][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 635.199685][ C0] br_handle_frame+0xcd2/0x2050 [ 635.204572][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 635.210319][ C0] process_backlog+0x936/0x1410 [ 635.215195][ C0] net_rx_action+0x786/0x1aa0 [ 635.219988][ C0] __do_softirq+0x311/0x83d [ 635.224687][ C0] [ 635.227031][ C0] Uninit was stored to memory at: [ 635.232079][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 635.237922][ C0] __msan_chain_origin+0x50/0x90 [ 635.242883][ C0] __skb_clone+0x939/0x970 [ 635.247312][ C0] skb_clone+0x404/0x5d0 [ 635.251575][ C0] br_flood+0xa8e/0xf90 [ 635.255747][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 635.261314][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 635.266392][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 635.272533][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 635.278199][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 635.284151][ C0] br_handle_frame+0xcd2/0x2050 [ 635.289743][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 635.295762][ C0] process_backlog+0x936/0x1410 [ 635.300803][ C0] net_rx_action+0x786/0x1aa0 [ 635.305508][ C0] __do_softirq+0x311/0x83d [ 635.310012][ C0] [ 635.312432][ C0] Uninit was stored to memory at: [ 635.317558][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 635.323304][ C0] __msan_chain_origin+0x50/0x90 [ 635.328265][ C0] __skb_clone+0x863/0x970 [ 635.332697][ C0] skb_clone+0x404/0x5d0 [ 635.336968][ C0] br_flood+0xa8e/0xf90 [ 635.341162][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 635.346731][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 635.351685][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 635.357901][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 635.363304][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 635.368358][ C0] br_handle_frame+0xcd2/0x2050 [ 635.373334][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 635.379105][ C0] __netif_receive_skb_list_core+0x315/0x1380 [ 635.385210][ C0] netif_receive_skb_list_internal+0xf62/0x1620 [ 635.392274][ C0] napi_gro_receive+0xae7/0xf90 [ 635.397149][ C0] gro_cell_poll+0x24c/0x400 [ 635.401775][ C0] net_rx_action+0x786/0x1aa0 [ 635.406471][ C0] __do_softirq+0x311/0x83d [ 635.411063][ C0] [ 635.413396][ C0] Uninit was stored to memory at: [ 635.418565][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 635.424572][ C0] __msan_chain_origin+0x50/0x90 [ 635.429611][ C0] skb_clone+0x486/0x5d0 [ 635.433863][ C0] br_flood+0xa8e/0xf90 [ 635.438038][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 635.443606][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 635.448552][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 635.454636][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 635.460023][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 635.465071][ C0] br_handle_frame+0xcd2/0x2050 [ 635.469947][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 635.475687][ C0] __netif_receive_skb_list_core+0x315/0x1380 [ 635.481775][ C0] netif_receive_skb_list_internal+0xf62/0x1620 [ 635.488118][ C0] napi_gro_receive+0xae7/0xf90 [ 635.492985][ C0] gro_cell_poll+0x24c/0x400 [ 635.497589][ C0] net_rx_action+0x786/0x1aa0 [ 635.502281][ C0] __do_softirq+0x311/0x83d [ 635.506785][ C0] [ 635.509109][ C0] Uninit was created at: [ 635.513363][ C0] kmsan_internal_poison_shadow+0x66/0xd0 [ 635.519100][ C0] kmsan_slab_alloc+0x8a/0xe0 [ 635.524158][ C0] kmem_cache_alloc+0x711/0xd70 [ 635.529112][ C0] skb_clone+0x328/0x5d0 [ 635.533380][ C0] br_flood+0xa8e/0xf90 [ 635.537585][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 635.543429][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 635.548707][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 635.555408][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 635.560794][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 635.565848][ C0] br_handle_frame+0xcd2/0x2050 [ 635.570729][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 635.577363][ C0] __netif_receive_skb_list_core+0x315/0x1380 [ 635.583450][ C0] netif_receive_skb_list_internal+0xf62/0x1620 [ 635.589987][ C0] napi_gro_receive+0xae7/0xf90 [ 635.595201][ C0] gro_cell_poll+0x24c/0x400 [ 635.599902][ C0] net_rx_action+0x786/0x1aa0 [ 635.604690][ C0] __do_softirq+0x311/0x83d [ 635.808732][T13029] binder: 13028:13029 ioctl c0306201 0 returned -14 [ 635.867741][T13029] binder: 13028:13029 ioctl c0306201 20000540 returned -14 [ 636.488636][T13043] binder: 13038:13043 ioctl c0306201 20000540 returned -14 00:12:00 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x0) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:12:00 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:12:02 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000000)) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r2 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = dup3(r2, r0, 0x0) dup2(r3, r1) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:12:02 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:12:02 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x0) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 637.588959][ C0] clocksource: timekeeping watchdog on CPU0: Marking clocksource 'tsc' as unstable because the skew is too large: [ 637.601794][ C0] clocksource: 'acpi_pm' wd_now: 7fd48d wd_last: d232fb mask: ffffff [ 637.612131][ C0] clocksource: 'tsc' cs_now: 15b0093214f cs_last: 1594cc628d9 mask: ffffffffffffffff [ 637.625171][ C0] tsc: Marking TSC unstable due to clocksource watchdog [ 637.662664][ T5240] TSC found unstable after boot, most likely due to broken BIOS. Use 'tsc=unstable'. [ 637.672516][ T5240] sched_clock: Marking unstable (637953908952, -291238042)<-(637679407835, -16767844) [ 637.708895][T13056] clocksource: Switched to clocksource acpi_pm 00:12:06 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:12:06 executing program 0: ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x4c05, &(0x7f0000000080)) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x88442, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) inotify_rm_watch(0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, 0x0, &(0x7f0000000380)) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000ac0)=ANY=[@ANYBLOB="b700000012edffffbfa30000000000000703000028feffff620af0fff8ffffff61a4f0ff000000003e040000000000001d400300000000006504000001ed000067000000170000000c44000000000000630a00fe000000006e40000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50b91f32050e436fe275daf51efd601b6482a7d26f44198efefb202ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd8dff0c710e4cdbf4fc41fbba4f94329e646b8ee6de2109fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b845d8f6365c7109b151b8b9f75dd08d123deda8a3658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d99edc3a6138d5f728d236619074d6ebdf098bc908f50ad228a40f9411fe7226a4040b96e37c4f46010400000000000029faf75ddd1aa96960bca97af13382cb881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7bb2b1ed81d2cf370ee4a2a00ebeb476ea3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb4f8f67b8bb84b0e733a63784ccc214d930cbb7e090d63fcd7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb7a05d9e22ce67f1231bd236486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931485747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee6335eb811a085ca14a7989f9777f600000000000000000000000000000000000000000000000000000000000386000000b854adb4f8080064e8407c6bdb37f4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885f69754932609f19e2f615a01cb6d17fbf5cb5d5514ad8264f7b029b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953b78a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347932a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd239e4a50d7eb8e327fb5db12cbd6a9ef547fd6ee9760d784cb1138e8e671c4f251cabdfe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857f78b2414aa962a055034cb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa232697526e24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066bcfb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f8089322d84ac523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6eedc73a2655ba3a3463a0fb9ed379af0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572c921ac1476027772c87d1767e38ba49e3e57"], &(0x7f00000001c0)='GPL\x00'}, 0x48) r0 = getpid() tkill(r0, 0x23) 00:12:06 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x0) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:12:06 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:12:06 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:12:06 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) [ 640.317327][T13072] binder: 13063:13072 ioctl c0306201 20000540 returned -14 [ 640.516833][T13079] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 640.714892][T13086] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:12:06 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:12:06 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r1, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) 00:12:06 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:12:07 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 641.237489][T13094] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=43 sclass=netlink_route_socket pid=13094 comm=syz-executor.3 [ 641.642732][T13114] binder: 13110:13114 ioctl c0306201 20000540 returned -14 00:12:07 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:12:07 executing program 0: ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x4c05, &(0x7f0000000080)) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x88442, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) inotify_rm_watch(0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, 0x0, &(0x7f0000000380)) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000ac0)=ANY=[@ANYBLOB="b700000012edffffbfa30000000000000703000028feffff620af0fff8ffffff61a4f0ff000000003e040000000000001d400300000000006504000001ed000067000000170000000c44000000000000630a00fe000000006e40000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50b91f32050e436fe275daf51efd601b6482a7d26f44198efefb202ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd8dff0c710e4cdbf4fc41fbba4f94329e646b8ee6de2109fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b845d8f6365c7109b151b8b9f75dd08d123deda8a3658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d99edc3a6138d5f728d236619074d6ebdf098bc908f50ad228a40f9411fe7226a4040b96e37c4f46010400000000000029faf75ddd1aa96960bca97af13382cb881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7bb2b1ed81d2cf370ee4a2a00ebeb476ea3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb4f8f67b8bb84b0e733a63784ccc214d930cbb7e090d63fcd7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb7a05d9e22ce67f1231bd236486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931485747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee6335eb811a085ca14a7989f9777f600000000000000000000000000000000000000000000000000000000000386000000b854adb4f8080064e8407c6bdb37f4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885f69754932609f19e2f615a01cb6d17fbf5cb5d5514ad8264f7b029b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953b78a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347932a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd239e4a50d7eb8e327fb5db12cbd6a9ef547fd6ee9760d784cb1138e8e671c4f251cabdfe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857f78b2414aa962a055034cb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa232697526e24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066bcfb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f8089322d84ac523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6eedc73a2655ba3a3463a0fb9ed379af0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572c921ac1476027772c87d1767e38ba49e3e57"], &(0x7f00000001c0)='GPL\x00'}, 0x48) r0 = getpid() tkill(r0, 0x23) 00:12:10 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:12:10 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:12:10 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:12:10 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:12:10 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080), 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:12:10 executing program 0: ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x4c05, &(0x7f0000000080)) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x88442, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) inotify_rm_watch(0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, 0x0, &(0x7f0000000380)) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000ac0)=ANY=[@ANYBLOB="b700000012edffffbfa30000000000000703000028feffff620af0fff8ffffff61a4f0ff000000003e040000000000001d400300000000006504000001ed000067000000170000000c44000000000000630a00fe000000006e40000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50b91f32050e436fe275daf51efd601b6482a7d26f44198efefb202ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd8dff0c710e4cdbf4fc41fbba4f94329e646b8ee6de2109fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b845d8f6365c7109b151b8b9f75dd08d123deda8a3658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d99edc3a6138d5f728d236619074d6ebdf098bc908f50ad228a40f9411fe7226a4040b96e37c4f46010400000000000029faf75ddd1aa96960bca97af13382cb881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7bb2b1ed81d2cf370ee4a2a00ebeb476ea3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb4f8f67b8bb84b0e733a63784ccc214d930cbb7e090d63fcd7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb7a05d9e22ce67f1231bd236486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931485747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee6335eb811a085ca14a7989f9777f600000000000000000000000000000000000000000000000000000000000386000000b854adb4f8080064e8407c6bdb37f4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885f69754932609f19e2f615a01cb6d17fbf5cb5d5514ad8264f7b029b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953b78a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347932a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd239e4a50d7eb8e327fb5db12cbd6a9ef547fd6ee9760d784cb1138e8e671c4f251cabdfe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857f78b2414aa962a055034cb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa232697526e24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066bcfb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f8089322d84ac523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6eedc73a2655ba3a3463a0fb9ed379af0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572c921ac1476027772c87d1767e38ba49e3e57"], &(0x7f00000001c0)='GPL\x00'}, 0x48) r0 = getpid() tkill(r0, 0x23) [ 643.948499][T13132] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=43 sclass=netlink_route_socket pid=13132 comm=syz-executor.3 [ 644.063616][T13139] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13139 comm=syz-executor.1 [ 644.122314][T13145] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 644.149790][T13146] binder: 13136:13146 ioctl c0306201 20000540 returned -14 00:12:10 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:12:10 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:12:10 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) [ 644.519974][T13162] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=43 sclass=netlink_route_socket pid=13162 comm=syz-executor.3 [ 644.610003][T13165] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13165 comm=syz-executor.1 [ 644.807104][T13171] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:12:10 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:12:10 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:12:11 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:12:11 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:12:11 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080), 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:12:11 executing program 0: ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x4c05, &(0x7f0000000080)) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x88442, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) inotify_rm_watch(0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, 0x0, &(0x7f0000000380)) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000ac0)=ANY=[@ANYBLOB="b700000012edffffbfa30000000000000703000028feffff620af0fff8ffffff61a4f0ff000000003e040000000000001d400300000000006504000001ed000067000000170000000c44000000000000630a00fe000000006e40000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50b91f32050e436fe275daf51efd601b6482a7d26f44198efefb202ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd8dff0c710e4cdbf4fc41fbba4f94329e646b8ee6de2109fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b845d8f6365c7109b151b8b9f75dd08d123deda8a3658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d99edc3a6138d5f728d236619074d6ebdf098bc908f50ad228a40f9411fe7226a4040b96e37c4f46010400000000000029faf75ddd1aa96960bca97af13382cb881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7bb2b1ed81d2cf370ee4a2a00ebeb476ea3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb4f8f67b8bb84b0e733a63784ccc214d930cbb7e090d63fcd7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb7a05d9e22ce67f1231bd236486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931485747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee6335eb811a085ca14a7989f9777f600000000000000000000000000000000000000000000000000000000000386000000b854adb4f8080064e8407c6bdb37f4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885f69754932609f19e2f615a01cb6d17fbf5cb5d5514ad8264f7b029b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953b78a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347932a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd239e4a50d7eb8e327fb5db12cbd6a9ef547fd6ee9760d784cb1138e8e671c4f251cabdfe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857f78b2414aa962a055034cb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa232697526e24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066bcfb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f8089322d84ac523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6eedc73a2655ba3a3463a0fb9ed379af0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572c921ac1476027772c87d1767e38ba49e3e57"], &(0x7f00000001c0)='GPL\x00'}, 0x48) r0 = getpid() tkill(r0, 0x23) 00:12:11 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 645.557449][T13187] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13187 comm=syz-executor.1 [ 645.605225][T13189] binder: 13186:13189 ioctl c0306201 20000540 returned -14 [ 645.606068][T13187] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:12:12 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) [ 646.486302][T13204] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13204 comm=syz-executor.1 00:12:12 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:12:12 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080), 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) [ 646.548587][T13212] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:12:12 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 646.885435][T13216] binder: 13214:13216 ioctl c0306201 20000540 returned -14 00:12:13 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) [ 647.255840][T13223] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13223 comm=syz-executor.1 [ 647.297860][T13223] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 648.812531][ C1] not chained 360000 origins [ 648.817179][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.6.0-rc7-syzkaller #0 [ 648.823485][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 648.823485][ C1] Call Trace: [ 648.823485][ C1] dump_stack+0x1c9/0x220 [ 648.823485][ C1] kmsan_internal_chain_origin+0x6f/0x130 [ 648.823485][ C1] ? kmsan_internal_chain_origin+0xad/0x130 [ 648.823485][ C1] ? __msan_chain_origin+0x50/0x90 [ 648.823485][ C1] ? __skb_clone+0x863/0x970 [ 648.823485][ C1] ? skb_clone+0x404/0x5d0 [ 648.823485][ C1] ? br_flood+0xa8e/0xf90 [ 648.823485][ C1] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 648.823485][ C1] ? br_nf_hook_thresh+0x4f7/0x680 [ 648.823485][ C1] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 648.823485][ C1] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 648.823485][ C1] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 648.823485][ C1] ? br_handle_frame+0xcd2/0x2050 [ 648.823485][ C1] ? __netif_receive_skb_core+0x21de/0x5840 [ 648.823485][ C1] ? __netif_receive_skb_list_core+0x315/0x1380 [ 648.823485][ C1] ? netif_receive_skb_list_internal+0xf62/0x1620 [ 648.823485][ C1] ? napi_complete_done+0x2ef/0xb60 [ 648.823485][ C1] ? gro_cell_poll+0x3a9/0x400 [ 648.823485][ C1] ? net_rx_action+0x786/0x1aa0 [ 648.823485][ C1] ? __do_softirq+0x311/0x83d [ 648.823485][ C1] ? run_ksoftirqd+0x25/0x40 [ 648.823485][ C1] ? smpboot_thread_fn+0x493/0x980 [ 648.823485][ C1] ? kthread+0x4b5/0x4f0 [ 648.823485][ C1] ? ret_from_fork+0x35/0x40 [ 648.823485][ C1] ? skb_clone+0x486/0x5d0 [ 648.823485][ C1] ? br_flood+0xa8e/0xf90 [ 648.823485][ C1] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 648.823485][ C1] ? br_nf_hook_thresh+0x4f7/0x680 [ 648.823485][ C1] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 648.823485][ C1] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 648.997130][ C1] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 649.001718][ C1] ? br_handle_frame+0xcd2/0x2050 [ 649.001718][ C1] ? __netif_receive_skb_core+0x21de/0x5840 [ 649.001718][ C1] ? __netif_receive_skb_list_core+0x315/0x1380 [ 649.001718][ C1] ? netif_receive_skb_list_internal+0xf62/0x1620 [ 649.001718][ C1] ? napi_complete_done+0x2ef/0xb60 [ 649.001718][ C1] ? gro_cell_poll+0x3a9/0x400 [ 649.042792][ C1] ? net_rx_action+0x786/0x1aa0 [ 649.042792][ C1] ? __do_softirq+0x311/0x83d [ 649.042792][ C1] ? kmsan_memcpy_memmove_metadata+0x10c/0x2e0 [ 649.042792][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 649.042792][ C1] ? kmsan_set_origin_checked+0x95/0xf0 [ 649.042792][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 649.042792][ C1] __msan_chain_origin+0x50/0x90 [ 649.042792][ C1] __skb_clone+0x939/0x970 [ 649.042792][ C1] skb_clone+0x404/0x5d0 [ 649.042792][ C1] br_flood+0xa8e/0xf90 [ 649.042792][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 649.042792][ C1] ? brport_get_ownership+0xf0/0xf0 [ 649.042792][ C1] ? brport_get_ownership+0xf0/0xf0 [ 649.042792][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 649.042792][ C1] ? brport_get_ownership+0xf0/0xf0 [ 649.042792][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 649.042792][ C1] ? brport_get_ownership+0xf0/0xf0 [ 649.042792][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 649.042792][ C1] ? br_nf_pre_routing_ipv6+0x7f0/0x7f0 [ 649.042792][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 649.042792][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 649.042792][ C1] ? brnf_device_event+0x3c0/0x3c0 [ 649.042792][ C1] br_handle_frame+0xcd2/0x2050 [ 649.042792][ C1] ? brport_get_ownership+0xf0/0xf0 [ 649.042792][ C1] ? br_pass_frame_up+0x9c0/0x9c0 [ 649.042792][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 649.042792][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 649.042792][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 649.042792][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 649.042792][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 649.042792][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 649.042792][ C1] napi_complete_done+0x2ef/0xb60 [ 649.042792][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 649.042792][ C1] gro_cell_poll+0x3a9/0x400 [ 649.042792][ C1] ? gro_cells_init+0x510/0x510 [ 649.042792][ C1] net_rx_action+0x786/0x1aa0 [ 649.042792][ C1] ? net_tx_action+0xc30/0xc30 [ 649.238749][ C1] __do_softirq+0x311/0x83d [ 649.238749][ C1] ? ksoftirqd_should_run+0x30/0x30 [ 649.238749][ C1] ? takeover_tasklets+0x8f0/0x8f0 [ 649.238749][ C1] run_ksoftirqd+0x25/0x40 [ 649.238749][ C1] smpboot_thread_fn+0x493/0x980 [ 649.238749][ C1] kthread+0x4b5/0x4f0 [ 649.238749][ C1] ? cpu_report_death+0x180/0x180 [ 649.238749][ C1] ? kthread_blkcg+0xf0/0xf0 [ 649.238749][ C1] ret_from_fork+0x35/0x40 [ 649.238749][ C1] Uninit was stored to memory at: [ 649.238749][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 649.238749][ C1] __msan_chain_origin+0x50/0x90 [ 649.238749][ C1] __skb_clone+0x939/0x970 [ 649.238749][ C1] skb_clone+0x404/0x5d0 [ 649.238749][ C1] br_flood+0xa8e/0xf90 [ 649.238749][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 649.238749][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 649.238749][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 649.238749][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 649.238749][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 649.238749][ C1] br_handle_frame+0xcd2/0x2050 [ 649.238749][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 649.238749][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 649.238749][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 649.238749][ C1] napi_complete_done+0x2ef/0xb60 [ 649.238749][ C1] gro_cell_poll+0x3a9/0x400 [ 649.238749][ C1] net_rx_action+0x786/0x1aa0 [ 649.238749][ C1] __do_softirq+0x311/0x83d [ 649.238749][ C1] [ 649.238749][ C1] Uninit was stored to memory at: [ 649.238749][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 649.238749][ C1] __msan_chain_origin+0x50/0x90 [ 649.238749][ C1] __skb_clone+0x939/0x970 [ 649.238749][ C1] skb_clone+0x404/0x5d0 [ 649.238749][ C1] br_flood+0xa8e/0xf90 [ 649.238749][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 649.238749][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 649.238749][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 649.238749][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 649.238749][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 649.238749][ C1] br_handle_frame+0xcd2/0x2050 [ 649.238749][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 649.238749][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 649.238749][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 649.238749][ C1] napi_complete_done+0x2ef/0xb60 [ 649.238749][ C1] gro_cell_poll+0x3a9/0x400 [ 649.238749][ C1] net_rx_action+0x786/0x1aa0 [ 649.238749][ C1] __do_softirq+0x311/0x83d [ 649.238749][ C1] [ 649.238749][ C1] Uninit was stored to memory at: [ 649.238749][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 649.238749][ C1] __msan_chain_origin+0x50/0x90 [ 649.238749][ C1] __skb_clone+0x939/0x970 [ 649.238749][ C1] skb_clone+0x404/0x5d0 [ 649.238749][ C1] br_flood+0xa8e/0xf90 [ 649.238749][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 649.238749][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 649.238749][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 649.238749][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 649.238749][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 649.238749][ C1] br_handle_frame+0xcd2/0x2050 [ 649.238749][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 649.238749][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 649.238749][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 649.238749][ C1] napi_complete_done+0x2ef/0xb60 [ 649.238749][ C1] gro_cell_poll+0x3a9/0x400 [ 649.238749][ C1] net_rx_action+0x786/0x1aa0 [ 649.238749][ C1] __do_softirq+0x311/0x83d [ 649.238749][ C1] [ 649.238749][ C1] Uninit was stored to memory at: [ 649.238749][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 649.238749][ C1] __msan_chain_origin+0x50/0x90 [ 649.238749][ C1] __skb_clone+0x939/0x970 [ 649.238749][ C1] skb_clone+0x404/0x5d0 [ 649.238749][ C1] br_flood+0xa8e/0xf90 [ 649.238749][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 649.238749][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 649.238749][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 649.238749][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 649.238749][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 649.238749][ C1] br_handle_frame+0xcd2/0x2050 [ 649.238749][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 649.238749][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 649.238749][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 649.238749][ C1] napi_complete_done+0x2ef/0xb60 [ 649.238749][ C1] gro_cell_poll+0x3a9/0x400 [ 649.238749][ C1] net_rx_action+0x786/0x1aa0 [ 649.238749][ C1] __do_softirq+0x311/0x83d [ 649.238749][ C1] [ 649.238749][ C1] Uninit was stored to memory at: [ 649.238749][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 649.238749][ C1] __msan_chain_origin+0x50/0x90 [ 649.238749][ C1] pskb_expand_head+0x1750/0x1b00 [ 649.238749][ C1] geneve_build_skb+0x4c0/0xe00 [ 649.238749][ C1] geneve_xmit+0x25a3/0x2c20 [ 649.238749][ C1] dev_hard_start_xmit+0x531/0xab0 [ 649.238749][ C1] __dev_queue_xmit+0x2f8d/0x3b20 [ 649.238749][ C1] dev_queue_xmit+0x4b/0x60 [ 649.238749][ C1] br_dev_queue_push_xmit+0x7f5/0x8b0 [ 649.238749][ C1] br_nf_dev_queue_xmit+0x693/0x1910 [ 649.238749][ C1] br_nf_post_routing+0x152e/0x17e0 [ 649.238749][ C1] nf_hook_slow+0x16e/0x400 [ 649.238749][ C1] br_forward_finish+0x24a/0x3f0 [ 649.238749][ C1] br_nf_forward_finish+0xf47/0x11a0 [ 649.238749][ C1] br_nf_forward_ip+0x1d4e/0x1f30 [ 649.238749][ C1] nf_hook_slow+0x16e/0x400 [ 649.238749][ C1] __br_forward+0x75c/0xe30 [ 649.238749][ C1] br_flood+0xb0b/0xf90 [ 649.238749][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 649.238749][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 649.238749][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 649.238749][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 649.238749][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 649.238749][ C1] br_handle_frame+0xcd2/0x2050 [ 649.238749][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 649.238749][ C1] process_backlog+0x936/0x1410 [ 649.238749][ C1] net_rx_action+0x786/0x1aa0 [ 649.238749][ C1] __do_softirq+0x311/0x83d [ 649.238749][ C1] [ 649.238749][ C1] Uninit was stored to memory at: [ 649.238749][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 649.238749][ C1] __msan_chain_origin+0x50/0x90 [ 649.238749][ C1] __skb_clone+0x863/0x970 [ 649.238749][ C1] skb_clone+0x404/0x5d0 [ 649.238749][ C1] br_flood+0xa8e/0xf90 [ 649.238749][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 649.238749][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 649.238749][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 649.238749][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 649.238749][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 649.238749][ C1] br_handle_frame+0xcd2/0x2050 [ 649.238749][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 649.238749][ C1] process_backlog+0x936/0x1410 [ 649.238749][ C1] net_rx_action+0x786/0x1aa0 [ 649.238749][ C1] __do_softirq+0x311/0x83d [ 649.238749][ C1] [ 649.238749][ C1] Uninit was stored to memory at: [ 649.238749][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 649.238749][ C1] __msan_chain_origin+0x50/0x90 [ 649.238749][ C1] skb_clone+0x486/0x5d0 [ 649.238749][ C1] br_flood+0xa8e/0xf90 [ 649.238749][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 649.238749][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 649.238749][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 649.238749][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 649.238749][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 649.238749][ C1] br_handle_frame+0xcd2/0x2050 [ 649.238749][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 649.238749][ C1] process_backlog+0x936/0x1410 [ 649.238749][ C1] net_rx_action+0x786/0x1aa0 [ 649.238749][ C1] __do_softirq+0x311/0x83d [ 649.238749][ C1] [ 649.238749][ C1] Uninit was created at: [ 649.238749][ C1] kmsan_internal_poison_shadow+0x66/0xd0 [ 649.238749][ C1] kmsan_slab_alloc+0x8a/0xe0 [ 649.238749][ C1] kmem_cache_alloc+0x711/0xd70 [ 649.238749][ C1] skb_clone+0x328/0x5d0 [ 649.238749][ C1] br_flood+0xa8e/0xf90 [ 649.238749][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 649.238749][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 649.238749][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 649.238749][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 649.238749][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 649.238749][ C1] br_handle_frame+0xcd2/0x2050 [ 649.238749][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 649.238749][ C1] process_backlog+0x936/0x1410 [ 649.238749][ C1] net_rx_action+0x786/0x1aa0 [ 649.238749][ C1] __do_softirq+0x311/0x83d 00:12:22 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:12:22 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x4e21, 0x0, @dev={0xfe, 0x80, [], 0x2b}, 0x9}}}, 0x84) 00:12:22 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:12:22 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:12:22 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, &(0x7f00000004c0)) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={0x0, 0x8000}, 0x8) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r5, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:12:22 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) [ 656.156857][T13244] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13244 comm=syz-executor.1 [ 656.196822][T13248] binder: 13240:13248 ioctl c0306201 20000540 returned -14 [ 656.223936][T13250] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 657.019945][T13281] binder: 13275:13281 ioctl c0306201 20000540 returned -14 [ 657.232094][T13284] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 657.266045][T13284] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 657.553570][T13300] binder: 13296:13300 ioctl c0306201 20000540 returned -14 00:12:22 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:12:22 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, &(0x7f00000004c0)) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={0x0, 0x8000}, 0x8) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r5, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:12:22 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:12:22 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:12:22 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="48000000100005070000", @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:12:23 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:12:23 executing program 0: socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket(0x10, 0x20000000802, 0x0) r0 = socket(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0xa00000000000000, 0x80, &(0x7f0000000040)=@broute={'broute\x00', 0x20, 0x1, 0x948, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000480], 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff010000000b00000000000000000062726964676530000000000000000000626f6e645f736c6176655f3000000000736974300000000000000000000000007465716c3000000000000000000000000000000000000000000000000180c20000000000000000000000b8080000b8080000e8080000616d6f6e670000000000000000000000000000000000000000000400000000001804000000000000000000000c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c43c56bf1536cba337abd81318498f090000000037118bc35d3037960000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a600000000000000000000000000f9ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006633000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000001100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000000000000f9fffffffbffffff000000000000000000c5009b120000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000063000000000000000000000000000000000000d65992000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000cbcb951a4f0f3300ebb39c00000000000000000000000000000000000000000000000000000000000000000000000000e70000000000053cbf7eee533b170000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fffffffffffffff8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ee720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008e269ba60000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000017000000000000000000000000000000000000000000000000000000000000000000000000d2de69710800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000392046af2ddc701300000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000001f0000000000000000000000000000000000000000000000000000000000000005b132f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003800e04771f4c2d1000000000000000000000000000000000000000000000000000000000000000000726564697265637400"/2376]}, 0x998) getsockopt$inet_mreq(r0, 0x0, 0x23, &(0x7f0000000140)={@rand_addr, @loopback}, &(0x7f0000000240)=0x8) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0)='nl80211\x00') sendmsg$NL80211_CMD_REQ_SET_REG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)={0x30, r2, 0x1, 0x0, 0x0, {0x1a}, [@NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'bb\x00'}, @NL80211_ATTR_REG_RULES={0x14}]}, 0x30}}, 0x0) 00:12:23 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:12:23 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:12:23 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, &(0x7f00000004c0)) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={0x0, 0x8000}, 0x8) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r5, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:12:23 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:12:23 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="48000000100005070000", @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:12:24 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x0, 0x0, &(0x7f0000000140)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:12:24 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:12:24 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='hugetlb.2MB.usage_in_bytes\x00', 0x7a05, 0x1700) r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, &(0x7f0000000000)={{0x6, @rose}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) connect$netrom(r0, &(0x7f0000000000)={{0x6, @rose}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) 00:12:24 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 658.126053][T13317] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 658.163275][T13317] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 658.270773][ C1] not chained 370000 origins [ 658.275426][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.6.0-rc7-syzkaller #0 [ 658.278900][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 658.278900][ C1] Call Trace: [ 658.278900][ C1] dump_stack+0x1c9/0x220 [ 658.278900][ C1] kmsan_internal_chain_origin+0x6f/0x130 [ 658.278900][ C1] ? kmsan_internal_chain_origin+0xad/0x130 [ 658.278900][ C1] ? __msan_chain_origin+0x50/0x90 [ 658.278900][ C1] ? __skb_clone+0x863/0x970 [ 658.278900][ C1] ? skb_clone+0x404/0x5d0 [ 658.278900][ C1] ? br_flood+0xd14/0xf90 [ 658.278900][ C1] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 658.278900][ C1] ? br_nf_hook_thresh+0x4f7/0x680 [ 658.278900][ C1] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 658.278900][ C1] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 658.278900][ C1] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 658.278900][ C1] ? br_handle_frame+0xcd2/0x2050 [ 658.278900][ C1] ? __netif_receive_skb_core+0x21de/0x5840 [ 658.278900][ C1] ? __netif_receive_skb_list_core+0x315/0x1380 [ 658.278900][ C1] ? netif_receive_skb_list_internal+0xf62/0x1620 [ 658.278900][ C1] ? napi_gro_receive+0xae7/0xf90 [ 658.278900][ C1] ? gro_cell_poll+0x24c/0x400 [ 658.278900][ C1] ? net_rx_action+0x786/0x1aa0 [ 658.278900][ C1] ? __do_softirq+0x311/0x83d [ 658.278900][ C1] ? run_ksoftirqd+0x25/0x40 [ 658.278900][ C1] ? smpboot_thread_fn+0x493/0x980 [ 658.278900][ C1] ? kthread+0x4b5/0x4f0 [ 658.278900][ C1] ? ret_from_fork+0x35/0x40 [ 658.278900][ C1] ? skb_clone+0x486/0x5d0 [ 658.278900][ C1] ? br_flood+0xd14/0xf90 [ 658.278900][ C1] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 658.278900][ C1] ? br_nf_hook_thresh+0x4f7/0x680 [ 658.278900][ C1] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 658.278900][ C1] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 658.278900][ C1] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 658.278900][ C1] ? br_handle_frame+0xcd2/0x2050 [ 658.278900][ C1] ? __netif_receive_skb_core+0x21de/0x5840 [ 658.278900][ C1] ? __netif_receive_skb_list_core+0x315/0x1380 [ 658.278900][ C1] ? netif_receive_skb_list_internal+0xf62/0x1620 [ 658.278900][ C1] ? napi_gro_receive+0xae7/0xf90 [ 658.278900][ C1] ? gro_cell_poll+0x24c/0x400 [ 658.278900][ C1] ? net_rx_action+0x786/0x1aa0 [ 658.278900][ C1] ? __do_softirq+0x311/0x83d [ 658.278900][ C1] ? kmsan_memcpy_memmove_metadata+0x10c/0x2e0 [ 658.278900][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 658.278900][ C1] ? kmsan_set_origin_checked+0x95/0xf0 [ 658.278900][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 658.278900][ C1] __msan_chain_origin+0x50/0x90 [ 658.278900][ C1] __skb_clone+0x939/0x970 [ 658.278900][ C1] skb_clone+0x404/0x5d0 [ 658.278900][ C1] br_flood+0xd14/0xf90 [ 658.278900][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 658.278900][ C1] ? brport_get_ownership+0xf0/0xf0 [ 658.278900][ C1] ? brport_get_ownership+0xf0/0xf0 [ 658.278900][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 658.278900][ C1] ? brport_get_ownership+0xf0/0xf0 [ 658.278900][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 658.278900][ C1] ? brport_get_ownership+0xf0/0xf0 [ 658.278900][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 658.278900][ C1] ? br_nf_pre_routing_ipv6+0x7f0/0x7f0 [ 658.278900][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 658.278900][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 658.599989][ C1] ? brnf_device_event+0x3c0/0x3c0 [ 658.599989][ C1] br_handle_frame+0xcd2/0x2050 [ 658.599989][ C1] ? brport_get_ownership+0xf0/0xf0 [ 658.599989][ C1] ? br_pass_frame_up+0x9c0/0x9c0 [ 658.599989][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 658.599989][ C1] ? ipv6_gro_receive+0x25e2/0x2960 [ 658.599989][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 658.599989][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 658.599989][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 658.599989][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 658.599989][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 658.599989][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 658.599989][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 658.599989][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 658.599989][ C1] napi_gro_receive+0xae7/0xf90 [ 658.599989][ C1] gro_cell_poll+0x24c/0x400 [ 658.599989][ C1] ? gro_cells_init+0x510/0x510 [ 658.599989][ C1] net_rx_action+0x786/0x1aa0 [ 658.599989][ C1] ? net_tx_action+0xc30/0xc30 [ 658.599989][ C1] __do_softirq+0x311/0x83d [ 658.599989][ C1] ? ksoftirqd_should_run+0x30/0x30 [ 658.599989][ C1] ? takeover_tasklets+0x8f0/0x8f0 [ 658.599989][ C1] run_ksoftirqd+0x25/0x40 [ 658.599989][ C1] smpboot_thread_fn+0x493/0x980 [ 658.599989][ C1] kthread+0x4b5/0x4f0 [ 658.599989][ C1] ? cpu_report_death+0x180/0x180 [ 658.599989][ C1] ? kthread_blkcg+0xf0/0xf0 [ 658.599989][ C1] ret_from_fork+0x35/0x40 [ 658.599989][ C1] Uninit was stored to memory at: [ 658.599989][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 658.599989][ C1] __msan_chain_origin+0x50/0x90 [ 658.599989][ C1] __skb_clone+0x939/0x970 [ 658.599989][ C1] skb_clone+0x404/0x5d0 [ 658.599989][ C1] br_flood+0xa8e/0xf90 [ 658.599989][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 658.599989][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 658.599989][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 658.599989][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 658.599989][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 658.599989][ C1] br_handle_frame+0xcd2/0x2050 [ 658.599989][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 658.599989][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 658.599989][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 658.599989][ C1] napi_gro_receive+0xae7/0xf90 [ 658.599989][ C1] gro_cell_poll+0x24c/0x400 [ 658.599989][ C1] net_rx_action+0x786/0x1aa0 [ 658.599989][ C1] __do_softirq+0x311/0x83d [ 658.599989][ C1] [ 658.599989][ C1] Uninit was stored to memory at: [ 658.599989][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 658.599989][ C1] __msan_chain_origin+0x50/0x90 [ 658.599989][ C1] __skb_clone+0x939/0x970 [ 658.599989][ C1] skb_clone+0x404/0x5d0 [ 658.599989][ C1] br_flood+0xa8e/0xf90 [ 658.599989][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 658.599989][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 658.599989][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 658.599989][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 658.599989][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 658.599989][ C1] br_handle_frame+0xcd2/0x2050 [ 658.599989][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 658.599989][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 658.599989][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 658.599989][ C1] napi_gro_receive+0xae7/0xf90 [ 658.599989][ C1] gro_cell_poll+0x24c/0x400 [ 658.599989][ C1] net_rx_action+0x786/0x1aa0 [ 658.599989][ C1] __do_softirq+0x311/0x83d [ 658.599989][ C1] [ 658.599989][ C1] Uninit was stored to memory at: [ 658.599989][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 658.599989][ C1] __msan_chain_origin+0x50/0x90 [ 658.599989][ C1] __skb_clone+0x939/0x970 [ 658.599989][ C1] skb_clone+0x404/0x5d0 [ 658.599989][ C1] br_flood+0xa8e/0xf90 [ 658.599989][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 658.599989][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 658.599989][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 658.599989][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 658.599989][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 658.599989][ C1] br_handle_frame+0xcd2/0x2050 [ 658.599989][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 658.599989][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 658.599989][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 658.599989][ C1] napi_gro_receive+0xae7/0xf90 [ 658.599989][ C1] gro_cell_poll+0x24c/0x400 [ 658.599989][ C1] net_rx_action+0x786/0x1aa0 [ 658.599989][ C1] __do_softirq+0x311/0x83d [ 658.599989][ C1] [ 658.599989][ C1] Uninit was stored to memory at: [ 658.599989][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 658.599989][ C1] __msan_chain_origin+0x50/0x90 [ 658.599989][ C1] __skb_clone+0x939/0x970 [ 658.599989][ C1] skb_clone+0x404/0x5d0 [ 658.599989][ C1] br_flood+0xa8e/0xf90 [ 658.599989][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 658.599989][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 658.599989][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 658.599989][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 658.599989][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 658.599989][ C1] br_handle_frame+0xcd2/0x2050 [ 658.599989][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 658.599989][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 658.599989][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 658.599989][ C1] napi_gro_receive+0xae7/0xf90 [ 658.599989][ C1] gro_cell_poll+0x24c/0x400 [ 658.599989][ C1] net_rx_action+0x786/0x1aa0 [ 658.599989][ C1] __do_softirq+0x311/0x83d [ 658.599989][ C1] [ 658.599989][ C1] Uninit was stored to memory at: [ 658.599989][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 658.599989][ C1] __msan_chain_origin+0x50/0x90 [ 658.599989][ C1] pskb_expand_head+0x1750/0x1b00 [ 658.599989][ C1] geneve_build_skb+0x4c0/0xe00 [ 658.599989][ C1] geneve_xmit+0x25a3/0x2c20 [ 658.599989][ C1] dev_hard_start_xmit+0x531/0xab0 [ 658.599989][ C1] __dev_queue_xmit+0x2f8d/0x3b20 [ 658.599989][ C1] dev_queue_xmit+0x4b/0x60 [ 658.599989][ C1] br_dev_queue_push_xmit+0x7f5/0x8b0 [ 658.599989][ C1] br_nf_dev_queue_xmit+0x693/0x1910 [ 658.599989][ C1] br_nf_post_routing+0x152e/0x17e0 [ 658.599989][ C1] nf_hook_slow+0x16e/0x400 [ 658.599989][ C1] br_forward_finish+0x24a/0x3f0 [ 658.599989][ C1] br_nf_forward_finish+0xf47/0x11a0 [ 658.599989][ C1] br_nf_forward_ip+0x1d4e/0x1f30 [ 658.599989][ C1] nf_hook_slow+0x16e/0x400 [ 658.599989][ C1] __br_forward+0x75c/0xe30 [ 658.599989][ C1] br_flood+0xb0b/0xf90 [ 658.599989][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 658.599989][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 658.599989][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 658.599989][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 658.599989][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 658.599989][ C1] br_handle_frame+0xcd2/0x2050 [ 658.599989][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 658.599989][ C1] process_backlog+0x936/0x1410 [ 658.599989][ C1] net_rx_action+0x786/0x1aa0 [ 658.599989][ C1] __do_softirq+0x311/0x83d [ 658.599989][ C1] [ 658.599989][ C1] Uninit was stored to memory at: [ 658.599989][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 658.599989][ C1] __msan_chain_origin+0x50/0x90 [ 658.599989][ C1] __skb_clone+0x863/0x970 [ 658.599989][ C1] skb_clone+0x404/0x5d0 [ 658.599989][ C1] br_flood+0xa8e/0xf90 [ 658.599989][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 658.599989][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 658.599989][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 658.599989][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 658.599989][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 658.599989][ C1] br_handle_frame+0xcd2/0x2050 [ 658.599989][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 658.599989][ C1] process_backlog+0x936/0x1410 [ 658.599989][ C1] net_rx_action+0x786/0x1aa0 [ 658.599989][ C1] __do_softirq+0x311/0x83d [ 658.599989][ C1] [ 658.599989][ C1] Uninit was stored to memory at: [ 658.599989][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 658.599989][ C1] __msan_chain_origin+0x50/0x90 [ 658.599989][ C1] skb_clone+0x486/0x5d0 [ 658.599989][ C1] br_flood+0xa8e/0xf90 [ 658.599989][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 658.599989][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 658.599989][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 658.599989][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 658.599989][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 658.599989][ C1] br_handle_frame+0xcd2/0x2050 [ 658.599989][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 658.599989][ C1] process_backlog+0x936/0x1410 [ 658.599989][ C1] net_rx_action+0x786/0x1aa0 [ 658.599989][ C1] __do_softirq+0x311/0x83d [ 658.599989][ C1] [ 658.599989][ C1] Uninit was created at: [ 658.599989][ C1] kmsan_internal_poison_shadow+0x66/0xd0 [ 658.599989][ C1] kmsan_slab_alloc+0x8a/0xe0 [ 658.599989][ C1] kmem_cache_alloc+0x711/0xd70 [ 658.599989][ C1] skb_clone+0x328/0x5d0 [ 658.599989][ C1] br_flood+0xa8e/0xf90 [ 658.599989][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 658.599989][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 658.599989][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 658.599989][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 658.599989][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 658.599989][ C1] br_handle_frame+0xcd2/0x2050 [ 658.599989][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 658.599989][ C1] process_backlog+0x936/0x1410 [ 658.599989][ C1] net_rx_action+0x786/0x1aa0 [ 658.599989][ C1] __do_softirq+0x311/0x83d [ 659.650527][T13337] binder: 13331:13337 ioctl c0306201 20000540 returned -14 00:12:26 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="48000000100005070000", @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:12:26 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:12:26 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:12:26 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x0, 0x0, &(0x7f0000000140)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) [ 660.216479][T13352] binder: BINDER_SET_CONTEXT_MGR already set [ 660.222980][T13352] binder: 13349:13352 ioctl 40046207 0 returned -16 [ 660.241334][T13352] binder: 13349:13352 ioctl c0306201 20000540 returned -14 [ 660.506236][T13362] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 660.569093][T13364] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 660.736343][T13369] binder: 13368:13369 ioctl c0306201 20000540 returned -14 [ 661.207306][T13388] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 661.260398][T13392] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:12:26 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:12:26 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x0, 0x0, &(0x7f0000000140)}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:12:26 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:12:26 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:12:27 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='hugetlb.2MB.usage_in_bytes\x00', 0x7a05, 0x1700) r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, &(0x7f0000000000)={{0x6, @rose}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) connect$netrom(r0, &(0x7f0000000000)={{0x6, @rose}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) 00:12:27 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700000000000000", @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:12:27 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) [ 661.386869][T13395] binder_alloc: 13390: binder_alloc_buf, no vma [ 661.410234][T13395] binder: 13390:13395 ioctl c0306201 20000540 returned -14 00:12:29 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:12:29 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:12:29 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:12:29 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700000000000000", @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:12:29 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='hugetlb.2MB.usage_in_bytes\x00', 0x7a05, 0x1700) r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, &(0x7f0000000000)={{0x6, @rose}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) connect$netrom(r0, &(0x7f0000000000)={{0x6, @rose}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) 00:12:29 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) [ 663.206961][T13412] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 663.267447][T13412] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 663.320464][T13423] binder_alloc: 13409: binder_alloc_buf, no vma [ 663.342016][T13423] binder: 13409:13423 ioctl c0306201 20000540 returned -14 00:12:29 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:12:29 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700000000000000", @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:12:30 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 664.037955][T13435] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 664.113364][T13440] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:12:30 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:12:30 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:12:30 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='hugetlb.2MB.usage_in_bytes\x00', 0x7a05, 0x1700) r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, &(0x7f0000000000)={{0x6, @rose}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) connect$netrom(r0, &(0x7f0000000000)={{0x6, @rose}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) 00:12:30 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:12:30 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, 0x0) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:12:30 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/18, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:12:30 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 664.438117][T13456] binder_alloc: 13449: binder_alloc_buf, no vma [ 664.465483][T13456] binder: 13449:13456 ioctl c0306201 20000540 returned -14 [ 664.794143][T13464] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. 00:12:30 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) [ 664.844503][T13467] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:12:31 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, 0x0) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:12:31 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/18, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:12:31 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) [ 665.480761][T13486] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 665.849364][T13491] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:12:32 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='hugetlb.2MB.usage_in_bytes\x00', 0x7a05, 0x1700) r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, &(0x7f0000000000)={{0x6, @rose}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) 00:12:32 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:12:32 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:12:32 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:12:32 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, 0x0) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:12:32 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/18, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) [ 666.312531][T13504] binder: 13501:13504 ioctl c0306201 20000540 returned -14 00:12:32 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:12:32 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(0xffffffffffffffff, 0x84, 0x79, &(0x7f0000000500)={r4, 0x8000}, 0x8) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r5, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 666.751668][T13512] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 666.778086][T13512] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:12:33 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/19, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:12:33 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:12:33 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='hugetlb.2MB.usage_in_bytes\x00', 0x7a05, 0x1700) connect$netrom(0xffffffffffffffff, &(0x7f0000000000)={{0x6, @rose}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) 00:12:33 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 667.315498][T13532] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. 00:12:33 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(0xffffffffffffffff, 0x84, 0x79, &(0x7f0000000500)={r4, 0x8000}, 0x8) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r5, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 667.368996][T13536] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 668.060160][T13556] binder: 13546:13556 ioctl c0306201 20000540 returned -14 [ 668.248165][T13562] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 668.319836][T13569] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:12:33 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:12:33 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:12:33 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='hugetlb.2MB.usage_in_bytes\x00', 0x7a05, 0x1700) connect$netrom(0xffffffffffffffff, &(0x7f0000000000)={{0x6, @rose}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) 00:12:34 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/19, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:12:34 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(0xffffffffffffffff, 0x84, 0x79, &(0x7f0000000500)={r4, 0x8000}, 0x8) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r5, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:12:34 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:12:34 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:12:34 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='hugetlb.2MB.usage_in_bytes\x00', 0x7a05, 0x1700) connect$netrom(0xffffffffffffffff, &(0x7f0000000000)={{0x6, @rose}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) 00:12:34 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, 0x0, 0x0) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r5, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:12:34 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/19, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:12:35 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:12:35 executing program 0: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, &(0x7f0000000000)={{0x6, @rose}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) 00:12:35 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:12:35 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 669.390016][T13600] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 669.446060][T13606] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:12:35 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, 0x0, 0x0) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r5, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:12:35 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:12:35 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r3, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0) 00:12:35 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, 0x0, 0x0) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r5, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 669.670940][T13614] binder: 13605:13614 ioctl c0306201 20000540 returned -14 00:12:36 executing program 0: syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(0xffffffffffffffff, &(0x7f0000000000)={{0x6, @rose}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) 00:12:36 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 670.341020][T13624] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 670.413647][T13629] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:12:36 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:12:36 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:12:36 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={0x0, 0x8000}, 0x8) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r5, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 670.708541][T13646] binder: 13642:13646 ioctl c0306201 20000540 returned -14 00:12:36 executing program 0: syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(0xffffffffffffffff, &(0x7f0000000000)={{0x6, @rose}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) 00:12:37 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:12:37 executing program 0: syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(0xffffffffffffffff, &(0x7f0000000000)={{0x6, @rose}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose, @rose, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) 00:12:37 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={0x0, 0x8000}, 0x8) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r5, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:12:37 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) [ 675.211010][ C0] not chained 380000 origins [ 675.215677][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.6.0-rc7-syzkaller #0 [ 675.218901][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 675.218901][ C0] Call Trace: [ 675.218901][ C0] dump_stack+0x1c9/0x220 [ 675.241135][ C0] kmsan_internal_chain_origin+0x6f/0x130 [ 675.241135][ C0] ? kmsan_internal_chain_origin+0xad/0x130 [ 675.241135][ C0] ? __msan_chain_origin+0x50/0x90 [ 675.241135][ C0] ? __skb_clone+0x863/0x970 [ 675.241135][ C0] ? skb_clone+0x404/0x5d0 [ 675.241135][ C0] ? br_flood+0xa8e/0xf90 [ 675.241135][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 675.241135][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 675.241135][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 675.241135][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 675.241135][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 675.241135][ C0] ? br_handle_frame+0xcd2/0x2050 [ 675.241135][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 675.241135][ C0] ? process_backlog+0x936/0x1410 [ 675.241135][ C0] ? net_rx_action+0x786/0x1aa0 [ 675.241135][ C0] ? __do_softirq+0x311/0x83d [ 675.241135][ C0] ? run_ksoftirqd+0x25/0x40 [ 675.241135][ C0] ? smpboot_thread_fn+0x493/0x980 [ 675.241135][ C0] ? kthread+0x4b5/0x4f0 [ 675.241135][ C0] ? ret_from_fork+0x35/0x40 [ 675.241135][ C0] ? __msan_chain_origin+0x50/0x90 [ 675.241135][ C0] ? skb_clone+0x486/0x5d0 [ 675.241135][ C0] ? br_flood+0xa8e/0xf90 [ 675.241135][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 675.241135][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 675.241135][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 675.241135][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 675.241135][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 675.241135][ C0] ? br_handle_frame+0xcd2/0x2050 [ 675.241135][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 675.241135][ C0] ? process_backlog+0x936/0x1410 [ 675.241135][ C0] ? net_rx_action+0x786/0x1aa0 [ 675.241135][ C0] ? __do_softirq+0x311/0x83d [ 675.241135][ C0] ? run_ksoftirqd+0x25/0x40 [ 675.241135][ C0] ? smpboot_thread_fn+0x493/0x980 [ 675.241135][ C0] ? kthread+0x4b5/0x4f0 [ 675.241135][ C0] ? ret_from_fork+0x35/0x40 [ 675.241135][ C0] ? kmsan_memcpy_memmove_metadata+0x10c/0x2e0 [ 675.241135][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 675.241135][ C0] ? kmsan_set_origin_checked+0x95/0xf0 [ 675.241135][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 675.241135][ C0] __msan_chain_origin+0x50/0x90 [ 675.241135][ C0] __skb_clone+0x939/0x970 [ 675.241135][ C0] skb_clone+0x404/0x5d0 [ 675.241135][ C0] br_flood+0xa8e/0xf90 [ 675.241135][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 675.241135][ C0] ? brport_get_ownership+0xf0/0xf0 [ 675.241135][ C0] ? brport_get_ownership+0xf0/0xf0 [ 675.241135][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 675.241135][ C0] ? brport_get_ownership+0xf0/0xf0 [ 675.241135][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 675.241135][ C0] ? brport_get_ownership+0xf0/0xf0 [ 675.241135][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 675.241135][ C0] ? br_nf_pre_routing_ipv6+0x7f0/0x7f0 [ 675.241135][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 675.241135][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 675.241135][ C0] ? brnf_device_event+0x3c0/0x3c0 [ 675.241135][ C0] br_handle_frame+0xcd2/0x2050 [ 675.241135][ C0] ? brport_get_ownership+0xf0/0xf0 [ 675.241135][ C0] ? br_pass_frame_up+0x9c0/0x9c0 [ 675.241135][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 675.241135][ C0] ? __msan_poison_alloca+0xf0/0x120 [ 675.241135][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 675.241135][ C0] process_backlog+0x936/0x1410 [ 675.241135][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 675.241135][ C0] ? ip_local_deliver_finish+0x350/0x350 [ 675.241135][ C0] ? rps_trigger_softirq+0x2e0/0x2e0 [ 675.241135][ C0] net_rx_action+0x786/0x1aa0 [ 675.241135][ C0] ? net_tx_action+0xc30/0xc30 [ 675.241135][ C0] __do_softirq+0x311/0x83d [ 675.241135][ C0] ? ksoftirqd_should_run+0x30/0x30 [ 675.241135][ C0] ? takeover_tasklets+0x8f0/0x8f0 [ 675.241135][ C0] run_ksoftirqd+0x25/0x40 [ 675.241135][ C0] smpboot_thread_fn+0x493/0x980 [ 675.241135][ C0] kthread+0x4b5/0x4f0 [ 675.241135][ C0] ? cpu_report_death+0x180/0x180 [ 675.241135][ C0] ? kthread_blkcg+0xf0/0xf0 [ 675.241135][ C0] ret_from_fork+0x35/0x40 [ 675.241135][ C0] Uninit was stored to memory at: [ 675.241135][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 675.241135][ C0] __msan_chain_origin+0x50/0x90 [ 675.241135][ C0] __skb_clone+0x939/0x970 [ 675.241135][ C0] skb_clone+0x404/0x5d0 [ 675.241135][ C0] br_flood+0xa8e/0xf90 [ 675.241135][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 675.241135][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 675.241135][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 675.241135][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 675.241135][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 675.241135][ C0] br_handle_frame+0xcd2/0x2050 [ 675.241135][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 675.241135][ C0] process_backlog+0x936/0x1410 [ 675.241135][ C0] net_rx_action+0x786/0x1aa0 [ 675.241135][ C0] __do_softirq+0x311/0x83d [ 675.241135][ C0] [ 675.241135][ C0] Uninit was stored to memory at: [ 675.241135][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 675.241135][ C0] __msan_chain_origin+0x50/0x90 [ 675.241135][ C0] __skb_clone+0x939/0x970 [ 675.241135][ C0] skb_clone+0x404/0x5d0 [ 675.241135][ C0] br_flood+0xa8e/0xf90 [ 675.241135][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 675.241135][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 675.241135][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 675.241135][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 675.241135][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 675.241135][ C0] br_handle_frame+0xcd2/0x2050 [ 675.241135][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 675.241135][ C0] process_backlog+0x936/0x1410 [ 675.241135][ C0] net_rx_action+0x786/0x1aa0 [ 675.241135][ C0] __do_softirq+0x311/0x83d [ 675.241135][ C0] [ 675.241135][ C0] Uninit was stored to memory at: [ 675.241135][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 675.241135][ C0] __msan_chain_origin+0x50/0x90 [ 675.241135][ C0] __skb_clone+0x939/0x970 [ 675.241135][ C0] skb_clone+0x404/0x5d0 [ 675.241135][ C0] br_flood+0xa8e/0xf90 [ 675.241135][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 675.241135][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 675.241135][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 675.241135][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 675.241135][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 675.241135][ C0] br_handle_frame+0xcd2/0x2050 [ 675.241135][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 675.241135][ C0] process_backlog+0x936/0x1410 [ 675.241135][ C0] net_rx_action+0x786/0x1aa0 [ 675.241135][ C0] __do_softirq+0x311/0x83d [ 675.241135][ C0] [ 675.241135][ C0] Uninit was stored to memory at: [ 675.241135][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 675.241135][ C0] __msan_chain_origin+0x50/0x90 [ 675.241135][ C0] __skb_clone+0x939/0x970 [ 675.241135][ C0] skb_clone+0x404/0x5d0 [ 675.241135][ C0] br_flood+0xa8e/0xf90 [ 675.241135][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 675.241135][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 675.241135][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 675.241135][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 675.241135][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 675.241135][ C0] br_handle_frame+0xcd2/0x2050 [ 675.241135][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 675.241135][ C0] process_backlog+0x936/0x1410 [ 675.241135][ C0] net_rx_action+0x786/0x1aa0 [ 675.241135][ C0] __do_softirq+0x311/0x83d [ 675.241135][ C0] [ 675.241135][ C0] Uninit was stored to memory at: [ 675.241135][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 675.241135][ C0] __msan_chain_origin+0x50/0x90 [ 675.241135][ C0] __skb_clone+0x939/0x970 [ 675.241135][ C0] skb_clone+0x404/0x5d0 [ 675.241135][ C0] br_flood+0xa8e/0xf90 [ 675.241135][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 675.241135][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 675.241135][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 675.241135][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 675.241135][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 675.241135][ C0] br_handle_frame+0xcd2/0x2050 [ 675.241135][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 675.241135][ C0] process_backlog+0x936/0x1410 [ 675.241135][ C0] net_rx_action+0x786/0x1aa0 [ 675.241135][ C0] __do_softirq+0x311/0x83d [ 675.241135][ C0] [ 675.241135][ C0] Uninit was stored to memory at: [ 675.241135][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 675.241135][ C0] __msan_chain_origin+0x50/0x90 [ 675.241135][ C0] __skb_clone+0x863/0x970 [ 675.241135][ C0] skb_clone+0x404/0x5d0 [ 675.241135][ C0] br_flood+0xd14/0xf90 [ 675.241135][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 675.241135][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 675.241135][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 675.241135][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 675.241135][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 675.241135][ C0] br_handle_frame+0xcd2/0x2050 [ 675.241135][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 675.241135][ C0] process_backlog+0x936/0x1410 [ 675.241135][ C0] net_rx_action+0x786/0x1aa0 [ 675.241135][ C0] __do_softirq+0x311/0x83d [ 675.241135][ C0] [ 675.241135][ C0] Uninit was stored to memory at: [ 675.241135][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 675.241135][ C0] __msan_chain_origin+0x50/0x90 [ 675.241135][ C0] skb_clone+0x486/0x5d0 [ 675.241135][ C0] br_flood+0xd14/0xf90 [ 675.241135][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 675.241135][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 675.241135][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 675.241135][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 675.241135][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 675.241135][ C0] br_handle_frame+0xcd2/0x2050 [ 675.241135][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 675.241135][ C0] process_backlog+0x936/0x1410 [ 675.241135][ C0] net_rx_action+0x786/0x1aa0 [ 675.241135][ C0] __do_softirq+0x311/0x83d [ 675.241135][ C0] [ 675.241135][ C0] Uninit was created at: [ 675.241135][ C0] kmsan_internal_poison_shadow+0x66/0xd0 [ 675.241135][ C0] kmsan_slab_alloc+0x8a/0xe0 [ 675.241135][ C0] kmem_cache_alloc+0x711/0xd70 [ 675.241135][ C0] skb_clone+0x328/0x5d0 [ 675.241135][ C0] br_flood+0xd14/0xf90 [ 675.241135][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 675.241135][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 675.241135][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 675.241135][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 675.241135][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 675.241135][ C0] br_handle_frame+0xcd2/0x2050 [ 675.241135][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 675.241135][ C0] process_backlog+0x936/0x1410 [ 675.241135][ C0] net_rx_action+0x786/0x1aa0 [ 675.241135][ C0] __do_softirq+0x311/0x83d [ 682.004541][ C1] not chained 390000 origins [ 682.008867][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.6.0-rc7-syzkaller #0 [ 682.008867][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 682.008867][ C1] Call Trace: [ 682.008867][ C1] dump_stack+0x1c9/0x220 [ 682.008867][ C1] kmsan_internal_chain_origin+0x6f/0x130 [ 682.008867][ C1] ? kmsan_internal_chain_origin+0xad/0x130 [ 682.008867][ C1] ? __msan_chain_origin+0x50/0x90 [ 682.008867][ C1] ? __skb_clone+0x863/0x970 [ 682.008867][ C1] ? skb_clone+0x404/0x5d0 [ 682.008867][ C1] ? br_flood+0xa8e/0xf90 [ 682.008867][ C1] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 682.008867][ C1] ? br_nf_hook_thresh+0x4f7/0x680 [ 682.008867][ C1] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 682.008867][ C1] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 682.008867][ C1] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 682.008867][ C1] ? br_handle_frame+0xcd2/0x2050 [ 682.008867][ C1] ? __netif_receive_skb_core+0x21de/0x5840 [ 682.102864][ C1] ? process_backlog+0x936/0x1410 [ 682.102864][ C1] ? net_rx_action+0x786/0x1aa0 [ 682.102864][ C1] ? __do_softirq+0x311/0x83d [ 682.102864][ C1] ? run_ksoftirqd+0x25/0x40 [ 682.102864][ C1] ? smpboot_thread_fn+0x493/0x980 [ 682.102864][ C1] ? kthread+0x4b5/0x4f0 [ 682.102864][ C1] ? ret_from_fork+0x35/0x40 [ 682.102864][ C1] ? __msan_chain_origin+0x50/0x90 [ 682.102864][ C1] ? skb_clone+0x486/0x5d0 [ 682.102864][ C1] ? br_flood+0xa8e/0xf90 [ 682.102864][ C1] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 682.102864][ C1] ? br_nf_hook_thresh+0x4f7/0x680 [ 682.102864][ C1] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 682.102864][ C1] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 682.102864][ C1] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 682.102864][ C1] ? br_handle_frame+0xcd2/0x2050 [ 682.102864][ C1] ? __netif_receive_skb_core+0x21de/0x5840 [ 682.102864][ C1] ? process_backlog+0x936/0x1410 [ 682.102864][ C1] ? net_rx_action+0x786/0x1aa0 [ 682.102864][ C1] ? __do_softirq+0x311/0x83d [ 682.102864][ C1] ? run_ksoftirqd+0x25/0x40 [ 682.102864][ C1] ? smpboot_thread_fn+0x493/0x980 [ 682.102864][ C1] ? kthread+0x4b5/0x4f0 [ 682.102864][ C1] ? ret_from_fork+0x35/0x40 [ 682.102864][ C1] ? kmsan_memcpy_memmove_metadata+0x10c/0x2e0 [ 682.102864][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 682.102864][ C1] ? kmsan_set_origin_checked+0x95/0xf0 [ 682.102864][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 682.102864][ C1] __msan_chain_origin+0x50/0x90 [ 682.102864][ C1] __skb_clone+0x939/0x970 [ 682.102864][ C1] skb_clone+0x404/0x5d0 [ 682.102864][ C1] br_flood+0xa8e/0xf90 [ 682.102864][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 682.102864][ C1] ? brport_get_ownership+0xf0/0xf0 [ 682.102864][ C1] ? brport_get_ownership+0xf0/0xf0 [ 682.102864][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 682.102864][ C1] ? brport_get_ownership+0xf0/0xf0 [ 682.102864][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 682.102864][ C1] ? brport_get_ownership+0xf0/0xf0 [ 682.102864][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 682.102864][ C1] ? br_nf_pre_routing_ipv6+0x7f0/0x7f0 [ 682.102864][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 682.102864][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 682.102864][ C1] ? brnf_device_event+0x3c0/0x3c0 [ 682.102864][ C1] br_handle_frame+0xcd2/0x2050 [ 682.102864][ C1] ? brport_get_ownership+0xf0/0xf0 [ 682.102864][ C1] ? br_pass_frame_up+0x9c0/0x9c0 [ 682.102864][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 682.102864][ C1] ? __msan_poison_alloca+0xf0/0x120 [ 682.102864][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 682.102864][ C1] process_backlog+0x936/0x1410 [ 682.102864][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 682.102864][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 682.102864][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 682.102864][ C1] ? rps_trigger_softirq+0x2e0/0x2e0 [ 682.102864][ C1] net_rx_action+0x786/0x1aa0 [ 682.102864][ C1] ? net_tx_action+0xc30/0xc30 [ 682.102864][ C1] __do_softirq+0x311/0x83d [ 682.102864][ C1] ? ksoftirqd_should_run+0x30/0x30 [ 682.102864][ C1] ? takeover_tasklets+0x8f0/0x8f0 [ 682.102864][ C1] run_ksoftirqd+0x25/0x40 [ 682.102864][ C1] smpboot_thread_fn+0x493/0x980 [ 682.102864][ C1] kthread+0x4b5/0x4f0 [ 682.102864][ C1] ? cpu_report_death+0x180/0x180 [ 682.102864][ C1] ? kthread_blkcg+0xf0/0xf0 [ 682.102864][ C1] ret_from_fork+0x35/0x40 [ 682.102864][ C1] Uninit was stored to memory at: [ 682.102864][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 682.102864][ C1] __msan_chain_origin+0x50/0x90 [ 682.102864][ C1] __skb_clone+0x939/0x970 [ 682.102864][ C1] skb_clone+0x404/0x5d0 [ 682.102864][ C1] br_flood+0xa8e/0xf90 [ 682.102864][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 682.102864][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 682.102864][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 682.102864][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 682.102864][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 682.102864][ C1] br_handle_frame+0xcd2/0x2050 [ 682.102864][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 682.102864][ C1] process_backlog+0x936/0x1410 [ 682.102864][ C1] net_rx_action+0x786/0x1aa0 [ 682.102864][ C1] __do_softirq+0x311/0x83d [ 682.102864][ C1] [ 682.102864][ C1] Uninit was stored to memory at: [ 682.102864][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 682.102864][ C1] __msan_chain_origin+0x50/0x90 [ 682.102864][ C1] __skb_clone+0x939/0x970 [ 682.102864][ C1] skb_clone+0x404/0x5d0 [ 682.102864][ C1] br_flood+0xa8e/0xf90 [ 682.102864][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 682.102864][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 682.102864][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 682.102864][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 682.102864][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 682.102864][ C1] br_handle_frame+0xcd2/0x2050 [ 682.102864][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 682.102864][ C1] process_backlog+0x936/0x1410 [ 682.102864][ C1] net_rx_action+0x786/0x1aa0 [ 682.102864][ C1] __do_softirq+0x311/0x83d [ 682.102864][ C1] [ 682.102864][ C1] Uninit was stored to memory at: [ 682.102864][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 682.102864][ C1] __msan_chain_origin+0x50/0x90 [ 682.102864][ C1] __skb_clone+0x939/0x970 [ 682.102864][ C1] skb_clone+0x404/0x5d0 [ 682.102864][ C1] br_flood+0xa8e/0xf90 [ 682.102864][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 682.102864][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 682.102864][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 682.102864][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 682.102864][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 682.102864][ C1] br_handle_frame+0xcd2/0x2050 [ 682.102864][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 682.102864][ C1] process_backlog+0x936/0x1410 [ 682.102864][ C1] net_rx_action+0x786/0x1aa0 [ 682.102864][ C1] __do_softirq+0x311/0x83d [ 682.102864][ C1] [ 682.102864][ C1] Uninit was stored to memory at: [ 682.102864][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 682.102864][ C1] __msan_chain_origin+0x50/0x90 [ 682.102864][ C1] __skb_clone+0x939/0x970 [ 682.102864][ C1] skb_clone+0x404/0x5d0 [ 682.102864][ C1] br_flood+0xa8e/0xf90 [ 682.102864][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 682.102864][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 682.102864][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 682.102864][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 682.102864][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 682.102864][ C1] br_handle_frame+0xcd2/0x2050 [ 682.102864][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 682.102864][ C1] process_backlog+0x936/0x1410 [ 682.102864][ C1] net_rx_action+0x786/0x1aa0 [ 682.102864][ C1] __do_softirq+0x311/0x83d [ 682.102864][ C1] [ 682.102864][ C1] Uninit was stored to memory at: [ 682.102864][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 682.102864][ C1] __msan_chain_origin+0x50/0x90 [ 682.102864][ C1] __skb_clone+0x939/0x970 [ 682.102864][ C1] skb_clone+0x404/0x5d0 [ 682.102864][ C1] br_flood+0xa8e/0xf90 [ 682.102864][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 682.102864][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 682.102864][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 682.102864][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 682.102864][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 682.102864][ C1] br_handle_frame+0xcd2/0x2050 [ 682.102864][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 682.102864][ C1] process_backlog+0x936/0x1410 [ 682.102864][ C1] net_rx_action+0x786/0x1aa0 [ 682.102864][ C1] __do_softirq+0x311/0x83d [ 682.102864][ C1] [ 682.102864][ C1] Uninit was stored to memory at: [ 682.102864][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 682.896437][ C1] __msan_chain_origin+0x50/0x90 [ 682.896437][ C1] __skb_clone+0x863/0x970 [ 682.896437][ C1] skb_clone+0x404/0x5d0 [ 682.896437][ C1] br_flood+0xa8e/0xf90 [ 682.896437][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 682.896437][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 682.896437][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 682.896437][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 682.896437][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 682.896437][ C1] br_handle_frame+0xcd2/0x2050 [ 682.896437][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 682.896437][ C1] process_backlog+0x936/0x1410 [ 682.896437][ C1] net_rx_action+0x786/0x1aa0 [ 682.896437][ C1] __do_softirq+0x311/0x83d [ 682.896437][ C1] [ 682.896437][ C1] Uninit was stored to memory at: [ 682.896437][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 682.896437][ C1] __msan_chain_origin+0x50/0x90 [ 682.896437][ C1] skb_clone+0x486/0x5d0 [ 682.896437][ C1] br_flood+0xa8e/0xf90 [ 682.896437][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 682.896437][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 682.896437][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 682.896437][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 682.896437][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 682.896437][ C1] br_handle_frame+0xcd2/0x2050 [ 682.896437][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 682.896437][ C1] process_backlog+0x936/0x1410 [ 683.039556][ C1] net_rx_action+0x786/0x1aa0 [ 683.039556][ C1] __do_softirq+0x311/0x83d [ 683.039556][ C1] [ 683.039556][ C1] Uninit was created at: [ 683.039556][ C1] kmsan_internal_poison_shadow+0x66/0xd0 [ 683.039556][ C1] kmsan_slab_alloc+0x8a/0xe0 [ 683.039556][ C1] kmem_cache_alloc+0x711/0xd70 [ 683.039556][ C1] skb_clone+0x328/0x5d0 [ 683.039556][ C1] br_flood+0xa8e/0xf90 [ 683.039556][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 683.039556][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 683.039556][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 683.039556][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 683.039556][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 683.039556][ C1] br_handle_frame+0xcd2/0x2050 [ 683.039556][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 683.039556][ C1] process_backlog+0x936/0x1410 [ 683.039556][ C1] net_rx_action+0x786/0x1aa0 [ 683.039556][ C1] __do_softirq+0x311/0x83d [ 688.326376][ C1] not chained 400000 origins [ 688.328866][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.6.0-rc7-syzkaller #0 [ 688.328866][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 688.328866][ C1] Call Trace: [ 688.328866][ C1] dump_stack+0x1c9/0x220 [ 688.328866][ C1] kmsan_internal_chain_origin+0x6f/0x130 [ 688.328866][ C1] ? kmsan_internal_chain_origin+0xad/0x130 [ 688.328866][ C1] ? __msan_chain_origin+0x50/0x90 [ 688.328866][ C1] ? __skb_clone+0x863/0x970 [ 688.328866][ C1] ? skb_clone+0x404/0x5d0 [ 688.328866][ C1] ? br_flood+0xa8e/0xf90 [ 688.328866][ C1] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 688.328866][ C1] ? br_nf_hook_thresh+0x4f7/0x680 [ 688.328866][ C1] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 688.328866][ C1] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 688.328866][ C1] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 688.328866][ C1] ? br_handle_frame+0xcd2/0x2050 [ 688.328866][ C1] ? __netif_receive_skb_core+0x21de/0x5840 [ 688.328866][ C1] ? process_backlog+0x936/0x1410 [ 688.328866][ C1] ? net_rx_action+0x786/0x1aa0 [ 688.328866][ C1] ? __do_softirq+0x311/0x83d [ 688.328866][ C1] ? run_ksoftirqd+0x25/0x40 [ 688.328866][ C1] ? smpboot_thread_fn+0x493/0x980 [ 688.328866][ C1] ? kthread+0x4b5/0x4f0 [ 688.328866][ C1] ? ret_from_fork+0x35/0x40 [ 688.328866][ C1] ? __msan_chain_origin+0x50/0x90 [ 688.328866][ C1] ? skb_clone+0x486/0x5d0 [ 688.328866][ C1] ? br_flood+0xa8e/0xf90 [ 688.328866][ C1] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 688.328866][ C1] ? br_nf_hook_thresh+0x4f7/0x680 [ 688.328866][ C1] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 688.328866][ C1] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 688.328866][ C1] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 688.328866][ C1] ? br_handle_frame+0xcd2/0x2050 [ 688.328866][ C1] ? __netif_receive_skb_core+0x21de/0x5840 [ 688.328866][ C1] ? process_backlog+0x936/0x1410 [ 688.328866][ C1] ? net_rx_action+0x786/0x1aa0 [ 688.328866][ C1] ? __do_softirq+0x311/0x83d [ 688.328866][ C1] ? run_ksoftirqd+0x25/0x40 [ 688.328866][ C1] ? smpboot_thread_fn+0x493/0x980 [ 688.328866][ C1] ? kthread+0x4b5/0x4f0 [ 688.328866][ C1] ? ret_from_fork+0x35/0x40 [ 688.328866][ C1] ? kmsan_memcpy_memmove_metadata+0x10c/0x2e0 [ 688.328866][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 688.328866][ C1] ? kmsan_set_origin_checked+0x95/0xf0 [ 688.328866][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 688.328866][ C1] __msan_chain_origin+0x50/0x90 [ 688.328866][ C1] __skb_clone+0x939/0x970 [ 688.328866][ C1] skb_clone+0x404/0x5d0 [ 688.328866][ C1] br_flood+0xa8e/0xf90 [ 688.328866][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 688.328866][ C1] ? brport_get_ownership+0xf0/0xf0 [ 688.328866][ C1] ? brport_get_ownership+0xf0/0xf0 [ 688.328866][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 688.328866][ C1] ? brport_get_ownership+0xf0/0xf0 [ 688.328866][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 688.328866][ C1] ? brport_get_ownership+0xf0/0xf0 [ 688.328866][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 688.328866][ C1] ? br_nf_pre_routing_ipv6+0x7f0/0x7f0 [ 688.328866][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 688.645647][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 688.645647][ C1] ? brnf_device_event+0x3c0/0x3c0 [ 688.645647][ C1] br_handle_frame+0xcd2/0x2050 [ 688.645647][ C1] ? brport_get_ownership+0xf0/0xf0 [ 688.645647][ C1] ? br_pass_frame_up+0x9c0/0x9c0 [ 688.645647][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 688.645647][ C1] ? __msan_poison_alloca+0xf0/0x120 [ 688.645647][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 688.645647][ C1] process_backlog+0x936/0x1410 [ 688.645647][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 688.645647][ C1] ? ip_local_deliver_finish+0x350/0x350 [ 688.645647][ C1] ? rps_trigger_softirq+0x2e0/0x2e0 [ 688.645647][ C1] net_rx_action+0x786/0x1aa0 [ 688.645647][ C1] ? net_tx_action+0xc30/0xc30 [ 688.645647][ C1] __do_softirq+0x311/0x83d [ 688.645647][ C1] ? ksoftirqd_should_run+0x30/0x30 [ 688.645647][ C1] ? takeover_tasklets+0x8f0/0x8f0 [ 688.645647][ C1] run_ksoftirqd+0x25/0x40 [ 688.645647][ C1] smpboot_thread_fn+0x493/0x980 [ 688.645647][ C1] kthread+0x4b5/0x4f0 [ 688.645647][ C1] ? cpu_report_death+0x180/0x180 [ 688.645647][ C1] ? kthread_blkcg+0xf0/0xf0 [ 688.645647][ C1] ret_from_fork+0x35/0x40 [ 688.645647][ C1] Uninit was stored to memory at: [ 688.645647][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 688.645647][ C1] __msan_chain_origin+0x50/0x90 [ 688.645647][ C1] __skb_clone+0x939/0x970 [ 688.645647][ C1] skb_clone+0x404/0x5d0 [ 688.645647][ C1] br_flood+0xa8e/0xf90 [ 688.645647][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 688.645647][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 688.645647][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 688.645647][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 688.645647][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 688.645647][ C1] br_handle_frame+0xcd2/0x2050 [ 688.645647][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 688.645647][ C1] process_backlog+0x936/0x1410 [ 688.645647][ C1] net_rx_action+0x786/0x1aa0 [ 688.645647][ C1] __do_softirq+0x311/0x83d [ 688.645647][ C1] [ 688.645647][ C1] Uninit was stored to memory at: [ 688.645647][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 688.863976][ C1] __msan_chain_origin+0x50/0x90 [ 688.863976][ C1] __skb_clone+0x939/0x970 [ 688.863976][ C1] skb_clone+0x404/0x5d0 [ 688.863976][ C1] br_flood+0xa8e/0xf90 [ 688.863976][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 688.863976][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 688.863976][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 688.863976][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 688.863976][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 688.863976][ C1] br_handle_frame+0xcd2/0x2050 [ 688.863976][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 688.863976][ C1] process_backlog+0x936/0x1410 [ 688.863976][ C1] net_rx_action+0x786/0x1aa0 [ 688.863976][ C1] __do_softirq+0x311/0x83d [ 688.863976][ C1] [ 688.863976][ C1] Uninit was stored to memory at: [ 688.863976][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 688.863976][ C1] __msan_chain_origin+0x50/0x90 [ 688.863976][ C1] __skb_clone+0x939/0x970 [ 688.863976][ C1] skb_clone+0x404/0x5d0 [ 688.863976][ C1] br_flood+0xa8e/0xf90 [ 688.863976][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 688.863976][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 688.863976][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 688.863976][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 688.863976][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 688.863976][ C1] br_handle_frame+0xcd2/0x2050 [ 688.863976][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 688.863976][ C1] process_backlog+0x936/0x1410 [ 688.863976][ C1] net_rx_action+0x786/0x1aa0 [ 688.863976][ C1] __do_softirq+0x311/0x83d [ 688.863976][ C1] [ 688.863976][ C1] Uninit was stored to memory at: [ 688.863976][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 688.863976][ C1] __msan_chain_origin+0x50/0x90 [ 688.863976][ C1] __skb_clone+0x939/0x970 [ 688.863976][ C1] skb_clone+0x404/0x5d0 [ 688.863976][ C1] br_flood+0xa8e/0xf90 [ 688.863976][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 688.863976][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 688.863976][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 688.863976][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 688.863976][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 688.863976][ C1] br_handle_frame+0xcd2/0x2050 [ 688.863976][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 688.863976][ C1] process_backlog+0x936/0x1410 [ 688.863976][ C1] net_rx_action+0x786/0x1aa0 [ 688.863976][ C1] __do_softirq+0x311/0x83d [ 688.863976][ C1] [ 688.863976][ C1] Uninit was stored to memory at: [ 688.863976][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 688.863976][ C1] __msan_chain_origin+0x50/0x90 [ 688.863976][ C1] __skb_clone+0x939/0x970 [ 688.863976][ C1] skb_clone+0x404/0x5d0 [ 688.863976][ C1] br_flood+0xa8e/0xf90 [ 688.863976][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 688.863976][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 688.863976][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 688.863976][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 688.863976][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 688.863976][ C1] br_handle_frame+0xcd2/0x2050 [ 688.863976][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 688.863976][ C1] process_backlog+0x936/0x1410 [ 688.863976][ C1] net_rx_action+0x786/0x1aa0 [ 688.863976][ C1] __do_softirq+0x311/0x83d [ 688.863976][ C1] [ 688.863976][ C1] Uninit was stored to memory at: [ 688.863976][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 688.863976][ C1] __msan_chain_origin+0x50/0x90 [ 688.863976][ C1] __skb_clone+0x863/0x970 [ 688.863976][ C1] skb_clone+0x404/0x5d0 [ 688.863976][ C1] br_flood+0xd14/0xf90 [ 688.863976][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 688.863976][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 688.863976][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 688.863976][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 688.863976][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 688.863976][ C1] br_handle_frame+0xcd2/0x2050 [ 688.863976][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 688.863976][ C1] process_backlog+0x936/0x1410 [ 688.863976][ C1] net_rx_action+0x786/0x1aa0 [ 688.863976][ C1] __do_softirq+0x311/0x83d [ 688.863976][ C1] [ 688.863976][ C1] Uninit was stored to memory at: [ 688.863976][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 688.863976][ C1] __msan_chain_origin+0x50/0x90 [ 688.863976][ C1] skb_clone+0x486/0x5d0 [ 688.863976][ C1] br_flood+0xd14/0xf90 [ 688.863976][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 688.863976][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 688.863976][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 688.863976][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 688.863976][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 688.863976][ C1] br_handle_frame+0xcd2/0x2050 [ 688.863976][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 688.863976][ C1] process_backlog+0x936/0x1410 [ 688.863976][ C1] net_rx_action+0x786/0x1aa0 [ 688.863976][ C1] __do_softirq+0x311/0x83d [ 688.863976][ C1] [ 688.863976][ C1] Uninit was created at: [ 688.863976][ C1] kmsan_internal_poison_shadow+0x66/0xd0 [ 688.863976][ C1] kmsan_slab_alloc+0x8a/0xe0 [ 688.863976][ C1] kmem_cache_alloc+0x711/0xd70 [ 688.863976][ C1] skb_clone+0x328/0x5d0 [ 688.863976][ C1] br_flood+0xd14/0xf90 [ 688.863976][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 688.863976][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 688.863976][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 688.863976][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 688.863976][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 688.863976][ C1] br_handle_frame+0xcd2/0x2050 [ 688.863976][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 688.863976][ C1] process_backlog+0x936/0x1410 [ 688.863976][ C1] net_rx_action+0x786/0x1aa0 [ 688.863976][ C1] __do_softirq+0x311/0x83d [ 694.314837][ C1] not chained 410000 origins [ 694.318880][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.6.0-rc7-syzkaller #0 [ 694.318880][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 694.318880][ C1] Call Trace: [ 694.318880][ C1] dump_stack+0x1c9/0x220 [ 694.318880][ C1] kmsan_internal_chain_origin+0x6f/0x130 [ 694.318880][ C1] ? kmsan_internal_chain_origin+0xad/0x130 [ 694.318880][ C1] ? __msan_chain_origin+0x50/0x90 [ 694.318880][ C1] ? __skb_clone+0x863/0x970 [ 694.366584][ C1] ? skb_clone+0x404/0x5d0 [ 694.366584][ C1] ? br_flood+0xa8e/0xf90 [ 694.366584][ C1] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 694.366584][ C1] ? br_nf_hook_thresh+0x4f7/0x680 [ 694.366584][ C1] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 694.366584][ C1] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 694.366584][ C1] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 694.366584][ C1] ? br_handle_frame+0xcd2/0x2050 [ 694.366584][ C1] ? __netif_receive_skb_core+0x21de/0x5840 [ 694.366584][ C1] ? process_backlog+0x936/0x1410 [ 694.366584][ C1] ? net_rx_action+0x786/0x1aa0 [ 694.366584][ C1] ? __do_softirq+0x311/0x83d [ 694.366584][ C1] ? run_ksoftirqd+0x25/0x40 [ 694.366584][ C1] ? smpboot_thread_fn+0x493/0x980 [ 694.366584][ C1] ? kthread+0x4b5/0x4f0 [ 694.366584][ C1] ? ret_from_fork+0x35/0x40 [ 694.366584][ C1] ? __msan_chain_origin+0x50/0x90 [ 694.366584][ C1] ? skb_clone+0x486/0x5d0 [ 694.366584][ C1] ? br_flood+0xa8e/0xf90 [ 694.366584][ C1] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 694.366584][ C1] ? br_nf_hook_thresh+0x4f7/0x680 [ 694.366584][ C1] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 694.366584][ C1] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 694.366584][ C1] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 694.366584][ C1] ? br_handle_frame+0xcd2/0x2050 [ 694.366584][ C1] ? __netif_receive_skb_core+0x21de/0x5840 [ 694.366584][ C1] ? process_backlog+0x936/0x1410 [ 694.366584][ C1] ? net_rx_action+0x786/0x1aa0 [ 694.366584][ C1] ? __do_softirq+0x311/0x83d [ 694.366584][ C1] ? run_ksoftirqd+0x25/0x40 [ 694.366584][ C1] ? smpboot_thread_fn+0x493/0x980 [ 694.366584][ C1] ? kthread+0x4b5/0x4f0 [ 694.366584][ C1] ? ret_from_fork+0x35/0x40 [ 694.366584][ C1] ? kmsan_memcpy_memmove_metadata+0x10c/0x2e0 [ 694.366584][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 694.366584][ C1] ? kmsan_set_origin_checked+0x95/0xf0 [ 694.366584][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 694.366584][ C1] __msan_chain_origin+0x50/0x90 [ 694.366584][ C1] __skb_clone+0x939/0x970 [ 694.366584][ C1] skb_clone+0x404/0x5d0 [ 694.366584][ C1] br_flood+0xa8e/0xf90 [ 694.366584][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 694.366584][ C1] ? brport_get_ownership+0xf0/0xf0 [ 694.366584][ C1] ? brport_get_ownership+0xf0/0xf0 [ 694.366584][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 694.366584][ C1] ? brport_get_ownership+0xf0/0xf0 [ 694.366584][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 694.366584][ C1] ? brport_get_ownership+0xf0/0xf0 [ 694.366584][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 694.366584][ C1] ? br_nf_pre_routing_ipv6+0x7f0/0x7f0 [ 694.366584][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 694.366584][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 694.366584][ C1] ? brnf_device_event+0x3c0/0x3c0 [ 694.366584][ C1] br_handle_frame+0xcd2/0x2050 [ 694.366584][ C1] ? brport_get_ownership+0xf0/0xf0 [ 694.366584][ C1] ? br_pass_frame_up+0x9c0/0x9c0 [ 694.366584][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 694.366584][ C1] ? __msan_poison_alloca+0xf0/0x120 [ 694.366584][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 694.366584][ C1] process_backlog+0x936/0x1410 [ 694.366584][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 694.366584][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 694.366584][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 694.366584][ C1] ? rps_trigger_softirq+0x2e0/0x2e0 [ 694.366584][ C1] net_rx_action+0x786/0x1aa0 [ 694.366584][ C1] ? net_tx_action+0xc30/0xc30 [ 694.366584][ C1] __do_softirq+0x311/0x83d [ 694.366584][ C1] ? ksoftirqd_should_run+0x30/0x30 [ 694.366584][ C1] ? takeover_tasklets+0x8f0/0x8f0 [ 694.366584][ C1] run_ksoftirqd+0x25/0x40 [ 694.366584][ C1] smpboot_thread_fn+0x493/0x980 [ 694.366584][ C1] kthread+0x4b5/0x4f0 [ 694.366584][ C1] ? cpu_report_death+0x180/0x180 [ 694.366584][ C1] ? kthread_blkcg+0xf0/0xf0 [ 694.366584][ C1] ret_from_fork+0x35/0x40 [ 694.366584][ C1] Uninit was stored to memory at: [ 694.752077][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 694.752077][ C1] __msan_chain_origin+0x50/0x90 [ 694.752077][ C1] __skb_clone+0x939/0x970 [ 694.752077][ C1] skb_clone+0x404/0x5d0 [ 694.752077][ C1] br_flood+0xa8e/0xf90 [ 694.752077][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 694.752077][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 694.752077][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 694.752077][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 694.752077][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 694.752077][ C1] br_handle_frame+0xcd2/0x2050 [ 694.752077][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 694.752077][ C1] process_backlog+0x936/0x1410 [ 694.752077][ C1] net_rx_action+0x786/0x1aa0 [ 694.752077][ C1] __do_softirq+0x311/0x83d [ 694.752077][ C1] [ 694.752077][ C1] Uninit was stored to memory at: [ 694.752077][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 694.752077][ C1] __msan_chain_origin+0x50/0x90 [ 694.752077][ C1] __skb_clone+0x939/0x970 [ 694.752077][ C1] skb_clone+0x404/0x5d0 [ 694.752077][ C1] br_flood+0xa8e/0xf90 [ 694.752077][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 694.752077][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 694.752077][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 694.752077][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 694.752077][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 694.752077][ C1] br_handle_frame+0xcd2/0x2050 [ 694.752077][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 694.752077][ C1] process_backlog+0x936/0x1410 [ 694.752077][ C1] net_rx_action+0x786/0x1aa0 [ 694.752077][ C1] __do_softirq+0x311/0x83d [ 694.752077][ C1] [ 694.752077][ C1] Uninit was stored to memory at: [ 694.752077][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 694.752077][ C1] __msan_chain_origin+0x50/0x90 [ 694.752077][ C1] __skb_clone+0x939/0x970 [ 694.752077][ C1] skb_clone+0x404/0x5d0 [ 694.752077][ C1] br_flood+0xa8e/0xf90 [ 694.752077][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 694.752077][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 694.752077][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 694.752077][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 694.752077][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 694.752077][ C1] br_handle_frame+0xcd2/0x2050 [ 694.752077][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 694.752077][ C1] process_backlog+0x936/0x1410 [ 694.752077][ C1] net_rx_action+0x786/0x1aa0 [ 694.752077][ C1] __do_softirq+0x311/0x83d [ 694.752077][ C1] [ 694.752077][ C1] Uninit was stored to memory at: [ 694.752077][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 694.752077][ C1] __msan_chain_origin+0x50/0x90 [ 694.752077][ C1] __skb_clone+0x939/0x970 [ 694.752077][ C1] skb_clone+0x404/0x5d0 [ 694.752077][ C1] br_flood+0xa8e/0xf90 [ 694.752077][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 694.752077][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 694.752077][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 694.752077][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 694.752077][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 694.752077][ C1] br_handle_frame+0xcd2/0x2050 [ 694.752077][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 694.752077][ C1] process_backlog+0x936/0x1410 [ 694.752077][ C1] net_rx_action+0x786/0x1aa0 [ 694.752077][ C1] __do_softirq+0x311/0x83d [ 694.752077][ C1] [ 694.752077][ C1] Uninit was stored to memory at: [ 694.752077][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 694.752077][ C1] __msan_chain_origin+0x50/0x90 [ 694.752077][ C1] __skb_clone+0x939/0x970 [ 694.752077][ C1] skb_clone+0x404/0x5d0 [ 694.752077][ C1] br_flood+0xa8e/0xf90 [ 694.752077][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 695.111722][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 695.111722][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 695.111722][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 695.111722][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 695.111722][ C1] br_handle_frame+0xcd2/0x2050 [ 695.111722][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 695.111722][ C1] process_backlog+0x936/0x1410 [ 695.111722][ C1] net_rx_action+0x786/0x1aa0 [ 695.111722][ C1] __do_softirq+0x311/0x83d [ 695.111722][ C1] [ 695.111722][ C1] Uninit was stored to memory at: [ 695.111722][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 695.111722][ C1] __msan_chain_origin+0x50/0x90 [ 695.111722][ C1] __skb_clone+0x863/0x970 [ 695.111722][ C1] skb_clone+0x404/0x5d0 [ 695.111722][ C1] br_flood+0xa8e/0xf90 [ 695.111722][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 695.111722][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 695.111722][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 695.111722][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 695.111722][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 695.111722][ C1] br_handle_frame+0xcd2/0x2050 [ 695.111722][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 695.111722][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 695.111722][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 695.111722][ C1] napi_complete_done+0x2ef/0xb60 [ 695.111722][ C1] gro_cell_poll+0x3a9/0x400 [ 695.111722][ C1] net_rx_action+0x786/0x1aa0 [ 695.111722][ C1] __do_softirq+0x311/0x83d [ 695.111722][ C1] [ 695.111722][ C1] Uninit was stored to memory at: [ 695.111722][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 695.111722][ C1] __msan_chain_origin+0x50/0x90 [ 695.111722][ C1] skb_clone+0x486/0x5d0 [ 695.111722][ C1] br_flood+0xa8e/0xf90 [ 695.111722][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 695.111722][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 695.111722][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 695.111722][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 695.111722][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 695.111722][ C1] br_handle_frame+0xcd2/0x2050 [ 695.111722][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 695.111722][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 695.111722][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 695.111722][ C1] napi_complete_done+0x2ef/0xb60 [ 695.111722][ C1] gro_cell_poll+0x3a9/0x400 [ 695.111722][ C1] net_rx_action+0x786/0x1aa0 [ 695.111722][ C1] __do_softirq+0x311/0x83d [ 695.111722][ C1] [ 695.111722][ C1] Uninit was created at: [ 695.111722][ C1] kmsan_internal_poison_shadow+0x66/0xd0 [ 695.111722][ C1] kmsan_slab_alloc+0x8a/0xe0 [ 695.111722][ C1] kmem_cache_alloc+0x711/0xd70 [ 695.111722][ C1] skb_clone+0x328/0x5d0 [ 695.111722][ C1] br_flood+0xa8e/0xf90 [ 695.111722][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 695.111722][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 695.111722][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 695.111722][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 695.111722][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 695.111722][ C1] br_handle_frame+0xcd2/0x2050 [ 695.111722][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 695.111722][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 695.111722][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 695.111722][ C1] napi_complete_done+0x2ef/0xb60 [ 695.111722][ C1] gro_cell_poll+0x3a9/0x400 [ 695.111722][ C1] net_rx_action+0x786/0x1aa0 [ 695.111722][ C1] __do_softirq+0x311/0x83d 00:13:02 executing program 0: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, 0x0, 0x0) 00:13:02 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r3, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0) 00:13:02 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:13:02 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:13:02 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={0x0, 0x8000}, 0x8) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r5, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:13:02 executing program 5: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:13:02 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 696.271954][T13707] binder: 13693:13707 ioctl c0306201 20000540 returned -14 [ 696.425980][T13711] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 696.469200][T13711] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:13:02 executing program 0: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, 0x0, 0x0) 00:13:03 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:13:03 executing program 0: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, 0x0, 0x0) 00:13:03 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:13:03 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:13:03 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 697.402663][T13740] binder: 13734:13740 ioctl c0306201 20000540 returned -14 [ 702.091776][ C0] not chained 420000 origins [ 702.096420][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.6.0-rc7-syzkaller #0 [ 702.098855][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 702.098855][ C0] Call Trace: [ 702.098855][ C0] dump_stack+0x1c9/0x220 [ 702.098855][ C0] kmsan_internal_chain_origin+0x6f/0x130 [ 702.098855][ C0] ? kmsan_internal_chain_origin+0xad/0x130 [ 702.098855][ C0] ? __msan_chain_origin+0x50/0x90 [ 702.098855][ C0] ? __skb_clone+0x863/0x970 [ 702.098855][ C0] ? skb_clone+0x404/0x5d0 [ 702.098855][ C0] ? br_flood+0xa8e/0xf90 [ 702.098855][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 702.098855][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 702.098855][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 702.098855][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 702.098855][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 702.098855][ C0] ? br_handle_frame+0xcd2/0x2050 [ 702.098855][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 702.098855][ C0] ? process_backlog+0x936/0x1410 [ 702.098855][ C0] ? net_rx_action+0x786/0x1aa0 [ 702.098855][ C0] ? __do_softirq+0x311/0x83d [ 702.098855][ C0] ? run_ksoftirqd+0x25/0x40 [ 702.098855][ C0] ? smpboot_thread_fn+0x493/0x980 [ 702.098855][ C0] ? kthread+0x4b5/0x4f0 [ 702.098855][ C0] ? ret_from_fork+0x35/0x40 [ 702.098855][ C0] ? __msan_chain_origin+0x50/0x90 [ 702.098855][ C0] ? skb_clone+0x486/0x5d0 [ 702.098855][ C0] ? br_flood+0xa8e/0xf90 [ 702.098855][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 702.098855][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 702.098855][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 702.098855][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 702.098855][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 702.098855][ C0] ? br_handle_frame+0xcd2/0x2050 [ 702.098855][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 702.098855][ C0] ? process_backlog+0x936/0x1410 [ 702.098855][ C0] ? net_rx_action+0x786/0x1aa0 [ 702.098855][ C0] ? __do_softirq+0x311/0x83d [ 702.098855][ C0] ? run_ksoftirqd+0x25/0x40 [ 702.098855][ C0] ? smpboot_thread_fn+0x493/0x980 [ 702.098855][ C0] ? kthread+0x4b5/0x4f0 [ 702.098855][ C0] ? ret_from_fork+0x35/0x40 [ 702.098855][ C0] ? kmsan_memcpy_memmove_metadata+0x10c/0x2e0 [ 702.098855][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 702.098855][ C0] ? kmsan_set_origin_checked+0x95/0xf0 [ 702.098855][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 702.098855][ C0] __msan_chain_origin+0x50/0x90 [ 702.098855][ C0] __skb_clone+0x939/0x970 [ 702.098855][ C0] skb_clone+0x404/0x5d0 [ 702.098855][ C0] br_flood+0xa8e/0xf90 [ 702.098855][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 702.098855][ C0] ? brport_get_ownership+0xf0/0xf0 [ 702.098855][ C0] ? brport_get_ownership+0xf0/0xf0 [ 702.098855][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 702.098855][ C0] ? brport_get_ownership+0xf0/0xf0 [ 702.098855][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 702.098855][ C0] ? brport_get_ownership+0xf0/0xf0 [ 702.098855][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 702.098855][ C0] ? br_nf_pre_routing_ipv6+0x7f0/0x7f0 [ 702.098855][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 702.098855][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 702.098855][ C0] ? brnf_device_event+0x3c0/0x3c0 [ 702.098855][ C0] br_handle_frame+0xcd2/0x2050 [ 702.098855][ C0] ? brport_get_ownership+0xf0/0xf0 [ 702.098855][ C0] ? br_pass_frame_up+0x9c0/0x9c0 [ 702.098855][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 702.098855][ C0] ? __msan_poison_alloca+0xf0/0x120 [ 702.098855][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 702.098855][ C0] process_backlog+0x936/0x1410 [ 702.098855][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 702.098855][ C0] ? ip_local_deliver_finish+0x350/0x350 [ 702.098855][ C0] ? rps_trigger_softirq+0x2e0/0x2e0 [ 702.098855][ C0] net_rx_action+0x786/0x1aa0 [ 702.098855][ C0] ? net_tx_action+0xc30/0xc30 [ 702.098855][ C0] __do_softirq+0x311/0x83d [ 702.098855][ C0] ? ksoftirqd_should_run+0x30/0x30 [ 702.098855][ C0] ? takeover_tasklets+0x8f0/0x8f0 [ 702.098855][ C0] run_ksoftirqd+0x25/0x40 [ 702.098855][ C0] smpboot_thread_fn+0x493/0x980 [ 702.098855][ C0] kthread+0x4b5/0x4f0 [ 702.098855][ C0] ? cpu_report_death+0x180/0x180 [ 702.098855][ C0] ? kthread_blkcg+0xf0/0xf0 [ 702.098855][ C0] ret_from_fork+0x35/0x40 [ 702.098855][ C0] Uninit was stored to memory at: [ 702.098855][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 702.098855][ C0] __msan_chain_origin+0x50/0x90 [ 702.098855][ C0] __skb_clone+0x939/0x970 [ 702.098855][ C0] skb_clone+0x404/0x5d0 [ 702.098855][ C0] br_flood+0xa8e/0xf90 [ 702.098855][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 702.098855][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 702.098855][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 702.098855][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 702.098855][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 702.098855][ C0] br_handle_frame+0xcd2/0x2050 [ 702.098855][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 702.098855][ C0] process_backlog+0x936/0x1410 [ 702.098855][ C0] net_rx_action+0x786/0x1aa0 [ 702.098855][ C0] __do_softirq+0x311/0x83d [ 702.098855][ C0] [ 702.098855][ C0] Uninit was stored to memory at: [ 702.098855][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 702.098855][ C0] __msan_chain_origin+0x50/0x90 [ 702.098855][ C0] __skb_clone+0x939/0x970 [ 702.098855][ C0] skb_clone+0x404/0x5d0 [ 702.098855][ C0] br_flood+0xa8e/0xf90 [ 702.098855][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 702.098855][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 702.098855][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 702.098855][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 702.098855][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 702.098855][ C0] br_handle_frame+0xcd2/0x2050 [ 702.098855][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 702.098855][ C0] process_backlog+0x936/0x1410 [ 702.098855][ C0] net_rx_action+0x786/0x1aa0 [ 702.098855][ C0] __do_softirq+0x311/0x83d [ 702.098855][ C0] [ 702.098855][ C0] Uninit was stored to memory at: [ 702.098855][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 702.098855][ C0] __msan_chain_origin+0x50/0x90 [ 702.098855][ C0] __skb_clone+0x939/0x970 [ 702.098855][ C0] skb_clone+0x404/0x5d0 [ 702.098855][ C0] br_flood+0xa8e/0xf90 [ 702.098855][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 702.098855][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 702.098855][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 702.098855][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 702.098855][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 702.098855][ C0] br_handle_frame+0xcd2/0x2050 [ 702.098855][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 702.098855][ C0] process_backlog+0x936/0x1410 [ 702.098855][ C0] net_rx_action+0x786/0x1aa0 [ 702.098855][ C0] __do_softirq+0x311/0x83d [ 702.098855][ C0] [ 702.098855][ C0] Uninit was stored to memory at: [ 702.098855][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 702.098855][ C0] __msan_chain_origin+0x50/0x90 [ 702.098855][ C0] __skb_clone+0x939/0x970 [ 702.098855][ C0] skb_clone+0x404/0x5d0 [ 702.098855][ C0] br_flood+0xa8e/0xf90 [ 702.098855][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 702.098855][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 702.098855][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 702.098855][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 702.098855][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 702.098855][ C0] br_handle_frame+0xcd2/0x2050 [ 702.098855][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 702.098855][ C0] process_backlog+0x936/0x1410 [ 702.098855][ C0] net_rx_action+0x786/0x1aa0 [ 702.098855][ C0] __do_softirq+0x311/0x83d [ 702.098855][ C0] [ 702.098855][ C0] Uninit was stored to memory at: [ 702.098855][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 702.098855][ C0] __msan_chain_origin+0x50/0x90 [ 702.098855][ C0] __skb_clone+0x939/0x970 [ 702.098855][ C0] skb_clone+0x404/0x5d0 [ 702.098855][ C0] br_flood+0xa8e/0xf90 [ 702.098855][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 702.098855][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 702.098855][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 702.098855][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 702.098855][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 702.098855][ C0] br_handle_frame+0xcd2/0x2050 [ 702.098855][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 702.098855][ C0] process_backlog+0x936/0x1410 [ 702.098855][ C0] net_rx_action+0x786/0x1aa0 [ 702.098855][ C0] __do_softirq+0x311/0x83d [ 702.098855][ C0] [ 702.098855][ C0] Uninit was stored to memory at: [ 702.098855][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 702.098855][ C0] __msan_chain_origin+0x50/0x90 [ 702.098855][ C0] __skb_clone+0x863/0x970 [ 702.098855][ C0] skb_clone+0x404/0x5d0 [ 702.098855][ C0] br_flood+0xa8e/0xf90 [ 702.098855][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 702.098855][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 702.098855][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 702.098855][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 702.098855][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 702.098855][ C0] br_handle_frame+0xcd2/0x2050 [ 702.098855][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 702.098855][ C0] process_backlog+0x936/0x1410 [ 702.098855][ C0] net_rx_action+0x786/0x1aa0 [ 702.098855][ C0] __do_softirq+0x311/0x83d [ 702.098855][ C0] [ 702.098855][ C0] Uninit was stored to memory at: [ 702.098855][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 702.098855][ C0] __msan_chain_origin+0x50/0x90 [ 702.098855][ C0] skb_clone+0x486/0x5d0 [ 702.098855][ C0] br_flood+0xa8e/0xf90 [ 702.098855][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 702.098855][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 702.098855][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 702.098855][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 702.098855][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 702.098855][ C0] br_handle_frame+0xcd2/0x2050 [ 702.098855][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 702.098855][ C0] process_backlog+0x936/0x1410 [ 702.098855][ C0] net_rx_action+0x786/0x1aa0 [ 702.098855][ C0] __do_softirq+0x311/0x83d [ 702.098855][ C0] [ 702.098855][ C0] Uninit was created at: [ 702.098855][ C0] kmsan_internal_poison_shadow+0x66/0xd0 [ 702.098855][ C0] kmsan_slab_alloc+0x8a/0xe0 [ 702.098855][ C0] kmem_cache_alloc+0x711/0xd70 [ 702.098855][ C0] skb_clone+0x328/0x5d0 [ 702.098855][ C0] br_flood+0xa8e/0xf90 [ 702.098855][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 702.098855][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 702.098855][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 702.098855][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 702.098855][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 702.098855][ C0] br_handle_frame+0xcd2/0x2050 [ 702.098855][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 702.098855][ C0] process_backlog+0x936/0x1410 [ 702.098855][ C0] net_rx_action+0x786/0x1aa0 [ 702.098855][ C0] __do_softirq+0x311/0x83d [ 708.265127][ C1] not chained 430000 origins [ 708.268852][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.6.0-rc7-syzkaller #0 [ 708.268852][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 708.268852][ C1] Call Trace: [ 708.268852][ C1] dump_stack+0x1c9/0x220 [ 708.268852][ C1] kmsan_internal_chain_origin+0x6f/0x130 [ 708.268852][ C1] ? kmsan_internal_chain_origin+0xad/0x130 [ 708.268852][ C1] ? __msan_chain_origin+0x50/0x90 [ 708.268852][ C1] ? __skb_clone+0x863/0x970 [ 708.268852][ C1] ? skb_clone+0x404/0x5d0 [ 708.268852][ C1] ? br_flood+0xa8e/0xf90 [ 708.268852][ C1] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 708.268852][ C1] ? br_nf_hook_thresh+0x4f7/0x680 [ 708.268852][ C1] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 708.268852][ C1] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 708.268852][ C1] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 708.268852][ C1] ? br_handle_frame+0xcd2/0x2050 [ 708.268852][ C1] ? __netif_receive_skb_core+0x21de/0x5840 [ 708.268852][ C1] ? process_backlog+0x936/0x1410 [ 708.268852][ C1] ? net_rx_action+0x786/0x1aa0 [ 708.268852][ C1] ? __do_softirq+0x311/0x83d [ 708.268852][ C1] ? run_ksoftirqd+0x25/0x40 [ 708.268852][ C1] ? smpboot_thread_fn+0x493/0x980 [ 708.268852][ C1] ? kthread+0x4b5/0x4f0 [ 708.268852][ C1] ? ret_from_fork+0x35/0x40 [ 708.268852][ C1] ? __msan_chain_origin+0x50/0x90 [ 708.268852][ C1] ? skb_clone+0x486/0x5d0 [ 708.268852][ C1] ? br_flood+0xa8e/0xf90 [ 708.268852][ C1] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 708.268852][ C1] ? br_nf_hook_thresh+0x4f7/0x680 [ 708.268852][ C1] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 708.268852][ C1] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 708.268852][ C1] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 708.268852][ C1] ? br_handle_frame+0xcd2/0x2050 [ 708.268852][ C1] ? __netif_receive_skb_core+0x21de/0x5840 [ 708.268852][ C1] ? process_backlog+0x936/0x1410 [ 708.268852][ C1] ? net_rx_action+0x786/0x1aa0 [ 708.268852][ C1] ? __do_softirq+0x311/0x83d [ 708.268852][ C1] ? run_ksoftirqd+0x25/0x40 [ 708.268852][ C1] ? smpboot_thread_fn+0x493/0x980 [ 708.268852][ C1] ? kthread+0x4b5/0x4f0 [ 708.268852][ C1] ? ret_from_fork+0x35/0x40 [ 708.268852][ C1] ? kmsan_memcpy_memmove_metadata+0x10c/0x2e0 [ 708.268852][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 708.268852][ C1] ? kmsan_set_origin_checked+0x95/0xf0 [ 708.268852][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 708.268852][ C1] __msan_chain_origin+0x50/0x90 [ 708.268852][ C1] __skb_clone+0x939/0x970 [ 708.520180][ C1] skb_clone+0x404/0x5d0 [ 708.520180][ C1] br_flood+0xa8e/0xf90 [ 708.520180][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 708.520180][ C1] ? brport_get_ownership+0xf0/0xf0 [ 708.520180][ C1] ? brport_get_ownership+0xf0/0xf0 [ 708.520180][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 708.520180][ C1] ? brport_get_ownership+0xf0/0xf0 [ 708.520180][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 708.520180][ C1] ? brport_get_ownership+0xf0/0xf0 [ 708.520180][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 708.520180][ C1] ? br_nf_pre_routing_ipv6+0x7f0/0x7f0 [ 708.520180][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 708.520180][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 708.520180][ C1] ? brnf_device_event+0x3c0/0x3c0 [ 708.520180][ C1] br_handle_frame+0xcd2/0x2050 [ 708.520180][ C1] ? brport_get_ownership+0xf0/0xf0 [ 708.520180][ C1] ? br_pass_frame_up+0x9c0/0x9c0 [ 708.520180][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 708.520180][ C1] ? __msan_poison_alloca+0xf0/0x120 [ 708.520180][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 708.520180][ C1] process_backlog+0x936/0x1410 [ 708.520180][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 708.520180][ C1] ? ip_local_deliver_finish+0x350/0x350 [ 708.520180][ C1] ? rps_trigger_softirq+0x2e0/0x2e0 [ 708.520180][ C1] net_rx_action+0x786/0x1aa0 [ 708.520180][ C1] ? net_tx_action+0xc30/0xc30 [ 708.520180][ C1] __do_softirq+0x311/0x83d [ 708.520180][ C1] ? ksoftirqd_should_run+0x30/0x30 [ 708.520180][ C1] ? takeover_tasklets+0x8f0/0x8f0 [ 708.520180][ C1] run_ksoftirqd+0x25/0x40 [ 708.520180][ C1] smpboot_thread_fn+0x493/0x980 [ 708.520180][ C1] kthread+0x4b5/0x4f0 [ 708.520180][ C1] ? cpu_report_death+0x180/0x180 [ 708.520180][ C1] ? kthread_blkcg+0xf0/0xf0 [ 708.520180][ C1] ret_from_fork+0x35/0x40 [ 708.520180][ C1] Uninit was stored to memory at: [ 708.520180][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 708.520180][ C1] __msan_chain_origin+0x50/0x90 [ 708.520180][ C1] __skb_clone+0x939/0x970 [ 708.520180][ C1] skb_clone+0x404/0x5d0 [ 708.520180][ C1] br_flood+0xa8e/0xf90 [ 708.520180][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 708.520180][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 708.520180][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 708.520180][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 708.520180][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 708.520180][ C1] br_handle_frame+0xcd2/0x2050 [ 708.520180][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 708.520180][ C1] process_backlog+0x936/0x1410 [ 708.520180][ C1] net_rx_action+0x786/0x1aa0 [ 708.520180][ C1] __do_softirq+0x311/0x83d [ 708.520180][ C1] [ 708.520180][ C1] Uninit was stored to memory at: [ 708.520180][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 708.520180][ C1] __msan_chain_origin+0x50/0x90 [ 708.520180][ C1] __skb_clone+0x939/0x970 [ 708.520180][ C1] skb_clone+0x404/0x5d0 [ 708.520180][ C1] br_flood+0xa8e/0xf90 [ 708.520180][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 708.520180][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 708.520180][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 708.520180][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 708.520180][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 708.520180][ C1] br_handle_frame+0xcd2/0x2050 [ 708.520180][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 708.520180][ C1] process_backlog+0x936/0x1410 [ 708.520180][ C1] net_rx_action+0x786/0x1aa0 [ 708.520180][ C1] __do_softirq+0x311/0x83d [ 708.520180][ C1] [ 708.520180][ C1] Uninit was stored to memory at: [ 708.875289][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 708.875289][ C1] __msan_chain_origin+0x50/0x90 [ 708.875289][ C1] __skb_clone+0x939/0x970 [ 708.875289][ C1] skb_clone+0x404/0x5d0 [ 708.875289][ C1] br_flood+0xa8e/0xf90 [ 708.875289][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 708.875289][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 708.875289][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 708.875289][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 708.875289][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 708.875289][ C1] br_handle_frame+0xcd2/0x2050 [ 708.875289][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 708.875289][ C1] process_backlog+0x936/0x1410 [ 708.875289][ C1] net_rx_action+0x786/0x1aa0 [ 708.875289][ C1] __do_softirq+0x311/0x83d [ 708.875289][ C1] [ 708.875289][ C1] Uninit was stored to memory at: [ 708.875289][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 708.875289][ C1] __msan_chain_origin+0x50/0x90 [ 708.875289][ C1] __skb_clone+0x939/0x970 [ 708.875289][ C1] skb_clone+0x404/0x5d0 [ 708.875289][ C1] br_flood+0xa8e/0xf90 [ 708.875289][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 708.875289][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 708.875289][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 708.875289][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 708.875289][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 708.875289][ C1] br_handle_frame+0xcd2/0x2050 [ 708.875289][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 708.875289][ C1] process_backlog+0x936/0x1410 [ 708.875289][ C1] net_rx_action+0x786/0x1aa0 [ 708.875289][ C1] __do_softirq+0x311/0x83d [ 708.875289][ C1] [ 708.875289][ C1] Uninit was stored to memory at: [ 708.875289][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 708.875289][ C1] __msan_chain_origin+0x50/0x90 [ 708.875289][ C1] __skb_clone+0x939/0x970 [ 708.875289][ C1] skb_clone+0x404/0x5d0 [ 708.875289][ C1] br_flood+0xa8e/0xf90 [ 708.875289][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 708.875289][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 708.875289][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 708.875289][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 708.875289][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 708.875289][ C1] br_handle_frame+0xcd2/0x2050 [ 708.875289][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 708.875289][ C1] process_backlog+0x936/0x1410 [ 708.875289][ C1] net_rx_action+0x786/0x1aa0 [ 708.875289][ C1] __do_softirq+0x311/0x83d [ 708.875289][ C1] [ 708.875289][ C1] Uninit was stored to memory at: [ 708.875289][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 708.875289][ C1] __msan_chain_origin+0x50/0x90 [ 708.875289][ C1] __skb_clone+0x863/0x970 [ 708.875289][ C1] skb_clone+0x404/0x5d0 [ 708.875289][ C1] br_flood+0xd14/0xf90 [ 708.875289][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 708.875289][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 708.875289][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 708.875289][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 708.875289][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 708.875289][ C1] br_handle_frame+0xcd2/0x2050 [ 708.875289][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 708.875289][ C1] process_backlog+0x936/0x1410 [ 708.875289][ C1] net_rx_action+0x786/0x1aa0 [ 708.875289][ C1] __do_softirq+0x311/0x83d [ 708.875289][ C1] [ 708.875289][ C1] Uninit was stored to memory at: [ 708.875289][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 708.875289][ C1] __msan_chain_origin+0x50/0x90 [ 708.875289][ C1] skb_clone+0x486/0x5d0 [ 708.875289][ C1] br_flood+0xd14/0xf90 [ 708.875289][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 708.875289][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 708.875289][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 708.875289][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 708.875289][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 708.875289][ C1] br_handle_frame+0xcd2/0x2050 [ 708.875289][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 708.875289][ C1] process_backlog+0x936/0x1410 [ 708.875289][ C1] net_rx_action+0x786/0x1aa0 [ 708.875289][ C1] __do_softirq+0x311/0x83d [ 708.875289][ C1] [ 708.875289][ C1] Uninit was created at: [ 708.875289][ C1] kmsan_internal_poison_shadow+0x66/0xd0 [ 708.875289][ C1] kmsan_slab_alloc+0x8a/0xe0 [ 708.875289][ C1] kmem_cache_alloc+0x711/0xd70 [ 708.875289][ C1] skb_clone+0x328/0x5d0 [ 708.875289][ C1] br_flood+0xd14/0xf90 [ 708.875289][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 708.875289][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 708.875289][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 708.875289][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 708.875289][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 708.875289][ C1] br_handle_frame+0xcd2/0x2050 [ 708.875289][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 708.875289][ C1] process_backlog+0x936/0x1410 [ 708.875289][ C1] net_rx_action+0x786/0x1aa0 [ 708.875289][ C1] __do_softirq+0x311/0x83d [ 714.251932][ C0] not chained 440000 origins [ 714.256591][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.6.0-rc7-syzkaller #0 [ 714.258875][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 714.258875][ C0] Call Trace: [ 714.258875][ C0] dump_stack+0x1c9/0x220 [ 714.258875][ C0] kmsan_internal_chain_origin+0x6f/0x130 [ 714.258875][ C0] ? kmsan_internal_chain_origin+0xad/0x130 [ 714.258875][ C0] ? __msan_chain_origin+0x50/0x90 [ 714.258875][ C0] ? __skb_clone+0x863/0x970 [ 714.258875][ C0] ? skb_clone+0x404/0x5d0 [ 714.258875][ C0] ? br_flood+0xd14/0xf90 [ 714.258875][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 714.258875][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 714.258875][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 714.258875][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 714.258875][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 714.258875][ C0] ? br_handle_frame+0xcd2/0x2050 [ 714.258875][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 714.258875][ C0] ? process_backlog+0x936/0x1410 [ 714.258875][ C0] ? net_rx_action+0x786/0x1aa0 [ 714.258875][ C0] ? __do_softirq+0x311/0x83d [ 714.258875][ C0] ? run_ksoftirqd+0x25/0x40 [ 714.258875][ C0] ? smpboot_thread_fn+0x493/0x980 [ 714.258875][ C0] ? kthread+0x4b5/0x4f0 [ 714.258875][ C0] ? ret_from_fork+0x35/0x40 [ 714.258875][ C0] ? __msan_chain_origin+0x50/0x90 [ 714.258875][ C0] ? skb_clone+0x486/0x5d0 [ 714.258875][ C0] ? br_flood+0xd14/0xf90 [ 714.258875][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 714.258875][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 714.258875][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 714.258875][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 714.258875][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 714.258875][ C0] ? br_handle_frame+0xcd2/0x2050 [ 714.258875][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 714.258875][ C0] ? process_backlog+0x936/0x1410 [ 714.258875][ C0] ? net_rx_action+0x786/0x1aa0 [ 714.258875][ C0] ? __do_softirq+0x311/0x83d [ 714.258875][ C0] ? run_ksoftirqd+0x25/0x40 [ 714.258875][ C0] ? smpboot_thread_fn+0x493/0x980 [ 714.258875][ C0] ? kthread+0x4b5/0x4f0 [ 714.258875][ C0] ? ret_from_fork+0x35/0x40 [ 714.258875][ C0] ? kmsan_memcpy_memmove_metadata+0x10c/0x2e0 [ 714.258875][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 714.258875][ C0] ? kmsan_set_origin_checked+0x95/0xf0 [ 714.258875][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 714.258875][ C0] __msan_chain_origin+0x50/0x90 [ 714.258875][ C0] __skb_clone+0x939/0x970 [ 714.258875][ C0] skb_clone+0x404/0x5d0 [ 714.258875][ C0] br_flood+0xd14/0xf90 [ 714.258875][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 714.258875][ C0] ? brport_get_ownership+0xf0/0xf0 [ 714.258875][ C0] ? brport_get_ownership+0xf0/0xf0 [ 714.258875][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 714.258875][ C0] ? brport_get_ownership+0xf0/0xf0 [ 714.258875][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 714.258875][ C0] ? brport_get_ownership+0xf0/0xf0 [ 714.258875][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 714.258875][ C0] ? br_nf_pre_routing_ipv6+0x7f0/0x7f0 [ 714.258875][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 714.258875][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 714.258875][ C0] ? brnf_device_event+0x3c0/0x3c0 [ 714.258875][ C0] br_handle_frame+0xcd2/0x2050 [ 714.258875][ C0] ? brport_get_ownership+0xf0/0xf0 [ 714.258875][ C0] ? br_pass_frame_up+0x9c0/0x9c0 [ 714.258875][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 714.258875][ C0] ? __msan_poison_alloca+0xf0/0x120 [ 714.258875][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 714.258875][ C0] process_backlog+0x936/0x1410 [ 714.258875][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 714.258875][ C0] ? ip_local_deliver_finish+0x350/0x350 [ 714.258875][ C0] ? rps_trigger_softirq+0x2e0/0x2e0 [ 714.258875][ C0] net_rx_action+0x786/0x1aa0 [ 714.258875][ C0] ? net_tx_action+0xc30/0xc30 [ 714.258875][ C0] __do_softirq+0x311/0x83d [ 714.258875][ C0] ? ksoftirqd_should_run+0x30/0x30 [ 714.258875][ C0] ? takeover_tasklets+0x8f0/0x8f0 [ 714.258875][ C0] run_ksoftirqd+0x25/0x40 [ 714.258875][ C0] smpboot_thread_fn+0x493/0x980 [ 714.258875][ C0] kthread+0x4b5/0x4f0 [ 714.258875][ C0] ? cpu_report_death+0x180/0x180 [ 714.258875][ C0] ? kthread_blkcg+0xf0/0xf0 [ 714.258875][ C0] ret_from_fork+0x35/0x40 [ 714.258875][ C0] Uninit was stored to memory at: [ 714.258875][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 714.258875][ C0] __msan_chain_origin+0x50/0x90 [ 714.258875][ C0] __skb_clone+0x939/0x970 [ 714.258875][ C0] skb_clone+0x404/0x5d0 [ 714.258875][ C0] br_flood+0xa8e/0xf90 [ 714.258875][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 714.258875][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 714.258875][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 714.258875][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 714.258875][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 714.258875][ C0] br_handle_frame+0xcd2/0x2050 [ 714.258875][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 714.258875][ C0] process_backlog+0x936/0x1410 [ 714.258875][ C0] net_rx_action+0x786/0x1aa0 [ 714.258875][ C0] __do_softirq+0x311/0x83d [ 714.258875][ C0] [ 714.258875][ C0] Uninit was stored to memory at: [ 714.258875][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 714.258875][ C0] __msan_chain_origin+0x50/0x90 [ 714.258875][ C0] __skb_clone+0x939/0x970 [ 714.258875][ C0] skb_clone+0x404/0x5d0 [ 714.258875][ C0] br_flood+0xa8e/0xf90 [ 714.258875][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 714.258875][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 714.258875][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 714.258875][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 714.258875][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 714.258875][ C0] br_handle_frame+0xcd2/0x2050 [ 714.258875][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 714.258875][ C0] process_backlog+0x936/0x1410 [ 714.258875][ C0] net_rx_action+0x786/0x1aa0 [ 714.258875][ C0] __do_softirq+0x311/0x83d [ 714.258875][ C0] [ 714.258875][ C0] Uninit was stored to memory at: [ 714.258875][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 714.258875][ C0] __msan_chain_origin+0x50/0x90 [ 714.258875][ C0] __skb_clone+0x939/0x970 [ 714.258875][ C0] skb_clone+0x404/0x5d0 [ 714.258875][ C0] br_flood+0xa8e/0xf90 [ 714.258875][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 714.258875][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 714.258875][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 714.258875][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 714.258875][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 714.258875][ C0] br_handle_frame+0xcd2/0x2050 [ 714.258875][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 714.258875][ C0] process_backlog+0x936/0x1410 [ 714.258875][ C0] net_rx_action+0x786/0x1aa0 [ 714.258875][ C0] __do_softirq+0x311/0x83d [ 714.258875][ C0] [ 714.258875][ C0] Uninit was stored to memory at: [ 714.258875][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 714.258875][ C0] __msan_chain_origin+0x50/0x90 [ 714.258875][ C0] __skb_clone+0x939/0x970 [ 714.258875][ C0] skb_clone+0x404/0x5d0 [ 714.258875][ C0] br_flood+0xa8e/0xf90 [ 714.258875][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 714.258875][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 714.258875][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 714.258875][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 714.258875][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 714.258875][ C0] br_handle_frame+0xcd2/0x2050 [ 714.258875][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 714.258875][ C0] process_backlog+0x936/0x1410 [ 714.258875][ C0] net_rx_action+0x786/0x1aa0 [ 714.258875][ C0] __do_softirq+0x311/0x83d [ 714.258875][ C0] [ 714.258875][ C0] Uninit was stored to memory at: [ 714.258875][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 714.258875][ C0] __msan_chain_origin+0x50/0x90 [ 714.258875][ C0] __skb_clone+0x939/0x970 [ 714.258875][ C0] skb_clone+0x404/0x5d0 [ 714.258875][ C0] br_flood+0xa8e/0xf90 [ 714.258875][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 714.258875][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 714.258875][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 714.258875][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 714.258875][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 714.258875][ C0] br_handle_frame+0xcd2/0x2050 [ 714.258875][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 714.258875][ C0] process_backlog+0x936/0x1410 [ 714.258875][ C0] net_rx_action+0x786/0x1aa0 [ 714.258875][ C0] __do_softirq+0x311/0x83d [ 714.258875][ C0] [ 714.258875][ C0] Uninit was stored to memory at: [ 714.258875][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 714.258875][ C0] __msan_chain_origin+0x50/0x90 [ 714.258875][ C0] __skb_clone+0x863/0x970 [ 714.258875][ C0] skb_clone+0x404/0x5d0 [ 714.258875][ C0] br_flood+0xd14/0xf90 [ 714.258875][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 714.258875][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 714.258875][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 714.258875][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 714.258875][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 714.258875][ C0] br_handle_frame+0xcd2/0x2050 [ 714.258875][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 714.258875][ C0] process_backlog+0x936/0x1410 [ 714.258875][ C0] net_rx_action+0x786/0x1aa0 [ 714.258875][ C0] __do_softirq+0x311/0x83d [ 714.258875][ C0] [ 714.258875][ C0] Uninit was stored to memory at: [ 714.258875][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 714.258875][ C0] __msan_chain_origin+0x50/0x90 [ 714.258875][ C0] skb_clone+0x486/0x5d0 [ 714.258875][ C0] br_flood+0xd14/0xf90 [ 714.258875][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 714.258875][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 714.258875][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 714.258875][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 714.258875][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 714.258875][ C0] br_handle_frame+0xcd2/0x2050 [ 714.258875][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 714.258875][ C0] process_backlog+0x936/0x1410 [ 714.258875][ C0] net_rx_action+0x786/0x1aa0 [ 714.258875][ C0] __do_softirq+0x311/0x83d [ 714.258875][ C0] [ 714.258875][ C0] Uninit was created at: [ 714.258875][ C0] kmsan_internal_poison_shadow+0x66/0xd0 [ 714.258875][ C0] kmsan_slab_alloc+0x8a/0xe0 [ 714.258875][ C0] kmem_cache_alloc+0x711/0xd70 [ 714.258875][ C0] skb_clone+0x328/0x5d0 [ 714.258875][ C0] br_flood+0xd14/0xf90 [ 714.258875][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 714.258875][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 714.258875][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 714.258875][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 714.258875][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 714.258875][ C0] br_handle_frame+0xcd2/0x2050 [ 714.258875][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 714.258875][ C0] process_backlog+0x936/0x1410 [ 714.258875][ C0] net_rx_action+0x786/0x1aa0 [ 714.258875][ C0] __do_softirq+0x311/0x83d [ 719.993143][T13759] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 720.006860][T13760] binder: 13756:13760 ioctl c0306201 0 returned -14 [ 720.019427][T13760] binder: 13756:13760 ioctl c0306201 20000540 returned -14 [ 720.054503][T13770] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:13:26 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000580db00", @ANYRES32=r3, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0) 00:13:26 executing program 5: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:13:26 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:13:26 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:13:26 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(0x0) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:13:26 executing program 0: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x0, 0x0, @loopback}, 0x2c) sendto$inet6(r0, &(0x7f00000000c0)='#', 0x1, 0x0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) 00:13:26 executing program 5: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:13:27 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) [ 720.905425][ C0] not chained 450000 origins [ 720.908865][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.6.0-rc7-syzkaller #0 [ 720.908865][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 720.908865][ C0] Call Trace: [ 720.908865][ C0] dump_stack+0x1c9/0x220 [ 720.908865][ C0] kmsan_internal_chain_origin+0x6f/0x130 [ 720.908865][ C0] ? kmsan_internal_chain_origin+0xad/0x130 [ 720.908865][ C0] ? __msan_chain_origin+0x50/0x90 [ 720.908865][ C0] ? __skb_clone+0x863/0x970 [ 720.908865][ C0] ? skb_clone+0x404/0x5d0 [ 720.908865][ C0] ? br_flood+0xa8e/0xf90 [ 720.908865][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 720.908865][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 720.908865][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 720.908865][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 720.908865][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 720.908865][ C0] ? br_handle_frame+0xcd2/0x2050 [ 720.908865][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 720.908865][ C0] ? __netif_receive_skb_list_core+0x315/0x1380 [ 720.908865][ C0] ? netif_receive_skb_list_internal+0xf62/0x1620 [ 720.908865][ C0] ? napi_gro_receive+0xae7/0xf90 [ 720.908865][ C0] ? gro_cell_poll+0x24c/0x400 [ 720.908865][ C0] ? net_rx_action+0x786/0x1aa0 [ 720.908865][ C0] ? __do_softirq+0x311/0x83d [ 720.908865][ C0] ? run_ksoftirqd+0x25/0x40 [ 720.908865][ C0] ? smpboot_thread_fn+0x493/0x980 [ 720.908865][ C0] ? kthread+0x4b5/0x4f0 [ 720.908865][ C0] ? ret_from_fork+0x35/0x40 [ 720.908865][ C0] ? skb_clone+0x486/0x5d0 [ 720.908865][ C0] ? br_flood+0xa8e/0xf90 [ 720.908865][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 720.908865][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 720.908865][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 720.908865][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 720.908865][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 720.908865][ C0] ? br_handle_frame+0xcd2/0x2050 [ 720.908865][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 720.908865][ C0] ? __netif_receive_skb_list_core+0x315/0x1380 [ 720.908865][ C0] ? netif_receive_skb_list_internal+0xf62/0x1620 [ 720.908865][ C0] ? napi_gro_receive+0xae7/0xf90 [ 720.908865][ C0] ? gro_cell_poll+0x24c/0x400 [ 720.908865][ C0] ? net_rx_action+0x786/0x1aa0 [ 720.908865][ C0] ? __do_softirq+0x311/0x83d [ 720.908865][ C0] ? kmsan_memcpy_memmove_metadata+0x10c/0x2e0 [ 720.908865][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 720.908865][ C0] ? kmsan_set_origin_checked+0x95/0xf0 [ 720.908865][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 720.908865][ C0] __msan_chain_origin+0x50/0x90 [ 720.908865][ C0] __skb_clone+0x939/0x970 [ 720.908865][ C0] skb_clone+0x404/0x5d0 [ 720.908865][ C0] br_flood+0xa8e/0xf90 [ 720.908865][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 720.908865][ C0] ? brport_get_ownership+0xf0/0xf0 [ 720.908865][ C0] ? brport_get_ownership+0xf0/0xf0 [ 720.908865][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 720.908865][ C0] ? brport_get_ownership+0xf0/0xf0 [ 720.908865][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 720.908865][ C0] ? brport_get_ownership+0xf0/0xf0 [ 720.908865][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 720.908865][ C0] ? br_nf_pre_routing_ipv6+0x7f0/0x7f0 [ 720.908865][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 720.908865][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 720.908865][ C0] ? brnf_device_event+0x3c0/0x3c0 [ 720.908865][ C0] br_handle_frame+0xcd2/0x2050 [ 720.908865][ C0] ? brport_get_ownership+0xf0/0xf0 [ 720.908865][ C0] ? br_pass_frame_up+0x9c0/0x9c0 [ 720.908865][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 720.908865][ C0] ? ipv6_gro_receive+0x25e2/0x2960 [ 720.908865][ C0] ? ip_rcv_finish+0x400/0x400 [ 720.908865][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 720.908865][ C0] __netif_receive_skb_list_core+0x315/0x1380 [ 720.908865][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 720.908865][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 720.908865][ C0] netif_receive_skb_list_internal+0xf62/0x1620 [ 720.908865][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 720.908865][ C0] napi_gro_receive+0xae7/0xf90 [ 720.908865][ C0] gro_cell_poll+0x24c/0x400 [ 720.908865][ C0] ? gro_cells_init+0x510/0x510 [ 720.908865][ C0] net_rx_action+0x786/0x1aa0 [ 720.908865][ C0] ? net_tx_action+0xc30/0xc30 [ 720.908865][ C0] __do_softirq+0x311/0x83d [ 720.908865][ C0] ? ksoftirqd_should_run+0x30/0x30 [ 720.908865][ C0] ? takeover_tasklets+0x8f0/0x8f0 [ 720.908865][ C0] run_ksoftirqd+0x25/0x40 [ 720.908865][ C0] smpboot_thread_fn+0x493/0x980 [ 720.908865][ C0] kthread+0x4b5/0x4f0 [ 720.908865][ C0] ? cpu_report_death+0x180/0x180 [ 720.908865][ C0] ? kthread_blkcg+0xf0/0xf0 [ 720.908865][ C0] ret_from_fork+0x35/0x40 [ 720.908865][ C0] Uninit was stored to memory at: [ 720.908865][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 720.908865][ C0] __msan_chain_origin+0x50/0x90 [ 720.908865][ C0] __skb_clone+0x939/0x970 [ 720.908865][ C0] skb_clone+0x404/0x5d0 [ 720.908865][ C0] br_flood+0xa8e/0xf90 [ 720.908865][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 720.908865][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 720.908865][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 720.908865][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 720.908865][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 720.908865][ C0] br_handle_frame+0xcd2/0x2050 [ 720.908865][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 720.908865][ C0] __netif_receive_skb_list_core+0x315/0x1380 [ 720.908865][ C0] netif_receive_skb_list_internal+0xf62/0x1620 [ 720.908865][ C0] napi_gro_receive+0xae7/0xf90 [ 720.908865][ C0] gro_cell_poll+0x24c/0x400 [ 720.908865][ C0] net_rx_action+0x786/0x1aa0 [ 720.908865][ C0] __do_softirq+0x311/0x83d [ 720.908865][ C0] [ 720.908865][ C0] Uninit was stored to memory at: [ 720.908865][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 720.908865][ C0] __msan_chain_origin+0x50/0x90 [ 720.908865][ C0] __skb_clone+0x939/0x970 [ 720.908865][ C0] skb_clone+0x404/0x5d0 [ 720.908865][ C0] br_flood+0xa8e/0xf90 [ 720.908865][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 720.908865][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 720.908865][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 720.908865][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 720.908865][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 720.908865][ C0] br_handle_frame+0xcd2/0x2050 [ 720.908865][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 720.908865][ C0] __netif_receive_skb_list_core+0x315/0x1380 [ 720.908865][ C0] netif_receive_skb_list_internal+0xf62/0x1620 [ 720.908865][ C0] napi_gro_receive+0xae7/0xf90 [ 720.908865][ C0] gro_cell_poll+0x24c/0x400 [ 720.908865][ C0] net_rx_action+0x786/0x1aa0 [ 720.908865][ C0] __do_softirq+0x311/0x83d [ 720.908865][ C0] [ 720.908865][ C0] Uninit was stored to memory at: [ 720.908865][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 720.908865][ C0] __msan_chain_origin+0x50/0x90 [ 720.908865][ C0] __skb_clone+0x939/0x970 [ 720.908865][ C0] skb_clone+0x404/0x5d0 [ 720.908865][ C0] br_flood+0xa8e/0xf90 [ 720.908865][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 720.908865][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 720.908865][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 720.908865][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 720.908865][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 720.908865][ C0] br_handle_frame+0xcd2/0x2050 [ 720.908865][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 720.908865][ C0] __netif_receive_skb_list_core+0x315/0x1380 [ 720.908865][ C0] netif_receive_skb_list_internal+0xf62/0x1620 [ 720.908865][ C0] napi_gro_receive+0xae7/0xf90 [ 720.908865][ C0] gro_cell_poll+0x24c/0x400 [ 720.908865][ C0] net_rx_action+0x786/0x1aa0 [ 720.908865][ C0] __do_softirq+0x311/0x83d [ 720.908865][ C0] [ 720.908865][ C0] Uninit was stored to memory at: [ 720.908865][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 720.908865][ C0] __msan_chain_origin+0x50/0x90 [ 720.908865][ C0] __skb_clone+0x939/0x970 [ 720.908865][ C0] skb_clone+0x404/0x5d0 [ 720.908865][ C0] br_flood+0xa8e/0xf90 [ 720.908865][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 720.908865][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 720.908865][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 720.908865][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 720.908865][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 720.908865][ C0] br_handle_frame+0xcd2/0x2050 [ 720.908865][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 720.908865][ C0] __netif_receive_skb_list_core+0x315/0x1380 [ 720.908865][ C0] netif_receive_skb_list_internal+0xf62/0x1620 [ 720.908865][ C0] napi_gro_receive+0xae7/0xf90 [ 720.908865][ C0] gro_cell_poll+0x24c/0x400 [ 720.908865][ C0] net_rx_action+0x786/0x1aa0 [ 720.908865][ C0] __do_softirq+0x311/0x83d [ 720.908865][ C0] [ 720.908865][ C0] Uninit was stored to memory at: [ 720.908865][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 720.908865][ C0] __msan_chain_origin+0x50/0x90 [ 720.908865][ C0] pskb_expand_head+0x1750/0x1b00 [ 720.908865][ C0] geneve_build_skb+0x4c0/0xe00 [ 720.908865][ C0] geneve_xmit+0x25a3/0x2c20 [ 720.908865][ C0] dev_hard_start_xmit+0x531/0xab0 [ 720.908865][ C0] __dev_queue_xmit+0x2f8d/0x3b20 [ 720.908865][ C0] dev_queue_xmit+0x4b/0x60 [ 720.908865][ C0] br_dev_queue_push_xmit+0x7f5/0x8b0 [ 720.908865][ C0] br_nf_dev_queue_xmit+0x693/0x1910 [ 720.908865][ C0] br_nf_post_routing+0x152e/0x17e0 [ 720.908865][ C0] nf_hook_slow+0x16e/0x400 [ 720.908865][ C0] br_forward_finish+0x24a/0x3f0 [ 720.908865][ C0] br_nf_forward_finish+0xf47/0x11a0 [ 720.908865][ C0] br_nf_forward_ip+0x1d4e/0x1f30 [ 720.908865][ C0] nf_hook_slow+0x16e/0x400 [ 720.908865][ C0] __br_forward+0x75c/0xe30 [ 720.908865][ C0] br_flood+0xb0b/0xf90 [ 720.908865][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 720.908865][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 720.908865][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 720.908865][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 720.908865][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 720.908865][ C0] br_handle_frame+0xcd2/0x2050 [ 720.908865][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 720.908865][ C0] process_backlog+0x936/0x1410 [ 720.908865][ C0] net_rx_action+0x786/0x1aa0 [ 720.908865][ C0] __do_softirq+0x311/0x83d [ 720.908865][ C0] [ 720.908865][ C0] Uninit was stored to memory at: [ 720.908865][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 720.908865][ C0] __msan_chain_origin+0x50/0x90 [ 720.908865][ C0] __skb_clone+0x863/0x970 [ 720.908865][ C0] skb_clone+0x404/0x5d0 [ 720.908865][ C0] br_flood+0xa8e/0xf90 [ 720.908865][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 720.908865][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 720.908865][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 720.908865][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 720.908865][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 720.908865][ C0] br_handle_frame+0xcd2/0x2050 [ 720.908865][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 720.908865][ C0] process_backlog+0x936/0x1410 [ 720.908865][ C0] net_rx_action+0x786/0x1aa0 [ 720.908865][ C0] __do_softirq+0x311/0x83d [ 720.908865][ C0] [ 720.908865][ C0] Uninit was stored to memory at: [ 720.908865][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 720.908865][ C0] __msan_chain_origin+0x50/0x90 [ 720.908865][ C0] skb_clone+0x486/0x5d0 [ 720.908865][ C0] br_flood+0xa8e/0xf90 [ 720.908865][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 720.908865][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 720.908865][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 720.908865][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 720.908865][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 720.908865][ C0] br_handle_frame+0xcd2/0x2050 [ 720.908865][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 720.908865][ C0] process_backlog+0x936/0x1410 [ 720.908865][ C0] net_rx_action+0x786/0x1aa0 [ 720.908865][ C0] __do_softirq+0x311/0x83d [ 720.908865][ C0] [ 720.908865][ C0] Uninit was created at: [ 720.908865][ C0] kmsan_internal_poison_shadow+0x66/0xd0 [ 720.908865][ C0] kmsan_slab_alloc+0x8a/0xe0 [ 720.908865][ C0] kmem_cache_alloc+0x711/0xd70 [ 720.908865][ C0] skb_clone+0x328/0x5d0 [ 720.908865][ C0] br_flood+0xa8e/0xf90 [ 720.908865][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 720.908865][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 720.908865][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 720.908865][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 720.908865][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 720.908865][ C0] br_handle_frame+0xcd2/0x2050 [ 720.908865][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 720.908865][ C0] process_backlog+0x936/0x1410 [ 720.908865][ C0] net_rx_action+0x786/0x1aa0 [ 720.908865][ C0] __do_softirq+0x311/0x83d 00:13:28 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7}}) close(r0) write$tun(0xffffffffffffffff, 0x0, 0x0) 00:13:28 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(0x0) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 722.689954][T13807] binder: 13804:13807 ioctl c0306201 0 returned -14 [ 722.730503][T13807] binder: 13804:13807 ioctl c0306201 20000540 returned -14 00:13:29 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:13:29 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(0x0) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 729.143643][ C0] not chained 460000 origins [ 729.148816][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.6.0-rc7-syzkaller #0 [ 729.148912][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 729.148912][ C0] Call Trace: [ 729.148912][ C0] dump_stack+0x1c9/0x220 [ 729.148912][ C0] kmsan_internal_chain_origin+0x6f/0x130 [ 729.148912][ C0] ? kmsan_internal_chain_origin+0xad/0x130 [ 729.148912][ C0] ? __msan_chain_origin+0x50/0x90 [ 729.148912][ C0] ? __skb_clone+0x863/0x970 [ 729.148912][ C0] ? skb_clone+0x404/0x5d0 [ 729.148912][ C0] ? br_flood+0xd14/0xf90 [ 729.148912][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 729.148912][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 729.148912][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 729.148912][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 729.148912][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 729.148912][ C0] ? br_handle_frame+0xcd2/0x2050 [ 729.148912][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 729.148912][ C0] ? process_backlog+0x936/0x1410 [ 729.148912][ C0] ? net_rx_action+0x786/0x1aa0 [ 729.148912][ C0] ? __do_softirq+0x311/0x83d [ 729.148912][ C0] ? run_ksoftirqd+0x25/0x40 [ 729.148912][ C0] ? smpboot_thread_fn+0x493/0x980 [ 729.148912][ C0] ? kthread+0x4b5/0x4f0 [ 729.148912][ C0] ? ret_from_fork+0x35/0x40 [ 729.148912][ C0] ? __msan_chain_origin+0x50/0x90 [ 729.148912][ C0] ? skb_clone+0x486/0x5d0 [ 729.148912][ C0] ? br_flood+0xd14/0xf90 [ 729.148912][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 729.148912][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 729.148912][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 729.148912][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 729.148912][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 729.148912][ C0] ? br_handle_frame+0xcd2/0x2050 [ 729.148912][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 729.148912][ C0] ? process_backlog+0x936/0x1410 [ 729.148912][ C0] ? net_rx_action+0x786/0x1aa0 [ 729.148912][ C0] ? __do_softirq+0x311/0x83d [ 729.148912][ C0] ? run_ksoftirqd+0x25/0x40 [ 729.148912][ C0] ? smpboot_thread_fn+0x493/0x980 [ 729.148912][ C0] ? kthread+0x4b5/0x4f0 [ 729.148912][ C0] ? ret_from_fork+0x35/0x40 [ 729.148912][ C0] ? kmsan_memcpy_memmove_metadata+0x10c/0x2e0 [ 729.148912][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 729.148912][ C0] ? kmsan_set_origin_checked+0x95/0xf0 [ 729.148912][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 729.148912][ C0] __msan_chain_origin+0x50/0x90 [ 729.148912][ C0] __skb_clone+0x939/0x970 [ 729.148912][ C0] skb_clone+0x404/0x5d0 [ 729.148912][ C0] br_flood+0xd14/0xf90 [ 729.148912][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 729.148912][ C0] ? brport_get_ownership+0xf0/0xf0 [ 729.148912][ C0] ? brport_get_ownership+0xf0/0xf0 [ 729.148912][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 729.148912][ C0] ? brport_get_ownership+0xf0/0xf0 [ 729.148912][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 729.148912][ C0] ? brport_get_ownership+0xf0/0xf0 [ 729.148912][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 729.148912][ C0] ? br_nf_pre_routing_ipv6+0x7f0/0x7f0 [ 729.148912][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 729.148912][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 729.148912][ C0] ? brnf_device_event+0x3c0/0x3c0 [ 729.148912][ C0] br_handle_frame+0xcd2/0x2050 [ 729.148912][ C0] ? brport_get_ownership+0xf0/0xf0 [ 729.148912][ C0] ? br_pass_frame_up+0x9c0/0x9c0 [ 729.148912][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 729.492114][ C0] ? __msan_poison_alloca+0xf0/0x120 [ 729.492114][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 729.492114][ C0] process_backlog+0x936/0x1410 [ 729.492114][ C0] ? ip_local_deliver_finish+0x350/0x350 [ 729.492114][ C0] ? rps_trigger_softirq+0x2e0/0x2e0 [ 729.492114][ C0] net_rx_action+0x786/0x1aa0 [ 729.492114][ C0] ? net_tx_action+0xc30/0xc30 [ 729.492114][ C0] __do_softirq+0x311/0x83d [ 729.492114][ C0] ? ksoftirqd_should_run+0x30/0x30 [ 729.492114][ C0] ? takeover_tasklets+0x8f0/0x8f0 [ 729.492114][ C0] run_ksoftirqd+0x25/0x40 [ 729.492114][ C0] smpboot_thread_fn+0x493/0x980 [ 729.492114][ C0] kthread+0x4b5/0x4f0 [ 729.492114][ C0] ? cpu_report_death+0x180/0x180 [ 729.492114][ C0] ? kthread_blkcg+0xf0/0xf0 [ 729.492114][ C0] ret_from_fork+0x35/0x40 [ 729.492114][ C0] Uninit was stored to memory at: [ 729.492114][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 729.492114][ C0] __msan_chain_origin+0x50/0x90 [ 729.492114][ C0] __skb_clone+0x939/0x970 [ 729.492114][ C0] skb_clone+0x404/0x5d0 [ 729.492114][ C0] br_flood+0xa8e/0xf90 [ 729.492114][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 729.492114][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 729.492114][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 729.492114][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 729.492114][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 729.492114][ C0] br_handle_frame+0xcd2/0x2050 [ 729.492114][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 729.492114][ C0] process_backlog+0x936/0x1410 [ 729.492114][ C0] net_rx_action+0x786/0x1aa0 [ 729.492114][ C0] __do_softirq+0x311/0x83d [ 729.492114][ C0] [ 729.492114][ C0] Uninit was stored to memory at: [ 729.492114][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 729.492114][ C0] __msan_chain_origin+0x50/0x90 [ 729.492114][ C0] __skb_clone+0x939/0x970 [ 729.492114][ C0] skb_clone+0x404/0x5d0 [ 729.492114][ C0] br_flood+0xa8e/0xf90 [ 729.492114][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 729.492114][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 729.492114][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 729.492114][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 729.492114][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 729.492114][ C0] br_handle_frame+0xcd2/0x2050 [ 729.492114][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 729.492114][ C0] process_backlog+0x936/0x1410 [ 729.492114][ C0] net_rx_action+0x786/0x1aa0 [ 729.492114][ C0] __do_softirq+0x311/0x83d [ 729.492114][ C0] [ 729.492114][ C0] Uninit was stored to memory at: [ 729.492114][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 729.492114][ C0] __msan_chain_origin+0x50/0x90 [ 729.492114][ C0] __skb_clone+0x939/0x970 [ 729.492114][ C0] skb_clone+0x404/0x5d0 [ 729.492114][ C0] br_flood+0xa8e/0xf90 [ 729.492114][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 729.492114][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 729.492114][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 729.492114][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 729.492114][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 729.492114][ C0] br_handle_frame+0xcd2/0x2050 [ 729.492114][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 729.492114][ C0] process_backlog+0x936/0x1410 [ 729.492114][ C0] net_rx_action+0x786/0x1aa0 [ 729.492114][ C0] __do_softirq+0x311/0x83d [ 729.492114][ C0] [ 729.492114][ C0] Uninit was stored to memory at: [ 729.492114][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 729.492114][ C0] __msan_chain_origin+0x50/0x90 [ 729.492114][ C0] __skb_clone+0x939/0x970 [ 729.492114][ C0] skb_clone+0x404/0x5d0 [ 729.492114][ C0] br_flood+0xa8e/0xf90 [ 729.492114][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 729.492114][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 729.492114][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 729.492114][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 729.492114][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 729.492114][ C0] br_handle_frame+0xcd2/0x2050 [ 729.492114][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 729.492114][ C0] process_backlog+0x936/0x1410 [ 729.492114][ C0] net_rx_action+0x786/0x1aa0 [ 729.492114][ C0] __do_softirq+0x311/0x83d [ 729.492114][ C0] [ 729.492114][ C0] Uninit was stored to memory at: [ 729.492114][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 729.492114][ C0] __msan_chain_origin+0x50/0x90 [ 729.492114][ C0] __skb_clone+0x939/0x970 [ 729.492114][ C0] skb_clone+0x404/0x5d0 [ 729.492114][ C0] br_flood+0xa8e/0xf90 [ 729.492114][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 729.492114][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 729.492114][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 729.492114][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 729.492114][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 729.492114][ C0] br_handle_frame+0xcd2/0x2050 [ 729.492114][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 729.492114][ C0] process_backlog+0x936/0x1410 [ 729.492114][ C0] net_rx_action+0x786/0x1aa0 [ 729.492114][ C0] __do_softirq+0x311/0x83d [ 729.492114][ C0] [ 729.492114][ C0] Uninit was stored to memory at: [ 729.492114][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 729.492114][ C0] __msan_chain_origin+0x50/0x90 [ 729.492114][ C0] __skb_clone+0x863/0x970 [ 729.492114][ C0] skb_clone+0x404/0x5d0 [ 729.492114][ C0] br_flood+0xd14/0xf90 [ 729.492114][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 729.492114][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 729.492114][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 729.492114][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 729.492114][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 729.492114][ C0] br_handle_frame+0xcd2/0x2050 [ 729.492114][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 729.492114][ C0] process_backlog+0x936/0x1410 [ 729.492114][ C0] net_rx_action+0x786/0x1aa0 [ 729.492114][ C0] __do_softirq+0x311/0x83d [ 729.492114][ C0] [ 729.492114][ C0] Uninit was stored to memory at: [ 729.492114][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 729.492114][ C0] __msan_chain_origin+0x50/0x90 [ 729.492114][ C0] skb_clone+0x486/0x5d0 [ 729.492114][ C0] br_flood+0xd14/0xf90 [ 729.492114][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 729.492114][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 729.492114][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 729.492114][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 729.492114][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 729.492114][ C0] br_handle_frame+0xcd2/0x2050 [ 729.492114][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 729.492114][ C0] process_backlog+0x936/0x1410 [ 729.492114][ C0] net_rx_action+0x786/0x1aa0 [ 729.492114][ C0] __do_softirq+0x311/0x83d [ 729.492114][ C0] [ 729.492114][ C0] Uninit was created at: [ 729.492114][ C0] kmsan_internal_poison_shadow+0x66/0xd0 [ 729.492114][ C0] kmsan_slab_alloc+0x8a/0xe0 [ 729.492114][ C0] kmem_cache_alloc+0x711/0xd70 [ 729.492114][ C0] skb_clone+0x328/0x5d0 [ 729.492114][ C0] br_flood+0xd14/0xf90 [ 729.492114][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 729.492114][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 729.492114][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 729.492114][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 729.492114][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 729.492114][ C0] br_handle_frame+0xcd2/0x2050 [ 729.492114][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 729.492114][ C0] process_backlog+0x936/0x1410 [ 729.492114][ C0] net_rx_action+0x786/0x1aa0 [ 729.492114][ C0] __do_softirq+0x311/0x83d 00:13:40 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, 0x0, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:13:40 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:13:40 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:13:40 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:13:40 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 734.653354][T13857] binder: 13847:13857 ioctl c0306201 0 returned -14 [ 734.733780][T13858] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. 00:13:40 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 734.783123][T13860] binder: 13847:13860 ioctl c0306201 20000540 returned -14 [ 734.817337][T13869] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:13:41 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:13:41 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) [ 735.867580][ C1] not chained 470000 origins [ 735.868863][ C1] CPU: 1 PID: 12727 Comm: kworker/u4:0 Not tainted 5.6.0-rc7-syzkaller #0 [ 735.868863][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 735.868863][ C1] Workqueue: bat_events batadv_mcast_mla_update [ 735.868863][ C1] Call Trace: [ 735.868863][ C1] [ 735.868863][ C1] dump_stack+0x1c9/0x220 [ 735.907468][ C1] kmsan_internal_chain_origin+0x6f/0x130 [ 735.907468][ C1] ? kmsan_internal_chain_origin+0xad/0x130 [ 735.907468][ C1] ? __msan_chain_origin+0x50/0x90 [ 735.907468][ C1] ? __skb_clone+0x863/0x970 [ 735.907468][ C1] ? skb_clone+0x404/0x5d0 [ 735.907468][ C1] ? br_flood+0xd14/0xf90 [ 735.907468][ C1] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 735.907468][ C1] ? br_nf_hook_thresh+0x4f7/0x680 [ 735.907468][ C1] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 735.907468][ C1] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 735.956759][ C1] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 735.956759][ C1] ? br_handle_frame+0xcd2/0x2050 [ 735.956759][ C1] ? __netif_receive_skb_core+0x21de/0x5840 [ 735.956759][ C1] ? process_backlog+0x936/0x1410 [ 735.956759][ C1] ? net_rx_action+0x786/0x1aa0 [ 735.956759][ C1] ? __do_softirq+0x311/0x83d [ 735.956759][ C1] ? do_softirq_own_stack+0x49/0x80 [ 735.956759][ C1] ? __local_bh_enable_ip+0x184/0x1d0 [ 735.956759][ C1] ? _raw_read_unlock_bh+0x5d/0x80 [ 735.956759][ C1] ? batadv_mcast_mla_update+0x25a2/0x5510 [ 735.956759][ C1] ? process_one_work+0x1555/0x1f40 [ 735.956759][ C1] ? worker_thread+0xef6/0x2450 [ 735.956759][ C1] ? kthread+0x4b5/0x4f0 [ 735.956759][ C1] ? ret_from_fork+0x35/0x40 [ 735.956759][ C1] ? br_nf_hook_thresh+0x4f7/0x680 [ 735.956759][ C1] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 735.956759][ C1] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 735.956759][ C1] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 735.956759][ C1] ? br_handle_frame+0xcd2/0x2050 [ 735.956759][ C1] ? __netif_receive_skb_core+0x21de/0x5840 [ 735.956759][ C1] ? process_backlog+0x936/0x1410 [ 735.956759][ C1] ? net_rx_action+0x786/0x1aa0 [ 735.956759][ C1] ? __do_softirq+0x311/0x83d [ 735.956759][ C1] ? do_softirq_own_stack+0x49/0x80 [ 735.956759][ C1] ? __local_bh_enable_ip+0x184/0x1d0 [ 735.956759][ C1] ? _raw_read_unlock_bh+0x5d/0x80 [ 735.956759][ C1] ? batadv_mcast_mla_update+0x25a2/0x5510 [ 735.956759][ C1] ? kmsan_memcpy_memmove_metadata+0x10c/0x2e0 [ 735.956759][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 735.956759][ C1] ? kmsan_set_origin_checked+0x95/0xf0 [ 735.956759][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 735.956759][ C1] __msan_chain_origin+0x50/0x90 [ 735.956759][ C1] __skb_clone+0x939/0x970 [ 735.956759][ C1] skb_clone+0x404/0x5d0 [ 735.956759][ C1] br_flood+0xd14/0xf90 [ 735.956759][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 735.956759][ C1] ? brport_get_ownership+0xf0/0xf0 [ 735.956759][ C1] ? brport_get_ownership+0xf0/0xf0 [ 735.956759][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 735.956759][ C1] ? brport_get_ownership+0xf0/0xf0 [ 735.956759][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 735.956759][ C1] ? brport_get_ownership+0xf0/0xf0 [ 735.956759][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 735.956759][ C1] ? br_nf_pre_routing_ipv6+0x7f0/0x7f0 [ 735.956759][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 735.956759][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 735.956759][ C1] ? brnf_device_event+0x3c0/0x3c0 [ 735.956759][ C1] br_handle_frame+0xcd2/0x2050 [ 735.956759][ C1] ? brport_get_ownership+0xf0/0xf0 [ 735.956759][ C1] ? br_pass_frame_up+0x9c0/0x9c0 [ 735.956759][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 735.956759][ C1] ? __msan_poison_alloca+0xf0/0x120 [ 735.956759][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 735.956759][ C1] process_backlog+0x936/0x1410 [ 735.956759][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 735.956759][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 735.956759][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 735.956759][ C1] ? rps_trigger_softirq+0x2e0/0x2e0 [ 735.956759][ C1] net_rx_action+0x786/0x1aa0 [ 735.956759][ C1] ? net_tx_action+0xc30/0xc30 [ 735.956759][ C1] __do_softirq+0x311/0x83d [ 735.956759][ C1] do_softirq_own_stack+0x49/0x80 [ 735.956759][ C1] [ 735.956759][ C1] __local_bh_enable_ip+0x184/0x1d0 [ 735.956759][ C1] _raw_read_unlock_bh+0x5d/0x80 [ 735.956759][ C1] batadv_mcast_mla_update+0x25a2/0x5510 [ 735.956759][ C1] ? batadv_mcast_tvlv_ogm_handler+0x5f0/0x5f0 [ 735.956759][ C1] process_one_work+0x1555/0x1f40 [ 735.956759][ C1] worker_thread+0xef6/0x2450 [ 735.956759][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 735.956759][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 735.956759][ C1] kthread+0x4b5/0x4f0 [ 735.956759][ C1] ? process_one_work+0x1f40/0x1f40 [ 735.956759][ C1] ? kthread_blkcg+0xf0/0xf0 [ 735.956759][ C1] ret_from_fork+0x35/0x40 [ 735.956759][ C1] Uninit was stored to memory at: [ 735.956759][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 735.956759][ C1] __msan_chain_origin+0x50/0x90 [ 735.956759][ C1] __skb_clone+0x939/0x970 [ 735.956759][ C1] skb_clone+0x404/0x5d0 [ 735.956759][ C1] br_flood+0xa8e/0xf90 [ 735.956759][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 735.956759][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 735.956759][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 735.956759][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 735.956759][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 735.956759][ C1] br_handle_frame+0xcd2/0x2050 [ 735.956759][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 735.956759][ C1] process_backlog+0x936/0x1410 [ 735.956759][ C1] net_rx_action+0x786/0x1aa0 [ 735.956759][ C1] __do_softirq+0x311/0x83d [ 735.956759][ C1] [ 735.956759][ C1] Uninit was stored to memory at: [ 735.956759][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 735.956759][ C1] __msan_chain_origin+0x50/0x90 [ 735.956759][ C1] __skb_clone+0x939/0x970 [ 735.956759][ C1] skb_clone+0x404/0x5d0 [ 735.956759][ C1] br_flood+0xa8e/0xf90 [ 735.956759][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 735.956759][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 735.956759][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 735.956759][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 735.956759][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 735.956759][ C1] br_handle_frame+0xcd2/0x2050 [ 735.956759][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 735.956759][ C1] process_backlog+0x936/0x1410 [ 735.956759][ C1] net_rx_action+0x786/0x1aa0 [ 735.956759][ C1] __do_softirq+0x311/0x83d [ 735.956759][ C1] [ 735.956759][ C1] Uninit was stored to memory at: [ 735.956759][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 735.956759][ C1] __msan_chain_origin+0x50/0x90 [ 735.956759][ C1] __skb_clone+0x939/0x970 [ 735.956759][ C1] skb_clone+0x404/0x5d0 [ 735.956759][ C1] br_flood+0xa8e/0xf90 [ 735.956759][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 735.956759][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 735.956759][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 735.956759][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 735.956759][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 735.956759][ C1] br_handle_frame+0xcd2/0x2050 [ 735.956759][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 735.956759][ C1] process_backlog+0x936/0x1410 [ 735.956759][ C1] net_rx_action+0x786/0x1aa0 [ 735.956759][ C1] __do_softirq+0x311/0x83d [ 735.956759][ C1] [ 735.956759][ C1] Uninit was stored to memory at: [ 735.956759][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 735.956759][ C1] __msan_chain_origin+0x50/0x90 [ 735.956759][ C1] __skb_clone+0x939/0x970 [ 735.956759][ C1] skb_clone+0x404/0x5d0 [ 735.956759][ C1] br_flood+0xa8e/0xf90 [ 735.956759][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 735.956759][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 735.956759][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 735.956759][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 735.956759][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 735.956759][ C1] br_handle_frame+0xcd2/0x2050 [ 735.956759][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 735.956759][ C1] process_backlog+0x936/0x1410 [ 735.956759][ C1] net_rx_action+0x786/0x1aa0 [ 735.956759][ C1] __do_softirq+0x311/0x83d [ 735.956759][ C1] [ 735.956759][ C1] Uninit was stored to memory at: [ 735.956759][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 735.956759][ C1] __msan_chain_origin+0x50/0x90 [ 735.956759][ C1] __skb_clone+0x939/0x970 [ 735.956759][ C1] skb_clone+0x404/0x5d0 [ 735.956759][ C1] br_flood+0xa8e/0xf90 [ 735.956759][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 735.956759][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 735.956759][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 735.956759][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 735.956759][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 735.956759][ C1] br_handle_frame+0xcd2/0x2050 [ 735.956759][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 735.956759][ C1] process_backlog+0x936/0x1410 [ 735.956759][ C1] net_rx_action+0x786/0x1aa0 [ 735.956759][ C1] __do_softirq+0x311/0x83d [ 735.956759][ C1] [ 735.956759][ C1] Uninit was stored to memory at: [ 735.956759][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 735.956759][ C1] __msan_chain_origin+0x50/0x90 [ 735.956759][ C1] __skb_clone+0x863/0x970 [ 735.956759][ C1] skb_clone+0x404/0x5d0 [ 735.956759][ C1] br_flood+0xa8e/0xf90 [ 735.956759][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 735.956759][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 735.956759][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 735.956759][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 735.956759][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 735.956759][ C1] br_handle_frame+0xcd2/0x2050 [ 735.956759][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 735.956759][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 735.956759][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 735.956759][ C1] napi_complete_done+0x2ef/0xb60 [ 735.956759][ C1] gro_cell_poll+0x3a9/0x400 [ 735.956759][ C1] net_rx_action+0x786/0x1aa0 [ 735.956759][ C1] __do_softirq+0x311/0x83d [ 735.956759][ C1] [ 735.956759][ C1] Uninit was stored to memory at: [ 735.956759][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 735.956759][ C1] __msan_chain_origin+0x50/0x90 [ 735.956759][ C1] skb_clone+0x486/0x5d0 [ 735.956759][ C1] br_flood+0xa8e/0xf90 [ 735.956759][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 735.956759][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 735.956759][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 735.956759][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 735.956759][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 735.956759][ C1] br_handle_frame+0xcd2/0x2050 [ 735.956759][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 735.956759][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 735.956759][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 735.956759][ C1] napi_complete_done+0x2ef/0xb60 [ 735.956759][ C1] gro_cell_poll+0x3a9/0x400 [ 735.956759][ C1] net_rx_action+0x786/0x1aa0 [ 735.956759][ C1] __do_softirq+0x311/0x83d [ 735.956759][ C1] [ 735.956759][ C1] Uninit was created at: [ 735.956759][ C1] kmsan_internal_poison_shadow+0x66/0xd0 [ 735.956759][ C1] kmsan_slab_alloc+0x8a/0xe0 [ 735.956759][ C1] kmem_cache_alloc+0x711/0xd70 [ 735.956759][ C1] skb_clone+0x328/0x5d0 [ 735.956759][ C1] br_flood+0xa8e/0xf90 [ 735.956759][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 735.956759][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 735.956759][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 735.956759][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 735.956759][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 735.956759][ C1] br_handle_frame+0xcd2/0x2050 [ 735.956759][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 735.956759][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 735.956759][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 735.956759][ C1] napi_complete_done+0x2ef/0xb60 [ 735.956759][ C1] gro_cell_poll+0x3a9/0x400 [ 735.956759][ C1] net_rx_action+0x786/0x1aa0 [ 735.956759][ C1] __do_softirq+0x311/0x83d [ 737.349316][T13896] binder: 13890:13896 ioctl c0306201 20000280 returned -14 [ 737.366024][T13896] binder: 13890:13896 ioctl c0306201 20000540 returned -14 [ 742.695449][ C1] not chained 480000 origins [ 742.698836][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.6.0-rc7-syzkaller #0 [ 742.698836][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 742.698836][ C1] Call Trace: [ 742.698836][ C1] dump_stack+0x1c9/0x220 [ 742.698836][ C1] kmsan_internal_chain_origin+0x6f/0x130 [ 742.698836][ C1] ? kmsan_internal_chain_origin+0xad/0x130 [ 742.698836][ C1] ? __msan_chain_origin+0x50/0x90 [ 742.698836][ C1] ? __skb_clone+0x863/0x970 [ 742.698836][ C1] ? skb_clone+0x404/0x5d0 [ 742.698836][ C1] ? br_flood+0xa8e/0xf90 [ 742.698836][ C1] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 742.698836][ C1] ? br_nf_hook_thresh+0x4f7/0x680 [ 742.698836][ C1] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 742.698836][ C1] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 742.698836][ C1] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 742.698836][ C1] ? br_handle_frame+0xcd2/0x2050 [ 742.698836][ C1] ? __netif_receive_skb_core+0x21de/0x5840 [ 742.698836][ C1] ? process_backlog+0x936/0x1410 [ 742.698836][ C1] ? net_rx_action+0x786/0x1aa0 [ 742.698836][ C1] ? __do_softirq+0x311/0x83d [ 742.698836][ C1] ? run_ksoftirqd+0x25/0x40 [ 742.698836][ C1] ? smpboot_thread_fn+0x493/0x980 [ 742.698836][ C1] ? kthread+0x4b5/0x4f0 [ 742.698836][ C1] ? ret_from_fork+0x35/0x40 [ 742.698836][ C1] ? __msan_chain_origin+0x50/0x90 [ 742.698836][ C1] ? skb_clone+0x486/0x5d0 [ 742.698836][ C1] ? br_flood+0xa8e/0xf90 [ 742.698836][ C1] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 742.698836][ C1] ? br_nf_hook_thresh+0x4f7/0x680 [ 742.698836][ C1] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 742.698836][ C1] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 742.698836][ C1] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 742.698836][ C1] ? br_handle_frame+0xcd2/0x2050 [ 742.698836][ C1] ? __netif_receive_skb_core+0x21de/0x5840 [ 742.698836][ C1] ? process_backlog+0x936/0x1410 [ 742.698836][ C1] ? net_rx_action+0x786/0x1aa0 [ 742.698836][ C1] ? __do_softirq+0x311/0x83d [ 742.698836][ C1] ? run_ksoftirqd+0x25/0x40 [ 742.698836][ C1] ? smpboot_thread_fn+0x493/0x980 [ 742.698836][ C1] ? kthread+0x4b5/0x4f0 [ 742.698836][ C1] ? ret_from_fork+0x35/0x40 [ 742.698836][ C1] ? kmsan_memcpy_memmove_metadata+0x10c/0x2e0 [ 742.698836][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 742.698836][ C1] ? kmsan_set_origin_checked+0x95/0xf0 [ 742.698836][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 742.698836][ C1] __msan_chain_origin+0x50/0x90 [ 742.698836][ C1] __skb_clone+0x939/0x970 [ 742.698836][ C1] skb_clone+0x404/0x5d0 [ 742.698836][ C1] br_flood+0xa8e/0xf90 [ 742.698836][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 742.698836][ C1] ? brport_get_ownership+0xf0/0xf0 [ 742.698836][ C1] ? brport_get_ownership+0xf0/0xf0 [ 742.698836][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 742.698836][ C1] ? brport_get_ownership+0xf0/0xf0 [ 742.698836][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 742.698836][ C1] ? brport_get_ownership+0xf0/0xf0 [ 742.698836][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 742.698836][ C1] ? br_nf_pre_routing_ipv6+0x7f0/0x7f0 [ 742.698836][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 742.698836][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 742.698836][ C1] ? brnf_device_event+0x3c0/0x3c0 [ 742.698836][ C1] br_handle_frame+0xcd2/0x2050 [ 742.698836][ C1] ? brport_get_ownership+0xf0/0xf0 [ 742.698836][ C1] ? br_pass_frame_up+0x9c0/0x9c0 [ 742.698836][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 742.698836][ C1] ? __msan_poison_alloca+0xf0/0x120 [ 742.698836][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 742.698836][ C1] process_backlog+0x936/0x1410 [ 742.698836][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 742.698836][ C1] ? ip_local_deliver_finish+0x350/0x350 [ 742.698836][ C1] ? rps_trigger_softirq+0x2e0/0x2e0 [ 742.698836][ C1] net_rx_action+0x786/0x1aa0 [ 742.698836][ C1] ? net_tx_action+0xc30/0xc30 [ 742.698836][ C1] __do_softirq+0x311/0x83d [ 742.698836][ C1] ? ksoftirqd_should_run+0x30/0x30 [ 742.698836][ C1] ? takeover_tasklets+0x8f0/0x8f0 [ 742.698836][ C1] run_ksoftirqd+0x25/0x40 [ 742.698836][ C1] smpboot_thread_fn+0x493/0x980 [ 742.698836][ C1] kthread+0x4b5/0x4f0 [ 742.698836][ C1] ? cpu_report_death+0x180/0x180 [ 742.698836][ C1] ? kthread_blkcg+0xf0/0xf0 [ 742.698836][ C1] ret_from_fork+0x35/0x40 [ 742.698836][ C1] Uninit was stored to memory at: [ 742.698836][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 742.698836][ C1] __msan_chain_origin+0x50/0x90 [ 742.698836][ C1] __skb_clone+0x939/0x970 [ 742.698836][ C1] skb_clone+0x404/0x5d0 [ 742.698836][ C1] br_flood+0xa8e/0xf90 [ 742.698836][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 742.698836][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 742.698836][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 742.698836][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 742.698836][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 742.698836][ C1] br_handle_frame+0xcd2/0x2050 [ 742.698836][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 742.698836][ C1] process_backlog+0x936/0x1410 [ 742.698836][ C1] net_rx_action+0x786/0x1aa0 [ 742.698836][ C1] __do_softirq+0x311/0x83d [ 742.698836][ C1] [ 742.698836][ C1] Uninit was stored to memory at: [ 742.698836][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 742.698836][ C1] __msan_chain_origin+0x50/0x90 [ 742.698836][ C1] __skb_clone+0x939/0x970 [ 742.698836][ C1] skb_clone+0x404/0x5d0 [ 742.698836][ C1] br_flood+0xa8e/0xf90 [ 742.698836][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 742.698836][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 742.698836][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 742.698836][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 742.698836][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 742.698836][ C1] br_handle_frame+0xcd2/0x2050 [ 742.698836][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 742.698836][ C1] process_backlog+0x936/0x1410 [ 742.698836][ C1] net_rx_action+0x786/0x1aa0 [ 742.698836][ C1] __do_softirq+0x311/0x83d [ 742.698836][ C1] [ 742.698836][ C1] Uninit was stored to memory at: [ 742.698836][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 742.698836][ C1] __msan_chain_origin+0x50/0x90 [ 742.698836][ C1] __skb_clone+0x939/0x970 [ 742.698836][ C1] skb_clone+0x404/0x5d0 [ 742.698836][ C1] br_flood+0xa8e/0xf90 [ 742.698836][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 742.698836][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 742.698836][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 742.698836][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 742.698836][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 742.698836][ C1] br_handle_frame+0xcd2/0x2050 [ 742.698836][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 742.698836][ C1] process_backlog+0x936/0x1410 [ 742.698836][ C1] net_rx_action+0x786/0x1aa0 [ 742.698836][ C1] __do_softirq+0x311/0x83d [ 742.698836][ C1] [ 742.698836][ C1] Uninit was stored to memory at: [ 742.698836][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 742.698836][ C1] __msan_chain_origin+0x50/0x90 [ 742.698836][ C1] __skb_clone+0x939/0x970 [ 742.698836][ C1] skb_clone+0x404/0x5d0 [ 742.698836][ C1] br_flood+0xa8e/0xf90 [ 742.698836][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 742.698836][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 742.698836][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 742.698836][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 742.698836][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 742.698836][ C1] br_handle_frame+0xcd2/0x2050 [ 742.698836][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 742.698836][ C1] process_backlog+0x936/0x1410 [ 742.698836][ C1] net_rx_action+0x786/0x1aa0 [ 742.698836][ C1] __do_softirq+0x311/0x83d [ 742.698836][ C1] [ 742.698836][ C1] Uninit was stored to memory at: [ 742.698836][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 742.698836][ C1] __msan_chain_origin+0x50/0x90 [ 742.698836][ C1] __skb_clone+0x939/0x970 [ 742.698836][ C1] skb_clone+0x404/0x5d0 [ 742.698836][ C1] br_flood+0xa8e/0xf90 [ 742.698836][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 742.698836][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 742.698836][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 742.698836][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 742.698836][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 742.698836][ C1] br_handle_frame+0xcd2/0x2050 [ 742.698836][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 742.698836][ C1] process_backlog+0x936/0x1410 [ 742.698836][ C1] net_rx_action+0x786/0x1aa0 [ 742.698836][ C1] __do_softirq+0x311/0x83d [ 742.698836][ C1] [ 742.698836][ C1] Uninit was stored to memory at: [ 742.698836][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 742.698836][ C1] __msan_chain_origin+0x50/0x90 [ 742.698836][ C1] __skb_clone+0x863/0x970 [ 742.698836][ C1] skb_clone+0x404/0x5d0 [ 742.698836][ C1] br_flood+0xd14/0xf90 [ 742.698836][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 742.698836][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 742.698836][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 742.698836][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 742.698836][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 742.698836][ C1] br_handle_frame+0xcd2/0x2050 [ 742.698836][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 742.698836][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 742.698836][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 742.698836][ C1] napi_gro_receive+0xae7/0xf90 [ 742.698836][ C1] gro_cell_poll+0x24c/0x400 [ 742.698836][ C1] net_rx_action+0x786/0x1aa0 [ 742.698836][ C1] __do_softirq+0x311/0x83d [ 742.698836][ C1] [ 742.698836][ C1] Uninit was stored to memory at: [ 742.698836][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 742.698836][ C1] __msan_chain_origin+0x50/0x90 [ 742.698836][ C1] skb_clone+0x486/0x5d0 [ 742.698836][ C1] br_flood+0xd14/0xf90 [ 742.698836][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 742.698836][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 742.698836][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 742.698836][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 742.698836][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 742.698836][ C1] br_handle_frame+0xcd2/0x2050 [ 742.698836][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 742.698836][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 742.698836][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 742.698836][ C1] napi_gro_receive+0xae7/0xf90 [ 742.698836][ C1] gro_cell_poll+0x24c/0x400 [ 742.698836][ C1] net_rx_action+0x786/0x1aa0 [ 742.698836][ C1] __do_softirq+0x311/0x83d [ 742.698836][ C1] [ 742.698836][ C1] Uninit was created at: [ 742.698836][ C1] kmsan_internal_poison_shadow+0x66/0xd0 [ 742.698836][ C1] kmsan_slab_alloc+0x8a/0xe0 [ 742.698836][ C1] kmem_cache_alloc+0x711/0xd70 [ 742.698836][ C1] skb_clone+0x328/0x5d0 [ 742.698836][ C1] br_flood+0xd14/0xf90 [ 742.698836][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 742.698836][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 742.698836][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 742.698836][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 742.698836][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 742.698836][ C1] br_handle_frame+0xcd2/0x2050 [ 742.698836][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 742.698836][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 742.698836][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 742.698836][ C1] napi_gro_receive+0xae7/0xf90 [ 742.698836][ C1] gro_cell_poll+0x24c/0x400 [ 742.698836][ C1] net_rx_action+0x786/0x1aa0 [ 742.698836][ C1] __do_softirq+0x311/0x83d [ 748.474004][ C1] not chained 490000 origins [ 748.478684][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.6.0-rc7-syzkaller #0 [ 748.478859][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 748.478859][ C1] Call Trace: [ 748.478859][ C1] dump_stack+0x1c9/0x220 [ 748.478859][ C1] kmsan_internal_chain_origin+0x6f/0x130 [ 748.478859][ C1] ? kmsan_internal_chain_origin+0xad/0x130 [ 748.478859][ C1] ? __msan_chain_origin+0x50/0x90 [ 748.478859][ C1] ? __skb_clone+0x863/0x970 [ 748.478859][ C1] ? skb_clone+0x404/0x5d0 [ 748.478859][ C1] ? br_flood+0xa8e/0xf90 [ 748.478859][ C1] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 748.478859][ C1] ? br_nf_hook_thresh+0x4f7/0x680 [ 748.478859][ C1] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 748.478859][ C1] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 748.478859][ C1] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 748.478859][ C1] ? br_handle_frame+0xcd2/0x2050 [ 748.478859][ C1] ? __netif_receive_skb_core+0x21de/0x5840 [ 748.478859][ C1] ? __netif_receive_skb_list_core+0x315/0x1380 [ 748.478859][ C1] ? netif_receive_skb_list_internal+0xf62/0x1620 [ 748.478859][ C1] ? napi_gro_receive+0xae7/0xf90 [ 748.478859][ C1] ? gro_cell_poll+0x24c/0x400 [ 748.478859][ C1] ? net_rx_action+0x786/0x1aa0 [ 748.478859][ C1] ? __do_softirq+0x311/0x83d [ 748.478859][ C1] ? run_ksoftirqd+0x25/0x40 [ 748.478859][ C1] ? smpboot_thread_fn+0x493/0x980 [ 748.478859][ C1] ? kthread+0x4b5/0x4f0 [ 748.478859][ C1] ? ret_from_fork+0x35/0x40 [ 748.478859][ C1] ? skb_clone+0x486/0x5d0 [ 748.478859][ C1] ? br_flood+0xa8e/0xf90 [ 748.478859][ C1] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 748.478859][ C1] ? br_nf_hook_thresh+0x4f7/0x680 [ 748.478859][ C1] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 748.478859][ C1] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 748.478859][ C1] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 748.478859][ C1] ? br_handle_frame+0xcd2/0x2050 [ 748.478859][ C1] ? __netif_receive_skb_core+0x21de/0x5840 [ 748.478859][ C1] ? __netif_receive_skb_list_core+0x315/0x1380 [ 748.478859][ C1] ? netif_receive_skb_list_internal+0xf62/0x1620 [ 748.478859][ C1] ? napi_gro_receive+0xae7/0xf90 [ 748.478859][ C1] ? gro_cell_poll+0x24c/0x400 [ 748.478859][ C1] ? net_rx_action+0x786/0x1aa0 [ 748.478859][ C1] ? __do_softirq+0x311/0x83d [ 748.478859][ C1] ? kmsan_memcpy_memmove_metadata+0x10c/0x2e0 [ 748.478859][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 748.478859][ C1] ? kmsan_set_origin_checked+0x95/0xf0 [ 748.478859][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 748.478859][ C1] __msan_chain_origin+0x50/0x90 [ 748.478859][ C1] __skb_clone+0x939/0x970 [ 748.478859][ C1] skb_clone+0x404/0x5d0 [ 748.478859][ C1] br_flood+0xa8e/0xf90 [ 748.478859][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 748.478859][ C1] ? brport_get_ownership+0xf0/0xf0 [ 748.478859][ C1] ? brport_get_ownership+0xf0/0xf0 [ 748.478859][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 748.478859][ C1] ? brport_get_ownership+0xf0/0xf0 [ 748.478859][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 748.478859][ C1] ? brport_get_ownership+0xf0/0xf0 [ 748.478859][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 748.478859][ C1] ? br_nf_pre_routing_ipv6+0x7f0/0x7f0 [ 748.478859][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 748.478859][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 748.478859][ C1] ? brnf_device_event+0x3c0/0x3c0 [ 748.478859][ C1] br_handle_frame+0xcd2/0x2050 [ 748.478859][ C1] ? brport_get_ownership+0xf0/0xf0 [ 748.478859][ C1] ? br_pass_frame_up+0x9c0/0x9c0 [ 748.478859][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 748.478859][ C1] ? ipv6_gro_receive+0x25e2/0x2960 [ 748.478859][ C1] ? check_preempt_wakeup+0x167/0x15d0 [ 748.478859][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 748.478859][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 748.478859][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 748.478859][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 748.478859][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 748.478859][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 748.478859][ C1] napi_gro_receive+0xae7/0xf90 [ 748.478859][ C1] gro_cell_poll+0x24c/0x400 [ 748.478859][ C1] ? gro_cells_init+0x510/0x510 [ 748.478859][ C1] net_rx_action+0x786/0x1aa0 [ 748.478859][ C1] ? net_tx_action+0xc30/0xc30 [ 748.478859][ C1] __do_softirq+0x311/0x83d [ 748.478859][ C1] ? ksoftirqd_should_run+0x30/0x30 [ 748.478859][ C1] ? takeover_tasklets+0x8f0/0x8f0 [ 748.478859][ C1] run_ksoftirqd+0x25/0x40 [ 748.478859][ C1] smpboot_thread_fn+0x493/0x980 [ 748.478859][ C1] kthread+0x4b5/0x4f0 [ 748.478859][ C1] ? cpu_report_death+0x180/0x180 [ 748.478859][ C1] ? kthread_blkcg+0xf0/0xf0 [ 748.478859][ C1] ret_from_fork+0x35/0x40 [ 748.478859][ C1] Uninit was stored to memory at: [ 748.478859][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 748.478859][ C1] __msan_chain_origin+0x50/0x90 [ 748.478859][ C1] __skb_clone+0x939/0x970 [ 748.478859][ C1] skb_clone+0x404/0x5d0 [ 748.478859][ C1] br_flood+0xa8e/0xf90 [ 748.478859][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 748.478859][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 748.478859][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 748.478859][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 748.478859][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 748.478859][ C1] br_handle_frame+0xcd2/0x2050 [ 748.478859][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 748.478859][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 748.478859][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 748.478859][ C1] napi_gro_receive+0xae7/0xf90 [ 748.478859][ C1] gro_cell_poll+0x24c/0x400 [ 748.478859][ C1] net_rx_action+0x786/0x1aa0 [ 748.478859][ C1] __do_softirq+0x311/0x83d [ 748.478859][ C1] [ 748.478859][ C1] Uninit was stored to memory at: [ 748.478859][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 748.478859][ C1] __msan_chain_origin+0x50/0x90 [ 748.478859][ C1] __skb_clone+0x939/0x970 [ 748.478859][ C1] skb_clone+0x404/0x5d0 [ 748.478859][ C1] br_flood+0xa8e/0xf90 [ 748.478859][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 748.478859][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 748.478859][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 748.478859][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 748.478859][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 748.478859][ C1] br_handle_frame+0xcd2/0x2050 [ 748.478859][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 748.478859][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 748.478859][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 748.478859][ C1] napi_gro_receive+0xae7/0xf90 [ 748.478859][ C1] gro_cell_poll+0x24c/0x400 [ 748.478859][ C1] net_rx_action+0x786/0x1aa0 [ 748.478859][ C1] __do_softirq+0x311/0x83d [ 748.478859][ C1] [ 748.478859][ C1] Uninit was stored to memory at: [ 748.478859][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 748.478859][ C1] __msan_chain_origin+0x50/0x90 [ 748.478859][ C1] __skb_clone+0x939/0x970 [ 748.478859][ C1] skb_clone+0x404/0x5d0 [ 748.478859][ C1] br_flood+0xa8e/0xf90 [ 748.478859][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 748.478859][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 748.478859][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 748.478859][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 748.478859][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 748.478859][ C1] br_handle_frame+0xcd2/0x2050 [ 748.478859][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 748.478859][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 748.478859][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 748.478859][ C1] napi_gro_receive+0xae7/0xf90 [ 748.478859][ C1] gro_cell_poll+0x24c/0x400 [ 748.478859][ C1] net_rx_action+0x786/0x1aa0 [ 748.478859][ C1] __do_softirq+0x311/0x83d [ 748.478859][ C1] [ 748.478859][ C1] Uninit was stored to memory at: [ 748.478859][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 748.478859][ C1] __msan_chain_origin+0x50/0x90 [ 748.478859][ C1] __skb_clone+0x939/0x970 [ 748.478859][ C1] skb_clone+0x404/0x5d0 [ 748.478859][ C1] br_flood+0xa8e/0xf90 [ 748.478859][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 748.478859][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 748.478859][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 748.478859][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 748.478859][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 748.478859][ C1] br_handle_frame+0xcd2/0x2050 [ 748.478859][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 748.478859][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 748.478859][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 748.478859][ C1] napi_gro_receive+0xae7/0xf90 [ 748.478859][ C1] gro_cell_poll+0x24c/0x400 [ 748.478859][ C1] net_rx_action+0x786/0x1aa0 [ 748.478859][ C1] __do_softirq+0x311/0x83d [ 748.478859][ C1] [ 748.478859][ C1] Uninit was stored to memory at: [ 748.478859][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 748.478859][ C1] __msan_chain_origin+0x50/0x90 [ 748.478859][ C1] pskb_expand_head+0x1750/0x1b00 [ 748.478859][ C1] geneve_build_skb+0x4c0/0xe00 [ 748.478859][ C1] geneve_xmit+0x25a3/0x2c20 [ 748.478859][ C1] dev_hard_start_xmit+0x531/0xab0 [ 748.478859][ C1] __dev_queue_xmit+0x2f8d/0x3b20 [ 748.478859][ C1] dev_queue_xmit+0x4b/0x60 [ 748.478859][ C1] br_dev_queue_push_xmit+0x7f5/0x8b0 [ 748.478859][ C1] br_nf_dev_queue_xmit+0x693/0x1910 [ 748.478859][ C1] br_nf_post_routing+0x152e/0x17e0 [ 748.478859][ C1] nf_hook_slow+0x16e/0x400 [ 748.478859][ C1] br_forward_finish+0x24a/0x3f0 [ 748.478859][ C1] br_nf_forward_finish+0xf47/0x11a0 [ 748.478859][ C1] br_nf_forward_ip+0x1d4e/0x1f30 [ 748.478859][ C1] nf_hook_slow+0x16e/0x400 [ 748.478859][ C1] __br_forward+0x75c/0xe30 [ 748.478859][ C1] br_flood+0xb0b/0xf90 [ 748.478859][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 748.478859][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 748.478859][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 748.478859][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 748.478859][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 748.478859][ C1] br_handle_frame+0xcd2/0x2050 [ 748.478859][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 748.478859][ C1] process_backlog+0x936/0x1410 [ 748.478859][ C1] net_rx_action+0x786/0x1aa0 [ 748.478859][ C1] __do_softirq+0x311/0x83d [ 748.478859][ C1] [ 748.478859][ C1] Uninit was stored to memory at: [ 748.478859][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 748.478859][ C1] __msan_chain_origin+0x50/0x90 [ 748.478859][ C1] __skb_clone+0x863/0x970 [ 748.478859][ C1] skb_clone+0x404/0x5d0 [ 748.478859][ C1] br_flood+0xa8e/0xf90 [ 748.478859][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 748.478859][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 748.478859][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 748.478859][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 748.478859][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 748.478859][ C1] br_handle_frame+0xcd2/0x2050 [ 748.478859][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 748.478859][ C1] process_backlog+0x936/0x1410 [ 748.478859][ C1] net_rx_action+0x786/0x1aa0 [ 748.478859][ C1] __do_softirq+0x311/0x83d [ 748.478859][ C1] [ 748.478859][ C1] Uninit was stored to memory at: [ 748.478859][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 748.478859][ C1] __msan_chain_origin+0x50/0x90 [ 748.478859][ C1] skb_clone+0x486/0x5d0 [ 748.478859][ C1] br_flood+0xa8e/0xf90 [ 748.478859][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 748.478859][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 748.478859][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 748.478859][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 748.478859][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 748.478859][ C1] br_handle_frame+0xcd2/0x2050 [ 748.478859][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 748.478859][ C1] process_backlog+0x936/0x1410 [ 748.478859][ C1] net_rx_action+0x786/0x1aa0 [ 748.478859][ C1] __do_softirq+0x311/0x83d [ 748.478859][ C1] [ 748.478859][ C1] Uninit was created at: [ 748.478859][ C1] kmsan_internal_poison_shadow+0x66/0xd0 [ 748.478859][ C1] kmsan_slab_alloc+0x8a/0xe0 [ 748.478859][ C1] kmem_cache_alloc+0x711/0xd70 [ 748.478859][ C1] skb_clone+0x328/0x5d0 [ 748.478859][ C1] br_flood+0xa8e/0xf90 [ 748.478859][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 748.478859][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 748.478859][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 748.478859][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 748.478859][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 748.478859][ C1] br_handle_frame+0xcd2/0x2050 [ 748.478859][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 748.478859][ C1] process_backlog+0x936/0x1410 [ 748.478859][ C1] net_rx_action+0x786/0x1aa0 [ 748.478859][ C1] __do_softirq+0x311/0x83d 00:13:56 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7}}) close(r0) write$tun(0xffffffffffffffff, 0x0, 0x0) 00:13:56 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r6, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:13:56 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:13:56 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 755.257130][ C0] not chained 500000 origins [ 755.258858][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.6.0-rc7-syzkaller #0 [ 755.258858][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 755.258858][ C0] Call Trace: [ 755.258858][ C0] dump_stack+0x1c9/0x220 [ 755.258858][ C0] kmsan_internal_chain_origin+0x6f/0x130 [ 755.258858][ C0] ? kmsan_internal_chain_origin+0xad/0x130 [ 755.258858][ C0] ? __msan_chain_origin+0x50/0x90 [ 755.258858][ C0] ? __skb_clone+0x863/0x970 [ 755.258858][ C0] ? skb_clone+0x404/0x5d0 [ 755.258858][ C0] ? br_flood+0xd14/0xf90 [ 755.258858][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 755.258858][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 755.258858][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 755.258858][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 755.258858][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 755.258858][ C0] ? br_handle_frame+0xcd2/0x2050 [ 755.258858][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 755.258858][ C0] ? __netif_receive_skb_list_core+0x315/0x1380 [ 755.258858][ C0] ? netif_receive_skb_list_internal+0xf62/0x1620 [ 755.258858][ C0] ? napi_gro_receive+0xae7/0xf90 [ 755.258858][ C0] ? gro_cell_poll+0x24c/0x400 [ 755.258858][ C0] ? net_rx_action+0x786/0x1aa0 [ 755.258858][ C0] ? __do_softirq+0x311/0x83d [ 755.258858][ C0] ? run_ksoftirqd+0x25/0x40 [ 755.258858][ C0] ? smpboot_thread_fn+0x493/0x980 [ 755.258858][ C0] ? kthread+0x4b5/0x4f0 [ 755.258858][ C0] ? ret_from_fork+0x35/0x40 [ 755.258858][ C0] ? skb_clone+0x486/0x5d0 [ 755.258858][ C0] ? br_flood+0xd14/0xf90 [ 755.258858][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 755.258858][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 755.258858][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 755.258858][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 755.258858][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 755.258858][ C0] ? br_handle_frame+0xcd2/0x2050 [ 755.258858][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 755.258858][ C0] ? __netif_receive_skb_list_core+0x315/0x1380 [ 755.258858][ C0] ? netif_receive_skb_list_internal+0xf62/0x1620 [ 755.258858][ C0] ? napi_gro_receive+0xae7/0xf90 [ 755.258858][ C0] ? gro_cell_poll+0x24c/0x400 [ 755.258858][ C0] ? net_rx_action+0x786/0x1aa0 [ 755.258858][ C0] ? __do_softirq+0x311/0x83d [ 755.258858][ C0] ? kmsan_memcpy_memmove_metadata+0x10c/0x2e0 [ 755.258858][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 755.258858][ C0] ? kmsan_set_origin_checked+0x95/0xf0 [ 755.258858][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 755.258858][ C0] __msan_chain_origin+0x50/0x90 [ 755.258858][ C0] __skb_clone+0x939/0x970 [ 755.258858][ C0] skb_clone+0x404/0x5d0 [ 755.258858][ C0] br_flood+0xd14/0xf90 [ 755.258858][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 755.258858][ C0] ? brport_get_ownership+0xf0/0xf0 [ 755.258858][ C0] ? brport_get_ownership+0xf0/0xf0 [ 755.258858][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 755.546221][ C0] ? brport_get_ownership+0xf0/0xf0 [ 755.546221][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 755.546221][ C0] ? brport_get_ownership+0xf0/0xf0 [ 755.546221][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 755.546221][ C0] ? br_nf_pre_routing_ipv6+0x7f0/0x7f0 [ 755.546221][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 755.546221][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 755.546221][ C0] ? brnf_device_event+0x3c0/0x3c0 [ 755.546221][ C0] br_handle_frame+0xcd2/0x2050 [ 755.546221][ C0] ? brport_get_ownership+0xf0/0xf0 [ 755.546221][ C0] ? br_pass_frame_up+0x9c0/0x9c0 [ 755.546221][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 755.546221][ C0] ? ipv6_gro_receive+0x25e2/0x2960 [ 755.546221][ C0] ? check_preempt_wakeup+0xeff/0x15d0 [ 755.546221][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 755.546221][ C0] __netif_receive_skb_list_core+0x315/0x1380 [ 755.546221][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 755.546221][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 755.546221][ C0] netif_receive_skb_list_internal+0xf62/0x1620 [ 755.546221][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 755.546221][ C0] napi_gro_receive+0xae7/0xf90 [ 755.546221][ C0] gro_cell_poll+0x24c/0x400 [ 755.546221][ C0] ? gro_cells_init+0x510/0x510 [ 755.546221][ C0] net_rx_action+0x786/0x1aa0 [ 755.546221][ C0] ? net_tx_action+0xc30/0xc30 [ 755.546221][ C0] __do_softirq+0x311/0x83d [ 755.546221][ C0] ? ksoftirqd_should_run+0x30/0x30 [ 755.546221][ C0] ? takeover_tasklets+0x8f0/0x8f0 [ 755.546221][ C0] run_ksoftirqd+0x25/0x40 [ 755.546221][ C0] smpboot_thread_fn+0x493/0x980 [ 755.546221][ C0] kthread+0x4b5/0x4f0 [ 755.546221][ C0] ? cpu_report_death+0x180/0x180 [ 755.546221][ C0] ? kthread_blkcg+0xf0/0xf0 [ 755.546221][ C0] ret_from_fork+0x35/0x40 [ 755.546221][ C0] Uninit was stored to memory at: [ 755.546221][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 755.546221][ C0] __msan_chain_origin+0x50/0x90 [ 755.546221][ C0] __skb_clone+0x939/0x970 [ 755.546221][ C0] skb_clone+0x404/0x5d0 [ 755.546221][ C0] br_flood+0xa8e/0xf90 [ 755.546221][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 755.546221][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 755.546221][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 755.546221][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 755.546221][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 755.546221][ C0] br_handle_frame+0xcd2/0x2050 [ 755.546221][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 755.546221][ C0] __netif_receive_skb_list_core+0x315/0x1380 [ 755.546221][ C0] netif_receive_skb_list_internal+0xf62/0x1620 [ 755.546221][ C0] napi_gro_receive+0xae7/0xf90 [ 755.546221][ C0] gro_cell_poll+0x24c/0x400 [ 755.546221][ C0] net_rx_action+0x786/0x1aa0 [ 755.546221][ C0] __do_softirq+0x311/0x83d [ 755.546221][ C0] [ 755.546221][ C0] Uninit was stored to memory at: [ 755.546221][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 755.546221][ C0] __msan_chain_origin+0x50/0x90 [ 755.546221][ C0] __skb_clone+0x939/0x970 [ 755.546221][ C0] skb_clone+0x404/0x5d0 [ 755.546221][ C0] br_flood+0xa8e/0xf90 [ 755.546221][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 755.546221][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 755.546221][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 755.546221][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 755.546221][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 755.546221][ C0] br_handle_frame+0xcd2/0x2050 [ 755.546221][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 755.546221][ C0] __netif_receive_skb_list_core+0x315/0x1380 [ 755.546221][ C0] netif_receive_skb_list_internal+0xf62/0x1620 [ 755.546221][ C0] napi_gro_receive+0xae7/0xf90 [ 755.546221][ C0] gro_cell_poll+0x24c/0x400 [ 755.546221][ C0] net_rx_action+0x786/0x1aa0 [ 755.546221][ C0] __do_softirq+0x311/0x83d [ 755.546221][ C0] [ 755.546221][ C0] Uninit was stored to memory at: [ 755.546221][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 755.546221][ C0] __msan_chain_origin+0x50/0x90 [ 755.546221][ C0] __skb_clone+0x939/0x970 [ 755.546221][ C0] skb_clone+0x404/0x5d0 [ 755.546221][ C0] br_flood+0xa8e/0xf90 [ 755.546221][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 755.546221][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 755.546221][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 755.546221][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 755.546221][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 755.546221][ C0] br_handle_frame+0xcd2/0x2050 [ 755.546221][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 755.546221][ C0] __netif_receive_skb_list_core+0x315/0x1380 [ 755.546221][ C0] netif_receive_skb_list_internal+0xf62/0x1620 [ 755.546221][ C0] napi_gro_receive+0xae7/0xf90 [ 755.546221][ C0] gro_cell_poll+0x24c/0x400 [ 755.546221][ C0] net_rx_action+0x786/0x1aa0 [ 755.546221][ C0] __do_softirq+0x311/0x83d [ 755.546221][ C0] [ 755.546221][ C0] Uninit was stored to memory at: [ 755.546221][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 755.546221][ C0] __msan_chain_origin+0x50/0x90 [ 755.546221][ C0] __skb_clone+0x939/0x970 [ 755.546221][ C0] skb_clone+0x404/0x5d0 [ 755.546221][ C0] br_flood+0xa8e/0xf90 [ 755.546221][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 755.546221][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 755.546221][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 755.546221][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 755.546221][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 755.546221][ C0] br_handle_frame+0xcd2/0x2050 [ 755.546221][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 755.546221][ C0] __netif_receive_skb_list_core+0x315/0x1380 [ 755.546221][ C0] netif_receive_skb_list_internal+0xf62/0x1620 [ 755.546221][ C0] napi_gro_receive+0xae7/0xf90 [ 755.546221][ C0] gro_cell_poll+0x24c/0x400 [ 755.546221][ C0] net_rx_action+0x786/0x1aa0 [ 755.546221][ C0] __do_softirq+0x311/0x83d [ 755.546221][ C0] [ 755.546221][ C0] Uninit was stored to memory at: [ 755.546221][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 755.546221][ C0] __msan_chain_origin+0x50/0x90 [ 755.546221][ C0] pskb_expand_head+0x1750/0x1b00 [ 755.546221][ C0] geneve_build_skb+0x4c0/0xe00 [ 755.546221][ C0] geneve_xmit+0x25a3/0x2c20 [ 755.546221][ C0] dev_hard_start_xmit+0x531/0xab0 [ 755.546221][ C0] __dev_queue_xmit+0x2f8d/0x3b20 [ 755.546221][ C0] dev_queue_xmit+0x4b/0x60 [ 755.546221][ C0] br_dev_queue_push_xmit+0x7f5/0x8b0 [ 755.546221][ C0] br_nf_dev_queue_xmit+0x693/0x1910 [ 755.546221][ C0] br_nf_post_routing+0x152e/0x17e0 [ 755.546221][ C0] nf_hook_slow+0x16e/0x400 [ 755.546221][ C0] br_forward_finish+0x24a/0x3f0 [ 755.546221][ C0] br_nf_forward_finish+0xf47/0x11a0 [ 755.546221][ C0] br_nf_forward_ip+0x1d4e/0x1f30 [ 755.546221][ C0] nf_hook_slow+0x16e/0x400 [ 755.546221][ C0] __br_forward+0x75c/0xe30 [ 755.546221][ C0] br_flood+0xb0b/0xf90 [ 755.546221][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 755.546221][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 755.546221][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 755.546221][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 755.546221][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 755.546221][ C0] br_handle_frame+0xcd2/0x2050 [ 755.546221][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 755.546221][ C0] process_backlog+0x936/0x1410 [ 755.546221][ C0] net_rx_action+0x786/0x1aa0 [ 755.546221][ C0] __do_softirq+0x311/0x83d [ 755.546221][ C0] [ 755.546221][ C0] Uninit was stored to memory at: [ 755.546221][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 755.546221][ C0] __msan_chain_origin+0x50/0x90 [ 755.546221][ C0] __skb_clone+0x863/0x970 [ 755.546221][ C0] skb_clone+0x404/0x5d0 [ 755.546221][ C0] br_flood+0xa8e/0xf90 [ 755.546221][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 755.546221][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 755.546221][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 755.546221][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 755.546221][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 755.546221][ C0] br_handle_frame+0xcd2/0x2050 [ 755.546221][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 755.546221][ C0] process_backlog+0x936/0x1410 [ 755.546221][ C0] net_rx_action+0x786/0x1aa0 [ 755.546221][ C0] __do_softirq+0x311/0x83d [ 755.546221][ C0] [ 755.546221][ C0] Uninit was stored to memory at: [ 755.546221][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 755.546221][ C0] __msan_chain_origin+0x50/0x90 [ 755.546221][ C0] skb_clone+0x486/0x5d0 [ 755.546221][ C0] br_flood+0xa8e/0xf90 [ 755.546221][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 755.546221][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 755.546221][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 755.546221][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 755.546221][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 755.546221][ C0] br_handle_frame+0xcd2/0x2050 [ 755.546221][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 755.546221][ C0] process_backlog+0x936/0x1410 [ 755.546221][ C0] net_rx_action+0x786/0x1aa0 [ 755.546221][ C0] __do_softirq+0x311/0x83d [ 755.546221][ C0] [ 755.546221][ C0] Uninit was created at: [ 755.546221][ C0] kmsan_internal_poison_shadow+0x66/0xd0 [ 755.546221][ C0] kmsan_slab_alloc+0x8a/0xe0 [ 755.546221][ C0] kmem_cache_alloc+0x711/0xd70 [ 755.546221][ C0] skb_clone+0x328/0x5d0 [ 755.546221][ C0] br_flood+0xa8e/0xf90 [ 755.546221][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 755.546221][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 755.546221][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 755.546221][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 755.546221][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 755.546221][ C0] br_handle_frame+0xcd2/0x2050 [ 755.546221][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 755.546221][ C0] process_backlog+0x936/0x1410 [ 755.546221][ C0] net_rx_action+0x786/0x1aa0 [ 755.546221][ C0] __do_softirq+0x311/0x83d [ 760.392067][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 760.410937][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 760.430028][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 760.452174][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 760.521605][ C0] bridge0: received packet on geneve0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 761.395962][ C0] not chained 510000 origins [ 761.398890][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.6.0-rc7-syzkaller #0 [ 761.398890][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 761.398890][ C0] Call Trace: [ 761.398890][ C0] dump_stack+0x1c9/0x220 [ 761.398890][ C0] kmsan_internal_chain_origin+0x6f/0x130 [ 761.398890][ C0] ? kmsan_internal_chain_origin+0xad/0x130 [ 761.398890][ C0] ? __msan_chain_origin+0x50/0x90 [ 761.398890][ C0] ? __skb_clone+0x863/0x970 [ 761.398890][ C0] ? skb_clone+0x404/0x5d0 [ 761.398890][ C0] ? br_flood+0xa8e/0xf90 [ 761.398890][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 761.398890][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 761.398890][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 761.398890][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 761.398890][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 761.398890][ C0] ? br_handle_frame+0xcd2/0x2050 [ 761.398890][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 761.398890][ C0] ? process_backlog+0x936/0x1410 [ 761.398890][ C0] ? net_rx_action+0x786/0x1aa0 [ 761.398890][ C0] ? __do_softirq+0x311/0x83d [ 761.398890][ C0] ? run_ksoftirqd+0x25/0x40 [ 761.398890][ C0] ? smpboot_thread_fn+0x493/0x980 [ 761.398890][ C0] ? kthread+0x4b5/0x4f0 [ 761.398890][ C0] ? ret_from_fork+0x35/0x40 [ 761.398890][ C0] ? __msan_chain_origin+0x50/0x90 [ 761.398890][ C0] ? skb_clone+0x486/0x5d0 [ 761.398890][ C0] ? br_flood+0xa8e/0xf90 [ 761.398890][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 761.398890][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 761.398890][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 761.398890][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 761.398890][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 761.398890][ C0] ? br_handle_frame+0xcd2/0x2050 [ 761.398890][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 761.398890][ C0] ? process_backlog+0x936/0x1410 [ 761.398890][ C0] ? net_rx_action+0x786/0x1aa0 [ 761.398890][ C0] ? __do_softirq+0x311/0x83d [ 761.398890][ C0] ? run_ksoftirqd+0x25/0x40 [ 761.398890][ C0] ? smpboot_thread_fn+0x493/0x980 [ 761.398890][ C0] ? kthread+0x4b5/0x4f0 [ 761.398890][ C0] ? ret_from_fork+0x35/0x40 [ 761.398890][ C0] ? kmsan_memcpy_memmove_metadata+0x10c/0x2e0 [ 761.398890][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 761.398890][ C0] ? kmsan_set_origin_checked+0x95/0xf0 [ 761.398890][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 761.398890][ C0] __msan_chain_origin+0x50/0x90 [ 761.398890][ C0] __skb_clone+0x939/0x970 [ 761.398890][ C0] skb_clone+0x404/0x5d0 [ 761.398890][ C0] br_flood+0xa8e/0xf90 [ 761.398890][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 761.398890][ C0] ? brport_get_ownership+0xf0/0xf0 [ 761.398890][ C0] ? brport_get_ownership+0xf0/0xf0 [ 761.398890][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 761.398890][ C0] ? brport_get_ownership+0xf0/0xf0 [ 761.398890][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 761.398890][ C0] ? brport_get_ownership+0xf0/0xf0 [ 761.398890][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 761.398890][ C0] ? br_nf_pre_routing_ipv6+0x7f0/0x7f0 [ 761.398890][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 761.398890][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 761.398890][ C0] ? brnf_device_event+0x3c0/0x3c0 [ 761.398890][ C0] br_handle_frame+0xcd2/0x2050 [ 761.398890][ C0] ? brport_get_ownership+0xf0/0xf0 [ 761.398890][ C0] ? br_pass_frame_up+0x9c0/0x9c0 [ 761.398890][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 761.398890][ C0] ? __msan_poison_alloca+0xf0/0x120 [ 761.398890][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 761.398890][ C0] process_backlog+0x936/0x1410 [ 761.398890][ C0] ? ip_local_deliver_finish+0x350/0x350 [ 761.398890][ C0] ? rps_trigger_softirq+0x2e0/0x2e0 [ 761.398890][ C0] net_rx_action+0x786/0x1aa0 [ 761.398890][ C0] ? net_tx_action+0xc30/0xc30 [ 761.398890][ C0] __do_softirq+0x311/0x83d [ 761.398890][ C0] ? ksoftirqd_should_run+0x30/0x30 [ 761.398890][ C0] ? takeover_tasklets+0x8f0/0x8f0 [ 761.398890][ C0] run_ksoftirqd+0x25/0x40 [ 761.398890][ C0] smpboot_thread_fn+0x493/0x980 [ 761.398890][ C0] kthread+0x4b5/0x4f0 [ 761.398890][ C0] ? cpu_report_death+0x180/0x180 [ 761.398890][ C0] ? kthread_blkcg+0xf0/0xf0 [ 761.398890][ C0] ret_from_fork+0x35/0x40 [ 761.398890][ C0] Uninit was stored to memory at: [ 761.398890][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 761.398890][ C0] __msan_chain_origin+0x50/0x90 [ 761.398890][ C0] __skb_clone+0x939/0x970 [ 761.398890][ C0] skb_clone+0x404/0x5d0 [ 761.398890][ C0] br_flood+0xa8e/0xf90 [ 761.398890][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 761.398890][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 761.398890][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 761.398890][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 761.398890][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 761.398890][ C0] br_handle_frame+0xcd2/0x2050 [ 761.398890][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 761.398890][ C0] process_backlog+0x936/0x1410 [ 761.398890][ C0] net_rx_action+0x786/0x1aa0 [ 761.398890][ C0] __do_softirq+0x311/0x83d [ 761.398890][ C0] [ 761.398890][ C0] Uninit was stored to memory at: [ 761.398890][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 761.398890][ C0] __msan_chain_origin+0x50/0x90 [ 761.398890][ C0] __skb_clone+0x939/0x970 [ 761.398890][ C0] skb_clone+0x404/0x5d0 [ 761.398890][ C0] br_flood+0xa8e/0xf90 [ 761.398890][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 761.398890][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 761.398890][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 761.398890][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 761.398890][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 761.398890][ C0] br_handle_frame+0xcd2/0x2050 [ 761.398890][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 761.398890][ C0] process_backlog+0x936/0x1410 [ 761.398890][ C0] net_rx_action+0x786/0x1aa0 [ 761.398890][ C0] __do_softirq+0x311/0x83d [ 761.398890][ C0] [ 761.398890][ C0] Uninit was stored to memory at: [ 761.398890][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 761.398890][ C0] __msan_chain_origin+0x50/0x90 [ 761.398890][ C0] __skb_clone+0x939/0x970 [ 761.398890][ C0] skb_clone+0x404/0x5d0 [ 761.398890][ C0] br_flood+0xa8e/0xf90 [ 761.398890][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 761.398890][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 761.398890][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 761.398890][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 761.398890][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 761.398890][ C0] br_handle_frame+0xcd2/0x2050 [ 761.398890][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 761.398890][ C0] process_backlog+0x936/0x1410 [ 761.398890][ C0] net_rx_action+0x786/0x1aa0 [ 761.398890][ C0] __do_softirq+0x311/0x83d [ 761.398890][ C0] [ 761.398890][ C0] Uninit was stored to memory at: [ 761.398890][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 761.398890][ C0] __msan_chain_origin+0x50/0x90 [ 761.398890][ C0] __skb_clone+0x939/0x970 [ 761.398890][ C0] skb_clone+0x404/0x5d0 [ 761.398890][ C0] br_flood+0xa8e/0xf90 [ 761.398890][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 761.398890][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 761.398890][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 761.398890][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 761.398890][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 761.398890][ C0] br_handle_frame+0xcd2/0x2050 [ 761.398890][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 761.398890][ C0] process_backlog+0x936/0x1410 [ 761.398890][ C0] net_rx_action+0x786/0x1aa0 [ 761.398890][ C0] __do_softirq+0x311/0x83d [ 761.398890][ C0] [ 761.398890][ C0] Uninit was stored to memory at: [ 761.398890][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 761.398890][ C0] __msan_chain_origin+0x50/0x90 [ 761.398890][ C0] __skb_clone+0x939/0x970 [ 761.398890][ C0] skb_clone+0x404/0x5d0 [ 761.398890][ C0] br_flood+0xa8e/0xf90 [ 761.398890][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 761.398890][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 761.398890][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 761.398890][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 761.398890][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 761.398890][ C0] br_handle_frame+0xcd2/0x2050 [ 761.398890][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 761.398890][ C0] process_backlog+0x936/0x1410 [ 761.398890][ C0] net_rx_action+0x786/0x1aa0 [ 761.398890][ C0] __do_softirq+0x311/0x83d [ 761.398890][ C0] [ 761.398890][ C0] Uninit was stored to memory at: [ 761.398890][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 761.398890][ C0] __msan_chain_origin+0x50/0x90 [ 761.398890][ C0] __skb_clone+0x863/0x970 [ 761.398890][ C0] skb_clone+0x404/0x5d0 [ 761.398890][ C0] br_flood+0xa8e/0xf90 [ 761.398890][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 761.398890][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 761.398890][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 761.398890][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 761.398890][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 761.398890][ C0] br_handle_frame+0xcd2/0x2050 [ 761.398890][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 761.398890][ C0] process_backlog+0x936/0x1410 [ 761.398890][ C0] net_rx_action+0x786/0x1aa0 [ 761.398890][ C0] __do_softirq+0x311/0x83d [ 761.398890][ C0] [ 761.398890][ C0] Uninit was stored to memory at: [ 761.398890][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 761.398890][ C0] __msan_chain_origin+0x50/0x90 [ 761.398890][ C0] skb_clone+0x486/0x5d0 [ 761.398890][ C0] br_flood+0xa8e/0xf90 [ 761.398890][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 761.398890][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 761.398890][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 761.398890][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 761.398890][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 761.398890][ C0] br_handle_frame+0xcd2/0x2050 [ 761.398890][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 761.398890][ C0] process_backlog+0x936/0x1410 [ 761.398890][ C0] net_rx_action+0x786/0x1aa0 [ 761.398890][ C0] __do_softirq+0x311/0x83d [ 761.398890][ C0] [ 761.398890][ C0] Uninit was created at: [ 761.398890][ C0] kmsan_internal_poison_shadow+0x66/0xd0 [ 761.398890][ C0] kmsan_slab_alloc+0x8a/0xe0 [ 761.398890][ C0] kmem_cache_alloc+0x711/0xd70 [ 761.398890][ C0] skb_clone+0x328/0x5d0 [ 761.398890][ C0] br_flood+0xa8e/0xf90 [ 761.398890][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 761.398890][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 761.398890][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 761.398890][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 761.398890][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 761.398890][ C0] br_handle_frame+0xcd2/0x2050 [ 761.398890][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 761.398890][ C0] process_backlog+0x936/0x1410 [ 761.398890][ C0] net_rx_action+0x786/0x1aa0 [ 761.398890][ C0] __do_softirq+0x311/0x83d [ 767.787126][ C0] not chained 520000 origins [ 767.788893][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.6.0-rc7-syzkaller #0 [ 767.788893][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 767.788893][ C0] Call Trace: [ 767.788893][ C0] dump_stack+0x1c9/0x220 [ 767.788893][ C0] kmsan_internal_chain_origin+0x6f/0x130 [ 767.788893][ C0] ? kmsan_internal_chain_origin+0xad/0x130 [ 767.788893][ C0] ? __msan_chain_origin+0x50/0x90 [ 767.788893][ C0] ? __skb_clone+0x863/0x970 [ 767.788893][ C0] ? skb_clone+0x404/0x5d0 [ 767.788893][ C0] ? br_flood+0xa8e/0xf90 [ 767.788893][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 767.788893][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 767.788893][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 767.788893][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 767.788893][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 767.788893][ C0] ? br_handle_frame+0xcd2/0x2050 [ 767.788893][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 767.788893][ C0] ? process_backlog+0x936/0x1410 [ 767.788893][ C0] ? net_rx_action+0x786/0x1aa0 [ 767.788893][ C0] ? __do_softirq+0x311/0x83d [ 767.788893][ C0] ? run_ksoftirqd+0x25/0x40 [ 767.788893][ C0] ? smpboot_thread_fn+0x493/0x980 [ 767.788893][ C0] ? kthread+0x4b5/0x4f0 [ 767.788893][ C0] ? ret_from_fork+0x35/0x40 [ 767.788893][ C0] ? __msan_chain_origin+0x50/0x90 [ 767.788893][ C0] ? skb_clone+0x486/0x5d0 [ 767.788893][ C0] ? br_flood+0xa8e/0xf90 [ 767.788893][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 767.788893][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 767.788893][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 767.788893][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 767.788893][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 767.788893][ C0] ? br_handle_frame+0xcd2/0x2050 [ 767.788893][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 767.788893][ C0] ? process_backlog+0x936/0x1410 [ 767.788893][ C0] ? net_rx_action+0x786/0x1aa0 [ 767.788893][ C0] ? __do_softirq+0x311/0x83d [ 767.788893][ C0] ? run_ksoftirqd+0x25/0x40 [ 767.788893][ C0] ? smpboot_thread_fn+0x493/0x980 [ 767.788893][ C0] ? kthread+0x4b5/0x4f0 [ 767.788893][ C0] ? ret_from_fork+0x35/0x40 [ 767.788893][ C0] ? kmsan_memcpy_memmove_metadata+0x10c/0x2e0 [ 767.788893][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 767.788893][ C0] ? kmsan_set_origin_checked+0x95/0xf0 [ 767.788893][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 767.788893][ C0] __msan_chain_origin+0x50/0x90 [ 767.788893][ C0] __skb_clone+0x939/0x970 [ 767.788893][ C0] skb_clone+0x404/0x5d0 [ 767.788893][ C0] br_flood+0xa8e/0xf90 [ 767.788893][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 767.788893][ C0] ? brport_get_ownership+0xf0/0xf0 [ 767.788893][ C0] ? brport_get_ownership+0xf0/0xf0 [ 767.788893][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 767.788893][ C0] ? brport_get_ownership+0xf0/0xf0 [ 767.788893][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 767.788893][ C0] ? brport_get_ownership+0xf0/0xf0 [ 767.788893][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 767.788893][ C0] ? br_nf_pre_routing_ipv6+0x7f0/0x7f0 [ 767.788893][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 767.788893][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 767.788893][ C0] ? brnf_device_event+0x3c0/0x3c0 [ 767.788893][ C0] br_handle_frame+0xcd2/0x2050 [ 767.788893][ C0] ? brport_get_ownership+0xf0/0xf0 [ 767.788893][ C0] ? br_pass_frame_up+0x9c0/0x9c0 [ 767.788893][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 767.788893][ C0] ? __msan_poison_alloca+0xf0/0x120 [ 767.788893][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 767.788893][ C0] process_backlog+0x936/0x1410 [ 767.788893][ C0] ? ip_local_deliver_finish+0x350/0x350 [ 767.788893][ C0] ? rps_trigger_softirq+0x2e0/0x2e0 [ 767.788893][ C0] net_rx_action+0x786/0x1aa0 [ 767.788893][ C0] ? net_tx_action+0xc30/0xc30 [ 767.788893][ C0] __do_softirq+0x311/0x83d [ 767.788893][ C0] ? ksoftirqd_should_run+0x30/0x30 [ 767.788893][ C0] ? takeover_tasklets+0x8f0/0x8f0 [ 767.788893][ C0] run_ksoftirqd+0x25/0x40 [ 767.788893][ C0] smpboot_thread_fn+0x493/0x980 [ 767.788893][ C0] kthread+0x4b5/0x4f0 [ 767.788893][ C0] ? cpu_report_death+0x180/0x180 [ 767.788893][ C0] ? kthread_blkcg+0xf0/0xf0 [ 767.788893][ C0] ret_from_fork+0x35/0x40 [ 767.788893][ C0] Uninit was stored to memory at: [ 767.788893][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 767.788893][ C0] __msan_chain_origin+0x50/0x90 [ 767.788893][ C0] __skb_clone+0x939/0x970 [ 767.788893][ C0] skb_clone+0x404/0x5d0 [ 767.788893][ C0] br_flood+0xa8e/0xf90 [ 767.788893][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 767.788893][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 767.788893][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 767.788893][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 767.788893][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 767.788893][ C0] br_handle_frame+0xcd2/0x2050 [ 767.788893][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 767.788893][ C0] process_backlog+0x936/0x1410 [ 767.788893][ C0] net_rx_action+0x786/0x1aa0 [ 767.788893][ C0] __do_softirq+0x311/0x83d [ 767.788893][ C0] [ 767.788893][ C0] Uninit was stored to memory at: [ 767.788893][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 767.788893][ C0] __msan_chain_origin+0x50/0x90 [ 767.788893][ C0] __skb_clone+0x939/0x970 [ 767.788893][ C0] skb_clone+0x404/0x5d0 [ 767.788893][ C0] br_flood+0xa8e/0xf90 [ 767.788893][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 767.788893][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 767.788893][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 767.788893][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 767.788893][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 767.788893][ C0] br_handle_frame+0xcd2/0x2050 [ 767.788893][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 767.788893][ C0] process_backlog+0x936/0x1410 [ 767.788893][ C0] net_rx_action+0x786/0x1aa0 [ 767.788893][ C0] __do_softirq+0x311/0x83d [ 767.788893][ C0] [ 767.788893][ C0] Uninit was stored to memory at: [ 767.788893][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 767.788893][ C0] __msan_chain_origin+0x50/0x90 [ 767.788893][ C0] __skb_clone+0x939/0x970 [ 767.788893][ C0] skb_clone+0x404/0x5d0 [ 767.788893][ C0] br_flood+0xa8e/0xf90 [ 767.788893][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 767.788893][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 767.788893][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 767.788893][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 767.788893][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 767.788893][ C0] br_handle_frame+0xcd2/0x2050 [ 767.788893][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 767.788893][ C0] process_backlog+0x936/0x1410 [ 767.788893][ C0] net_rx_action+0x786/0x1aa0 [ 767.788893][ C0] __do_softirq+0x311/0x83d [ 767.788893][ C0] [ 767.788893][ C0] Uninit was stored to memory at: [ 767.788893][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 767.788893][ C0] __msan_chain_origin+0x50/0x90 [ 767.788893][ C0] __skb_clone+0x939/0x970 [ 767.788893][ C0] skb_clone+0x404/0x5d0 [ 767.788893][ C0] br_flood+0xa8e/0xf90 [ 767.788893][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 767.788893][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 767.788893][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 767.788893][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 768.530321][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 768.530321][ C0] br_handle_frame+0xcd2/0x2050 [ 768.530321][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 768.530321][ C0] process_backlog+0x936/0x1410 [ 768.530321][ C0] net_rx_action+0x786/0x1aa0 [ 768.530321][ C0] __do_softirq+0x311/0x83d [ 768.530321][ C0] [ 768.530321][ C0] Uninit was stored to memory at: [ 768.530321][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 768.530321][ C0] __msan_chain_origin+0x50/0x90 [ 768.530321][ C0] __skb_clone+0x939/0x970 [ 768.530321][ C0] skb_clone+0x404/0x5d0 [ 768.530321][ C0] br_flood+0xa8e/0xf90 [ 768.530321][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 768.530321][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 768.530321][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 768.530321][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 768.530321][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 768.530321][ C0] br_handle_frame+0xcd2/0x2050 [ 768.530321][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 768.530321][ C0] process_backlog+0x936/0x1410 [ 768.530321][ C0] net_rx_action+0x786/0x1aa0 [ 768.530321][ C0] __do_softirq+0x311/0x83d [ 768.530321][ C0] [ 768.530321][ C0] Uninit was stored to memory at: [ 768.530321][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 768.530321][ C0] __msan_chain_origin+0x50/0x90 [ 768.530321][ C0] __skb_clone+0x863/0x970 [ 768.530321][ C0] skb_clone+0x404/0x5d0 [ 768.530321][ C0] br_flood+0xd14/0xf90 [ 768.530321][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 768.530321][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 768.530321][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 768.700172][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 768.700172][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 768.700172][ C0] br_handle_frame+0xcd2/0x2050 [ 768.700172][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 768.700172][ C0] process_backlog+0x936/0x1410 [ 768.700172][ C0] net_rx_action+0x786/0x1aa0 [ 768.700172][ C0] __do_softirq+0x311/0x83d [ 768.700172][ C0] [ 768.700172][ C0] Uninit was stored to memory at: [ 768.700172][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 768.700172][ C0] __msan_chain_origin+0x50/0x90 [ 768.700172][ C0] skb_clone+0x486/0x5d0 [ 768.700172][ C0] br_flood+0xd14/0xf90 [ 768.700172][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 768.700172][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 768.700172][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 768.700172][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 768.700172][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 768.700172][ C0] br_handle_frame+0xcd2/0x2050 [ 768.700172][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 768.700172][ C0] process_backlog+0x936/0x1410 [ 768.700172][ C0] net_rx_action+0x786/0x1aa0 [ 768.700172][ C0] __do_softirq+0x311/0x83d [ 768.700172][ C0] [ 768.700172][ C0] Uninit was created at: [ 768.700172][ C0] kmsan_internal_poison_shadow+0x66/0xd0 [ 768.700172][ C0] kmsan_slab_alloc+0x8a/0xe0 [ 768.700172][ C0] kmem_cache_alloc+0x711/0xd70 [ 768.700172][ C0] skb_clone+0x328/0x5d0 [ 768.700172][ C0] br_flood+0xd14/0xf90 [ 768.700172][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 768.700172][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 768.700172][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 768.700172][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 768.700172][ C0] br_nf_pre_routing+0xd0e/0x1fd0 00:14:15 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, 0x0, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:14:15 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:14:15 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, 0x0, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:14:15 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:14:15 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 768.700172][ C0] br_handle_frame+0xcd2/0x2050 [ 768.700172][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 768.700172][ C0] process_backlog+0x936/0x1410 [ 768.700172][ C0] net_rx_action+0x786/0x1aa0 [ 768.700172][ C0] __do_softirq+0x311/0x83d 00:14:15 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, 0x0, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 769.103748][T13943] binder: 13932:13943 ioctl c0306201 20000280 returned -14 [ 769.137996][T13943] binder: 13932:13943 ioctl c0306201 20000540 returned -14 00:14:15 executing program 5: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:14:15 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, 0x0, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 770.095355][ C0] bridge0: received packet on geneve0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 771.076050][T13971] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 771.108006][T13971] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 775.071064][ C0] not chained 530000 origins [ 775.075810][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.6.0-rc7-syzkaller #0 [ 775.078908][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 775.078908][ C0] Call Trace: [ 775.078908][ C0] dump_stack+0x1c9/0x220 [ 775.078908][ C0] kmsan_internal_chain_origin+0x6f/0x130 [ 775.078908][ C0] ? kmsan_internal_chain_origin+0xad/0x130 [ 775.078908][ C0] ? __msan_chain_origin+0x50/0x90 [ 775.078908][ C0] ? __skb_clone+0x863/0x970 [ 775.078908][ C0] ? skb_clone+0x404/0x5d0 [ 775.078908][ C0] ? br_flood+0xa8e/0xf90 [ 775.078908][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 775.078908][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 775.078908][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 775.078908][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 775.078908][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 775.078908][ C0] ? br_handle_frame+0xcd2/0x2050 [ 775.078908][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 775.078908][ C0] ? __netif_receive_skb_list_core+0x315/0x1380 [ 775.078908][ C0] ? netif_receive_skb_list_internal+0xf62/0x1620 [ 775.078908][ C0] ? napi_complete_done+0x2ef/0xb60 [ 775.078908][ C0] ? gro_cell_poll+0x3a9/0x400 [ 775.078908][ C0] ? net_rx_action+0x786/0x1aa0 [ 775.078908][ C0] ? __do_softirq+0x311/0x83d [ 775.078908][ C0] ? run_ksoftirqd+0x25/0x40 [ 775.078908][ C0] ? smpboot_thread_fn+0x493/0x980 [ 775.078908][ C0] ? kthread+0x4b5/0x4f0 [ 775.078908][ C0] ? ret_from_fork+0x35/0x40 [ 775.078908][ C0] ? skb_clone+0x486/0x5d0 [ 775.078908][ C0] ? br_flood+0xa8e/0xf90 [ 775.078908][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 775.078908][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 775.078908][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 775.078908][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 775.078908][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 775.078908][ C0] ? br_handle_frame+0xcd2/0x2050 [ 775.078908][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 775.078908][ C0] ? __netif_receive_skb_list_core+0x315/0x1380 [ 775.078908][ C0] ? netif_receive_skb_list_internal+0xf62/0x1620 [ 775.078908][ C0] ? napi_complete_done+0x2ef/0xb60 [ 775.078908][ C0] ? gro_cell_poll+0x3a9/0x400 [ 775.078908][ C0] ? net_rx_action+0x786/0x1aa0 [ 775.078908][ C0] ? __do_softirq+0x311/0x83d [ 775.078908][ C0] ? kmsan_memcpy_memmove_metadata+0x10c/0x2e0 [ 775.078908][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 775.078908][ C0] ? kmsan_set_origin_checked+0x95/0xf0 [ 775.078908][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 775.078908][ C0] __msan_chain_origin+0x50/0x90 [ 775.078908][ C0] __skb_clone+0x939/0x970 [ 775.078908][ C0] skb_clone+0x404/0x5d0 [ 775.078908][ C0] br_flood+0xa8e/0xf90 [ 775.078908][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 775.078908][ C0] ? brport_get_ownership+0xf0/0xf0 [ 775.078908][ C0] ? brport_get_ownership+0xf0/0xf0 [ 775.078908][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 775.078908][ C0] ? brport_get_ownership+0xf0/0xf0 [ 775.078908][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 775.078908][ C0] ? brport_get_ownership+0xf0/0xf0 [ 775.078908][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 775.078908][ C0] ? br_nf_pre_routing_ipv6+0x7f0/0x7f0 [ 775.078908][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 775.078908][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 775.078908][ C0] ? brnf_device_event+0x3c0/0x3c0 [ 775.078908][ C0] br_handle_frame+0xcd2/0x2050 [ 775.078908][ C0] ? brport_get_ownership+0xf0/0xf0 [ 775.078908][ C0] ? br_pass_frame_up+0x9c0/0x9c0 [ 775.078908][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 775.078908][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 775.078908][ C0] __netif_receive_skb_list_core+0x315/0x1380 [ 775.078908][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 775.078908][ C0] netif_receive_skb_list_internal+0xf62/0x1620 [ 775.078908][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 775.078908][ C0] napi_complete_done+0x2ef/0xb60 [ 775.078908][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 775.078908][ C0] gro_cell_poll+0x3a9/0x400 [ 775.078908][ C0] ? gro_cells_init+0x510/0x510 [ 775.078908][ C0] net_rx_action+0x786/0x1aa0 [ 775.078908][ C0] ? net_tx_action+0xc30/0xc30 [ 775.078908][ C0] __do_softirq+0x311/0x83d [ 775.078908][ C0] ? ksoftirqd_should_run+0x30/0x30 [ 775.078908][ C0] ? takeover_tasklets+0x8f0/0x8f0 [ 775.078908][ C0] run_ksoftirqd+0x25/0x40 [ 775.078908][ C0] smpboot_thread_fn+0x493/0x980 [ 775.078908][ C0] kthread+0x4b5/0x4f0 [ 775.078908][ C0] ? cpu_report_death+0x180/0x180 [ 775.078908][ C0] ? kthread_blkcg+0xf0/0xf0 [ 775.078908][ C0] ret_from_fork+0x35/0x40 [ 775.078908][ C0] Uninit was stored to memory at: [ 775.078908][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 775.078908][ C0] __msan_chain_origin+0x50/0x90 [ 775.078908][ C0] __skb_clone+0x939/0x970 [ 775.078908][ C0] skb_clone+0x404/0x5d0 [ 775.078908][ C0] br_flood+0xa8e/0xf90 [ 775.568351][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 775.568351][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 775.568351][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 775.568351][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 775.568351][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 775.568351][ C0] br_handle_frame+0xcd2/0x2050 [ 775.568351][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 775.568351][ C0] __netif_receive_skb_list_core+0x315/0x1380 [ 775.568351][ C0] netif_receive_skb_list_internal+0xf62/0x1620 [ 775.568351][ C0] napi_complete_done+0x2ef/0xb60 [ 775.568351][ C0] gro_cell_poll+0x3a9/0x400 [ 775.568351][ C0] net_rx_action+0x786/0x1aa0 [ 775.568351][ C0] __do_softirq+0x311/0x83d [ 775.568351][ C0] [ 775.568351][ C0] Uninit was stored to memory at: [ 775.568351][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 775.568351][ C0] __msan_chain_origin+0x50/0x90 [ 775.568351][ C0] __skb_clone+0x939/0x970 [ 775.568351][ C0] skb_clone+0x404/0x5d0 [ 775.568351][ C0] br_flood+0xa8e/0xf90 [ 775.568351][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 775.568351][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 775.568351][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 775.568351][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 775.568351][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 775.568351][ C0] br_handle_frame+0xcd2/0x2050 [ 775.568351][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 775.568351][ C0] __netif_receive_skb_list_core+0x315/0x1380 [ 775.568351][ C0] netif_receive_skb_list_internal+0xf62/0x1620 [ 775.568351][ C0] napi_complete_done+0x2ef/0xb60 [ 775.568351][ C0] gro_cell_poll+0x3a9/0x400 [ 775.568351][ C0] net_rx_action+0x786/0x1aa0 [ 775.568351][ C0] __do_softirq+0x311/0x83d [ 775.568351][ C0] [ 775.568351][ C0] Uninit was stored to memory at: [ 775.568351][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 775.568351][ C0] __msan_chain_origin+0x50/0x90 [ 775.568351][ C0] __skb_clone+0x939/0x970 [ 775.568351][ C0] skb_clone+0x404/0x5d0 [ 775.568351][ C0] br_flood+0xa8e/0xf90 [ 775.568351][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 775.568351][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 775.568351][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 775.568351][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 775.568351][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 775.568351][ C0] br_handle_frame+0xcd2/0x2050 [ 775.568351][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 775.568351][ C0] __netif_receive_skb_list_core+0x315/0x1380 [ 775.568351][ C0] netif_receive_skb_list_internal+0xf62/0x1620 [ 775.568351][ C0] napi_complete_done+0x2ef/0xb60 [ 775.568351][ C0] gro_cell_poll+0x3a9/0x400 [ 775.568351][ C0] net_rx_action+0x786/0x1aa0 [ 775.568351][ C0] __do_softirq+0x311/0x83d [ 775.568351][ C0] [ 775.568351][ C0] Uninit was stored to memory at: [ 775.568351][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 775.568351][ C0] __msan_chain_origin+0x50/0x90 [ 775.568351][ C0] __skb_clone+0x939/0x970 [ 775.568351][ C0] skb_clone+0x404/0x5d0 [ 775.568351][ C0] br_flood+0xa8e/0xf90 [ 775.568351][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 775.568351][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 775.568351][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 775.568351][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 775.568351][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 775.568351][ C0] br_handle_frame+0xcd2/0x2050 [ 775.568351][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 775.568351][ C0] __netif_receive_skb_list_core+0x315/0x1380 [ 775.568351][ C0] netif_receive_skb_list_internal+0xf62/0x1620 [ 775.568351][ C0] napi_complete_done+0x2ef/0xb60 [ 775.568351][ C0] gro_cell_poll+0x3a9/0x400 [ 775.568351][ C0] net_rx_action+0x786/0x1aa0 [ 775.568351][ C0] __do_softirq+0x311/0x83d [ 775.568351][ C0] [ 775.568351][ C0] Uninit was stored to memory at: [ 775.568351][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 775.568351][ C0] __msan_chain_origin+0x50/0x90 [ 775.568351][ C0] pskb_expand_head+0x1750/0x1b00 [ 775.568351][ C0] geneve_build_skb+0x4c0/0xe00 [ 775.568351][ C0] geneve_xmit+0x25a3/0x2c20 [ 775.568351][ C0] dev_hard_start_xmit+0x531/0xab0 [ 775.568351][ C0] __dev_queue_xmit+0x2f8d/0x3b20 [ 775.568351][ C0] dev_queue_xmit+0x4b/0x60 [ 775.568351][ C0] br_dev_queue_push_xmit+0x7f5/0x8b0 [ 775.568351][ C0] br_nf_dev_queue_xmit+0x693/0x1910 [ 775.568351][ C0] br_nf_post_routing+0x152e/0x17e0 [ 775.568351][ C0] nf_hook_slow+0x16e/0x400 [ 775.568351][ C0] br_forward_finish+0x24a/0x3f0 [ 775.568351][ C0] br_nf_forward_finish+0xf47/0x11a0 [ 775.568351][ C0] br_nf_forward_ip+0x1d4e/0x1f30 [ 775.568351][ C0] nf_hook_slow+0x16e/0x400 [ 775.568351][ C0] __br_forward+0x75c/0xe30 [ 775.568351][ C0] br_flood+0xb0b/0xf90 [ 775.568351][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 775.568351][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 775.568351][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 775.568351][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 775.568351][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 775.568351][ C0] br_handle_frame+0xcd2/0x2050 [ 775.568351][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 775.568351][ C0] process_backlog+0x936/0x1410 [ 775.568351][ C0] net_rx_action+0x786/0x1aa0 [ 775.568351][ C0] __do_softirq+0x311/0x83d [ 775.568351][ C0] [ 775.568351][ C0] Uninit was stored to memory at: [ 775.568351][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 775.568351][ C0] __msan_chain_origin+0x50/0x90 [ 775.568351][ C0] __skb_clone+0x863/0x970 [ 775.568351][ C0] skb_clone+0x404/0x5d0 [ 775.568351][ C0] br_flood+0xa8e/0xf90 [ 775.568351][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 775.568351][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 775.568351][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 775.568351][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 775.568351][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 775.568351][ C0] br_handle_frame+0xcd2/0x2050 [ 775.568351][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 775.568351][ C0] process_backlog+0x936/0x1410 [ 775.568351][ C0] net_rx_action+0x786/0x1aa0 [ 775.568351][ C0] __do_softirq+0x311/0x83d [ 775.568351][ C0] [ 775.568351][ C0] Uninit was stored to memory at: [ 775.568351][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 775.568351][ C0] __msan_chain_origin+0x50/0x90 [ 775.568351][ C0] skb_clone+0x486/0x5d0 [ 775.568351][ C0] br_flood+0xa8e/0xf90 [ 775.568351][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 775.568351][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 775.568351][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 775.568351][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 775.568351][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 775.568351][ C0] br_handle_frame+0xcd2/0x2050 [ 775.568351][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 775.568351][ C0] process_backlog+0x936/0x1410 [ 775.568351][ C0] net_rx_action+0x786/0x1aa0 [ 775.568351][ C0] __do_softirq+0x311/0x83d [ 775.568351][ C0] [ 775.568351][ C0] Uninit was created at: [ 775.568351][ C0] kmsan_internal_poison_shadow+0x66/0xd0 [ 775.568351][ C0] kmsan_slab_alloc+0x8a/0xe0 [ 775.568351][ C0] kmem_cache_alloc+0x711/0xd70 [ 775.568351][ C0] skb_clone+0x328/0x5d0 [ 775.568351][ C0] br_flood+0xa8e/0xf90 [ 775.568351][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 775.568351][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 775.568351][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 775.568351][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 775.568351][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 775.568351][ C0] br_handle_frame+0xcd2/0x2050 [ 775.568351][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 775.568351][ C0] process_backlog+0x936/0x1410 [ 775.568351][ C0] net_rx_action+0x786/0x1aa0 [ 775.568351][ C0] __do_softirq+0x311/0x83d 00:14:26 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7}}) close(r0) write$tun(0xffffffffffffffff, 0x0, 0x0) 00:14:26 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:14:26 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:14:26 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) [ 781.417012][ C0] not chained 540000 origins [ 781.418867][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.6.0-rc7-syzkaller #0 [ 781.418867][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 781.418867][ C0] Call Trace: [ 781.418867][ C0] dump_stack+0x1c9/0x220 [ 781.418867][ C0] kmsan_internal_chain_origin+0x6f/0x130 [ 781.418867][ C0] ? kmsan_internal_chain_origin+0xad/0x130 [ 781.418867][ C0] ? __msan_chain_origin+0x50/0x90 [ 781.418867][ C0] ? __skb_clone+0x863/0x970 [ 781.418867][ C0] ? skb_clone+0x404/0x5d0 [ 781.418867][ C0] ? br_flood+0xd14/0xf90 [ 781.418867][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 781.418867][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 781.418867][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 781.418867][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 781.418867][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 781.418867][ C0] ? br_handle_frame+0xcd2/0x2050 [ 781.418867][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 781.418867][ C0] ? process_backlog+0x936/0x1410 [ 781.418867][ C0] ? net_rx_action+0x786/0x1aa0 [ 781.418867][ C0] ? __do_softirq+0x311/0x83d [ 781.418867][ C0] ? run_ksoftirqd+0x25/0x40 [ 781.418867][ C0] ? smpboot_thread_fn+0x493/0x980 [ 781.418867][ C0] ? kthread+0x4b5/0x4f0 [ 781.418867][ C0] ? ret_from_fork+0x35/0x40 [ 781.418867][ C0] ? __msan_chain_origin+0x50/0x90 [ 781.418867][ C0] ? skb_clone+0x486/0x5d0 [ 781.567632][ C0] ? br_flood+0xd14/0xf90 [ 781.567632][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 781.567632][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 781.567632][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 781.567632][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 781.567632][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 781.567632][ C0] ? br_handle_frame+0xcd2/0x2050 [ 781.567632][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 781.567632][ C0] ? process_backlog+0x936/0x1410 [ 781.567632][ C0] ? net_rx_action+0x786/0x1aa0 [ 781.567632][ C0] ? __do_softirq+0x311/0x83d [ 781.567632][ C0] ? run_ksoftirqd+0x25/0x40 [ 781.567632][ C0] ? smpboot_thread_fn+0x493/0x980 [ 781.567632][ C0] ? kthread+0x4b5/0x4f0 [ 781.567632][ C0] ? ret_from_fork+0x35/0x40 [ 781.567632][ C0] ? kmsan_memcpy_memmove_metadata+0x10c/0x2e0 [ 781.567632][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 781.567632][ C0] ? kmsan_set_origin_checked+0x95/0xf0 [ 781.567632][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 781.567632][ C0] __msan_chain_origin+0x50/0x90 [ 781.567632][ C0] __skb_clone+0x939/0x970 [ 781.567632][ C0] skb_clone+0x404/0x5d0 [ 781.567632][ C0] br_flood+0xd14/0xf90 [ 781.567632][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 781.567632][ C0] ? brport_get_ownership+0xf0/0xf0 [ 781.567632][ C0] ? brport_get_ownership+0xf0/0xf0 [ 781.567632][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 781.567632][ C0] ? brport_get_ownership+0xf0/0xf0 [ 781.567632][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 781.567632][ C0] ? brport_get_ownership+0xf0/0xf0 [ 781.567632][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 781.567632][ C0] ? br_nf_pre_routing_ipv6+0x7f0/0x7f0 [ 781.567632][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 781.567632][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 781.567632][ C0] ? brnf_device_event+0x3c0/0x3c0 [ 781.567632][ C0] br_handle_frame+0xcd2/0x2050 [ 781.567632][ C0] ? brport_get_ownership+0xf0/0xf0 [ 781.567632][ C0] ? br_pass_frame_up+0x9c0/0x9c0 [ 781.567632][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 781.567632][ C0] ? __msan_poison_alloca+0xf0/0x120 [ 781.567632][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 781.567632][ C0] process_backlog+0x936/0x1410 [ 781.567632][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 781.567632][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 781.567632][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 781.567632][ C0] ? rps_trigger_softirq+0x2e0/0x2e0 [ 781.567632][ C0] net_rx_action+0x786/0x1aa0 [ 781.567632][ C0] ? net_tx_action+0xc30/0xc30 [ 781.567632][ C0] __do_softirq+0x311/0x83d [ 781.567632][ C0] ? ksoftirqd_should_run+0x30/0x30 [ 781.567632][ C0] ? takeover_tasklets+0x8f0/0x8f0 [ 781.567632][ C0] run_ksoftirqd+0x25/0x40 [ 781.567632][ C0] smpboot_thread_fn+0x493/0x980 [ 781.567632][ C0] kthread+0x4b5/0x4f0 [ 781.567632][ C0] ? cpu_report_death+0x180/0x180 [ 781.567632][ C0] ? kthread_blkcg+0xf0/0xf0 [ 781.567632][ C0] ret_from_fork+0x35/0x40 [ 781.567632][ C0] Uninit was stored to memory at: [ 781.567632][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 781.567632][ C0] __msan_chain_origin+0x50/0x90 [ 781.567632][ C0] __skb_clone+0x939/0x970 [ 781.567632][ C0] skb_clone+0x404/0x5d0 [ 781.567632][ C0] br_flood+0xa8e/0xf90 [ 781.567632][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 781.567632][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 781.567632][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 781.567632][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 781.567632][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 781.567632][ C0] br_handle_frame+0xcd2/0x2050 [ 781.567632][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 781.567632][ C0] process_backlog+0x936/0x1410 [ 781.567632][ C0] net_rx_action+0x786/0x1aa0 [ 781.567632][ C0] __do_softirq+0x311/0x83d [ 781.567632][ C0] [ 781.567632][ C0] Uninit was stored to memory at: [ 781.567632][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 781.567632][ C0] __msan_chain_origin+0x50/0x90 [ 781.567632][ C0] __skb_clone+0x939/0x970 [ 781.567632][ C0] skb_clone+0x404/0x5d0 [ 781.567632][ C0] br_flood+0xa8e/0xf90 [ 781.567632][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 781.567632][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 781.567632][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 781.567632][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 781.567632][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 781.567632][ C0] br_handle_frame+0xcd2/0x2050 [ 781.567632][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 781.567632][ C0] process_backlog+0x936/0x1410 [ 781.567632][ C0] net_rx_action+0x786/0x1aa0 [ 781.567632][ C0] __do_softirq+0x311/0x83d [ 781.567632][ C0] [ 781.567632][ C0] Uninit was stored to memory at: [ 781.567632][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 781.567632][ C0] __msan_chain_origin+0x50/0x90 [ 781.567632][ C0] __skb_clone+0x939/0x970 [ 781.567632][ C0] skb_clone+0x404/0x5d0 [ 781.567632][ C0] br_flood+0xa8e/0xf90 [ 781.567632][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 781.567632][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 781.567632][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 781.567632][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 781.567632][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 781.567632][ C0] br_handle_frame+0xcd2/0x2050 [ 781.567632][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 781.567632][ C0] process_backlog+0x936/0x1410 [ 781.567632][ C0] net_rx_action+0x786/0x1aa0 [ 781.567632][ C0] __do_softirq+0x311/0x83d [ 781.567632][ C0] [ 781.567632][ C0] Uninit was stored to memory at: [ 781.567632][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 781.567632][ C0] __msan_chain_origin+0x50/0x90 [ 781.567632][ C0] __skb_clone+0x939/0x970 [ 781.567632][ C0] skb_clone+0x404/0x5d0 [ 781.567632][ C0] br_flood+0xa8e/0xf90 [ 781.567632][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 781.567632][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 781.567632][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 781.567632][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 781.567632][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 781.567632][ C0] br_handle_frame+0xcd2/0x2050 [ 781.567632][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 781.567632][ C0] process_backlog+0x936/0x1410 [ 781.567632][ C0] net_rx_action+0x786/0x1aa0 [ 781.567632][ C0] __do_softirq+0x311/0x83d [ 781.567632][ C0] [ 781.567632][ C0] Uninit was stored to memory at: [ 781.567632][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 781.567632][ C0] __msan_chain_origin+0x50/0x90 [ 781.567632][ C0] __skb_clone+0x939/0x970 [ 781.567632][ C0] skb_clone+0x404/0x5d0 [ 781.567632][ C0] br_flood+0xa8e/0xf90 [ 781.567632][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 781.567632][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 781.567632][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 781.567632][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 781.567632][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 781.567632][ C0] br_handle_frame+0xcd2/0x2050 [ 781.567632][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 781.567632][ C0] process_backlog+0x936/0x1410 [ 781.567632][ C0] net_rx_action+0x786/0x1aa0 [ 781.567632][ C0] __do_softirq+0x311/0x83d [ 781.567632][ C0] [ 781.567632][ C0] Uninit was stored to memory at: [ 781.567632][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 781.567632][ C0] __msan_chain_origin+0x50/0x90 [ 781.567632][ C0] __skb_clone+0x863/0x970 [ 781.567632][ C0] skb_clone+0x404/0x5d0 [ 781.567632][ C0] br_flood+0xa8e/0xf90 [ 781.567632][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 781.567632][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 781.567632][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 781.567632][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 781.567632][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 781.567632][ C0] br_handle_frame+0xcd2/0x2050 [ 781.567632][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 781.567632][ C0] process_backlog+0x936/0x1410 [ 781.567632][ C0] net_rx_action+0x786/0x1aa0 [ 781.567632][ C0] __do_softirq+0x311/0x83d [ 781.567632][ C0] [ 781.567632][ C0] Uninit was stored to memory at: [ 781.567632][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 781.567632][ C0] __msan_chain_origin+0x50/0x90 [ 781.567632][ C0] skb_clone+0x486/0x5d0 [ 781.567632][ C0] br_flood+0xa8e/0xf90 [ 781.567632][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 781.567632][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 781.567632][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 781.567632][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 781.567632][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 781.567632][ C0] br_handle_frame+0xcd2/0x2050 [ 781.567632][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 781.567632][ C0] process_backlog+0x936/0x1410 [ 781.567632][ C0] net_rx_action+0x786/0x1aa0 [ 781.567632][ C0] __do_softirq+0x311/0x83d [ 781.567632][ C0] [ 781.567632][ C0] Uninit was created at: [ 781.567632][ C0] kmsan_internal_poison_shadow+0x66/0xd0 [ 781.567632][ C0] kmsan_slab_alloc+0x8a/0xe0 [ 781.567632][ C0] kmem_cache_alloc+0x711/0xd70 [ 781.567632][ C0] skb_clone+0x328/0x5d0 [ 781.567632][ C0] br_flood+0xa8e/0xf90 [ 781.567632][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 781.567632][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 781.567632][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 781.567632][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 781.567632][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 781.567632][ C0] br_handle_frame+0xcd2/0x2050 [ 781.567632][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 781.567632][ C0] process_backlog+0x936/0x1410 [ 781.567632][ C0] net_rx_action+0x786/0x1aa0 [ 781.567632][ C0] __do_softirq+0x311/0x83d [ 786.922632][ C0] not chained 550000 origins [ 786.927308][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.6.0-rc7-syzkaller #0 [ 786.928882][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 786.928882][ C0] Call Trace: [ 786.928882][ C0] dump_stack+0x1c9/0x220 [ 786.928882][ C0] kmsan_internal_chain_origin+0x6f/0x130 [ 786.928882][ C0] ? kmsan_internal_chain_origin+0xad/0x130 [ 786.928882][ C0] ? __msan_chain_origin+0x50/0x90 [ 786.928882][ C0] ? __skb_clone+0x863/0x970 [ 786.928882][ C0] ? skb_clone+0x404/0x5d0 [ 786.928882][ C0] ? br_flood+0xd14/0xf90 [ 786.928882][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 786.928882][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 786.928882][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 786.928882][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 786.928882][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 786.928882][ C0] ? br_handle_frame+0xcd2/0x2050 [ 786.928882][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 786.928882][ C0] ? process_backlog+0x936/0x1410 [ 786.928882][ C0] ? net_rx_action+0x786/0x1aa0 [ 786.928882][ C0] ? __do_softirq+0x311/0x83d [ 786.928882][ C0] ? run_ksoftirqd+0x25/0x40 [ 786.928882][ C0] ? smpboot_thread_fn+0x493/0x980 [ 786.928882][ C0] ? kthread+0x4b5/0x4f0 [ 786.928882][ C0] ? ret_from_fork+0x35/0x40 [ 786.928882][ C0] ? __msan_chain_origin+0x50/0x90 [ 786.928882][ C0] ? skb_clone+0x486/0x5d0 [ 786.928882][ C0] ? br_flood+0xd14/0xf90 [ 786.928882][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 786.928882][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 786.928882][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 786.928882][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 786.928882][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 786.928882][ C0] ? br_handle_frame+0xcd2/0x2050 [ 786.928882][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 786.928882][ C0] ? process_backlog+0x936/0x1410 [ 786.928882][ C0] ? net_rx_action+0x786/0x1aa0 [ 786.928882][ C0] ? __do_softirq+0x311/0x83d [ 786.928882][ C0] ? run_ksoftirqd+0x25/0x40 [ 786.928882][ C0] ? smpboot_thread_fn+0x493/0x980 [ 786.928882][ C0] ? kthread+0x4b5/0x4f0 [ 786.928882][ C0] ? ret_from_fork+0x35/0x40 [ 786.928882][ C0] ? kmsan_memcpy_memmove_metadata+0x10c/0x2e0 [ 786.928882][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 786.928882][ C0] ? kmsan_set_origin_checked+0x95/0xf0 [ 786.928882][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 786.928882][ C0] __msan_chain_origin+0x50/0x90 [ 786.928882][ C0] __skb_clone+0x939/0x970 [ 786.928882][ C0] skb_clone+0x404/0x5d0 [ 786.928882][ C0] br_flood+0xd14/0xf90 [ 786.928882][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 786.928882][ C0] ? brport_get_ownership+0xf0/0xf0 [ 786.928882][ C0] ? brport_get_ownership+0xf0/0xf0 [ 786.928882][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 786.928882][ C0] ? brport_get_ownership+0xf0/0xf0 [ 786.928882][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 786.928882][ C0] ? brport_get_ownership+0xf0/0xf0 [ 786.928882][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 786.928882][ C0] ? br_nf_pre_routing_ipv6+0x7f0/0x7f0 [ 786.928882][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 786.928882][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 786.928882][ C0] ? brnf_device_event+0x3c0/0x3c0 [ 786.928882][ C0] br_handle_frame+0xcd2/0x2050 [ 786.928882][ C0] ? brport_get_ownership+0xf0/0xf0 [ 786.928882][ C0] ? br_pass_frame_up+0x9c0/0x9c0 [ 786.928882][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 786.928882][ C0] ? __msan_poison_alloca+0xf0/0x120 [ 786.928882][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 786.928882][ C0] process_backlog+0x936/0x1410 [ 786.928882][ C0] ? ip_local_deliver_finish+0x350/0x350 [ 786.928882][ C0] ? rps_trigger_softirq+0x2e0/0x2e0 [ 786.928882][ C0] net_rx_action+0x786/0x1aa0 [ 786.928882][ C0] ? net_tx_action+0xc30/0xc30 [ 786.928882][ C0] __do_softirq+0x311/0x83d [ 786.928882][ C0] ? ksoftirqd_should_run+0x30/0x30 [ 786.928882][ C0] ? takeover_tasklets+0x8f0/0x8f0 [ 786.928882][ C0] run_ksoftirqd+0x25/0x40 [ 786.928882][ C0] smpboot_thread_fn+0x493/0x980 [ 786.928882][ C0] kthread+0x4b5/0x4f0 [ 786.928882][ C0] ? cpu_report_death+0x180/0x180 [ 786.928882][ C0] ? kthread_blkcg+0xf0/0xf0 [ 786.928882][ C0] ret_from_fork+0x35/0x40 [ 786.928882][ C0] Uninit was stored to memory at: [ 786.928882][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 786.928882][ C0] __msan_chain_origin+0x50/0x90 [ 786.928882][ C0] __skb_clone+0x939/0x970 [ 786.928882][ C0] skb_clone+0x404/0x5d0 [ 786.928882][ C0] br_flood+0xa8e/0xf90 [ 786.928882][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 786.928882][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 786.928882][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 786.928882][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 786.928882][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 786.928882][ C0] br_handle_frame+0xcd2/0x2050 [ 786.928882][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 786.928882][ C0] process_backlog+0x936/0x1410 [ 786.928882][ C0] net_rx_action+0x786/0x1aa0 [ 786.928882][ C0] __do_softirq+0x311/0x83d [ 786.928882][ C0] [ 786.928882][ C0] Uninit was stored to memory at: [ 786.928882][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 786.928882][ C0] __msan_chain_origin+0x50/0x90 [ 786.928882][ C0] __skb_clone+0x939/0x970 [ 786.928882][ C0] skb_clone+0x404/0x5d0 [ 786.928882][ C0] br_flood+0xa8e/0xf90 [ 786.928882][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 786.928882][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 786.928882][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 786.928882][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 786.928882][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 786.928882][ C0] br_handle_frame+0xcd2/0x2050 [ 786.928882][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 786.928882][ C0] process_backlog+0x936/0x1410 [ 786.928882][ C0] net_rx_action+0x786/0x1aa0 [ 786.928882][ C0] __do_softirq+0x311/0x83d [ 786.928882][ C0] [ 786.928882][ C0] Uninit was stored to memory at: [ 786.928882][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 786.928882][ C0] __msan_chain_origin+0x50/0x90 [ 786.928882][ C0] __skb_clone+0x939/0x970 [ 786.928882][ C0] skb_clone+0x404/0x5d0 [ 786.928882][ C0] br_flood+0xa8e/0xf90 [ 786.928882][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 786.928882][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 786.928882][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 786.928882][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 786.928882][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 786.928882][ C0] br_handle_frame+0xcd2/0x2050 [ 786.928882][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 786.928882][ C0] process_backlog+0x936/0x1410 [ 786.928882][ C0] net_rx_action+0x786/0x1aa0 [ 786.928882][ C0] __do_softirq+0x311/0x83d [ 786.928882][ C0] [ 786.928882][ C0] Uninit was stored to memory at: [ 786.928882][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 786.928882][ C0] __msan_chain_origin+0x50/0x90 [ 787.611931][ C0] __skb_clone+0x939/0x970 [ 787.611931][ C0] skb_clone+0x404/0x5d0 [ 787.611931][ C0] br_flood+0xa8e/0xf90 [ 787.611931][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 787.611931][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 787.611931][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 787.611931][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 787.611931][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 787.611931][ C0] br_handle_frame+0xcd2/0x2050 [ 787.611931][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 787.611931][ C0] process_backlog+0x936/0x1410 [ 787.611931][ C0] net_rx_action+0x786/0x1aa0 [ 787.611931][ C0] __do_softirq+0x311/0x83d [ 787.611931][ C0] [ 787.611931][ C0] Uninit was stored to memory at: [ 787.611931][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 787.611931][ C0] __msan_chain_origin+0x50/0x90 [ 787.611931][ C0] __skb_clone+0x939/0x970 [ 787.611931][ C0] skb_clone+0x404/0x5d0 [ 787.611931][ C0] br_flood+0xa8e/0xf90 [ 787.611931][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 787.611931][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 787.611931][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 787.611931][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 787.611931][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 787.611931][ C0] br_handle_frame+0xcd2/0x2050 [ 787.611931][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 787.611931][ C0] process_backlog+0x936/0x1410 [ 787.611931][ C0] net_rx_action+0x786/0x1aa0 [ 787.611931][ C0] __do_softirq+0x311/0x83d [ 787.611931][ C0] [ 787.611931][ C0] Uninit was stored to memory at: [ 787.611931][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 787.611931][ C0] __msan_chain_origin+0x50/0x90 [ 787.611931][ C0] __skb_clone+0x863/0x970 [ 787.611931][ C0] skb_clone+0x404/0x5d0 [ 787.611931][ C0] br_flood+0xa8e/0xf90 [ 787.611931][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 787.611931][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 787.611931][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 787.611931][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 787.611931][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 787.611931][ C0] br_handle_frame+0xcd2/0x2050 [ 787.611931][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 787.611931][ C0] process_backlog+0x936/0x1410 [ 787.611931][ C0] net_rx_action+0x786/0x1aa0 [ 787.611931][ C0] __do_softirq+0x311/0x83d [ 787.611931][ C0] [ 787.611931][ C0] Uninit was stored to memory at: [ 787.611931][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 787.611931][ C0] __msan_chain_origin+0x50/0x90 [ 787.611931][ C0] skb_clone+0x486/0x5d0 [ 787.611931][ C0] br_flood+0xa8e/0xf90 [ 787.611931][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 787.611931][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 787.611931][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 787.611931][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 787.611931][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 787.611931][ C0] br_handle_frame+0xcd2/0x2050 [ 787.611931][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 787.611931][ C0] process_backlog+0x936/0x1410 [ 787.611931][ C0] net_rx_action+0x786/0x1aa0 [ 787.611931][ C0] __do_softirq+0x311/0x83d [ 787.611931][ C0] [ 787.611931][ C0] Uninit was created at: [ 787.611931][ C0] kmsan_internal_poison_shadow+0x66/0xd0 [ 787.611931][ C0] kmsan_slab_alloc+0x8a/0xe0 [ 787.611931][ C0] kmem_cache_alloc+0x711/0xd70 [ 787.611931][ C0] skb_clone+0x328/0x5d0 [ 787.611931][ C0] br_flood+0xa8e/0xf90 [ 787.611931][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 787.611931][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 787.611931][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 787.611931][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 787.611931][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 787.611931][ C0] br_handle_frame+0xcd2/0x2050 [ 787.611931][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 787.611931][ C0] process_backlog+0x936/0x1410 [ 787.611931][ C0] net_rx_action+0x786/0x1aa0 [ 787.611931][ C0] __do_softirq+0x311/0x83d [ 792.315028][ C1] not chained 560000 origins [ 792.318912][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.6.0-rc7-syzkaller #0 [ 792.318912][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 792.318912][ C1] Call Trace: [ 792.318912][ C1] dump_stack+0x1c9/0x220 [ 792.318912][ C1] kmsan_internal_chain_origin+0x6f/0x130 [ 792.318912][ C1] ? kmsan_internal_chain_origin+0xad/0x130 [ 792.318912][ C1] ? __msan_chain_origin+0x50/0x90 [ 792.318912][ C1] ? __skb_clone+0x863/0x970 [ 792.318912][ C1] ? skb_clone+0x404/0x5d0 [ 792.318912][ C1] ? br_flood+0xa8e/0xf90 [ 792.318912][ C1] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 792.318912][ C1] ? br_nf_hook_thresh+0x4f7/0x680 [ 792.318912][ C1] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 792.318912][ C1] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 792.318912][ C1] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 792.318912][ C1] ? br_handle_frame+0xcd2/0x2050 [ 792.318912][ C1] ? __netif_receive_skb_core+0x21de/0x5840 [ 792.318912][ C1] ? __netif_receive_skb_list_core+0x315/0x1380 [ 792.318912][ C1] ? netif_receive_skb_list_internal+0xf62/0x1620 [ 792.318912][ C1] ? napi_complete_done+0x2ef/0xb60 [ 792.318912][ C1] ? gro_cell_poll+0x3a9/0x400 [ 792.318912][ C1] ? net_rx_action+0x786/0x1aa0 [ 792.318912][ C1] ? __do_softirq+0x311/0x83d [ 792.318912][ C1] ? run_ksoftirqd+0x25/0x40 [ 792.318912][ C1] ? smpboot_thread_fn+0x493/0x980 [ 792.318912][ C1] ? kthread+0x4b5/0x4f0 [ 792.318912][ C1] ? ret_from_fork+0x35/0x40 [ 792.318912][ C1] ? skb_clone+0x486/0x5d0 [ 792.318912][ C1] ? br_flood+0xa8e/0xf90 [ 792.318912][ C1] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 792.318912][ C1] ? br_nf_hook_thresh+0x4f7/0x680 [ 792.318912][ C1] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 792.318912][ C1] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 792.318912][ C1] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 792.318912][ C1] ? br_handle_frame+0xcd2/0x2050 [ 792.318912][ C1] ? __netif_receive_skb_core+0x21de/0x5840 [ 792.318912][ C1] ? __netif_receive_skb_list_core+0x315/0x1380 [ 792.318912][ C1] ? netif_receive_skb_list_internal+0xf62/0x1620 [ 792.318912][ C1] ? napi_complete_done+0x2ef/0xb60 [ 792.318912][ C1] ? gro_cell_poll+0x3a9/0x400 [ 792.318912][ C1] ? net_rx_action+0x786/0x1aa0 [ 792.318912][ C1] ? __do_softirq+0x311/0x83d [ 792.318912][ C1] ? kmsan_memcpy_memmove_metadata+0x10c/0x2e0 [ 792.318912][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 792.318912][ C1] ? kmsan_set_origin_checked+0x95/0xf0 [ 792.318912][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 792.318912][ C1] __msan_chain_origin+0x50/0x90 [ 792.318912][ C1] __skb_clone+0x939/0x970 [ 792.318912][ C1] skb_clone+0x404/0x5d0 [ 792.318912][ C1] br_flood+0xa8e/0xf90 [ 792.318912][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 792.318912][ C1] ? brport_get_ownership+0xf0/0xf0 [ 792.318912][ C1] ? brport_get_ownership+0xf0/0xf0 [ 792.318912][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 792.318912][ C1] ? brport_get_ownership+0xf0/0xf0 [ 792.318912][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 792.318912][ C1] ? brport_get_ownership+0xf0/0xf0 [ 792.318912][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 792.318912][ C1] ? br_nf_pre_routing_ipv6+0x7f0/0x7f0 [ 792.318912][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 792.318912][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 792.318912][ C1] ? brnf_device_event+0x3c0/0x3c0 [ 792.318912][ C1] br_handle_frame+0xcd2/0x2050 [ 792.318912][ C1] ? brport_get_ownership+0xf0/0xf0 [ 792.318912][ C1] ? br_pass_frame_up+0x9c0/0x9c0 [ 792.318912][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 792.318912][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 792.318912][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 792.318912][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 792.318912][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 792.318912][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 792.318912][ C1] napi_complete_done+0x2ef/0xb60 [ 792.318912][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 792.318912][ C1] gro_cell_poll+0x3a9/0x400 [ 792.318912][ C1] ? gro_cells_init+0x510/0x510 [ 792.318912][ C1] net_rx_action+0x786/0x1aa0 [ 792.318912][ C1] ? net_tx_action+0xc30/0xc30 [ 792.318912][ C1] __do_softirq+0x311/0x83d [ 792.318912][ C1] ? ksoftirqd_should_run+0x30/0x30 [ 792.318912][ C1] ? takeover_tasklets+0x8f0/0x8f0 [ 792.318912][ C1] run_ksoftirqd+0x25/0x40 [ 792.318912][ C1] smpboot_thread_fn+0x493/0x980 [ 792.318912][ C1] kthread+0x4b5/0x4f0 [ 792.318912][ C1] ? cpu_report_death+0x180/0x180 [ 792.318912][ C1] ? kthread_blkcg+0xf0/0xf0 [ 792.318912][ C1] ret_from_fork+0x35/0x40 [ 792.318912][ C1] Uninit was stored to memory at: [ 792.318912][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 792.318912][ C1] __msan_chain_origin+0x50/0x90 [ 792.318912][ C1] __skb_clone+0x939/0x970 [ 792.318912][ C1] skb_clone+0x404/0x5d0 [ 792.318912][ C1] br_flood+0xa8e/0xf90 [ 792.318912][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 792.318912][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 792.318912][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 792.318912][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 792.318912][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 792.318912][ C1] br_handle_frame+0xcd2/0x2050 [ 792.318912][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 792.318912][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 792.318912][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 792.318912][ C1] napi_complete_done+0x2ef/0xb60 [ 792.318912][ C1] gro_cell_poll+0x3a9/0x400 [ 792.318912][ C1] net_rx_action+0x786/0x1aa0 [ 792.318912][ C1] __do_softirq+0x311/0x83d [ 792.318912][ C1] [ 792.318912][ C1] Uninit was stored to memory at: [ 792.318912][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 792.318912][ C1] __msan_chain_origin+0x50/0x90 [ 792.318912][ C1] __skb_clone+0x939/0x970 [ 792.318912][ C1] skb_clone+0x404/0x5d0 [ 792.318912][ C1] br_flood+0xa8e/0xf90 [ 792.318912][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 792.318912][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 792.318912][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 792.318912][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 792.318912][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 792.318912][ C1] br_handle_frame+0xcd2/0x2050 [ 792.318912][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 792.318912][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 792.318912][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 792.318912][ C1] napi_complete_done+0x2ef/0xb60 [ 792.318912][ C1] gro_cell_poll+0x3a9/0x400 [ 792.318912][ C1] net_rx_action+0x786/0x1aa0 [ 792.318912][ C1] __do_softirq+0x311/0x83d [ 792.318912][ C1] [ 792.318912][ C1] Uninit was stored to memory at: [ 792.318912][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 792.318912][ C1] __msan_chain_origin+0x50/0x90 [ 792.318912][ C1] __skb_clone+0x939/0x970 [ 792.318912][ C1] skb_clone+0x404/0x5d0 [ 792.318912][ C1] br_flood+0xa8e/0xf90 [ 792.318912][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 792.318912][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 792.318912][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 792.318912][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 792.318912][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 792.318912][ C1] br_handle_frame+0xcd2/0x2050 [ 792.318912][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 792.318912][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 792.318912][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 792.318912][ C1] napi_complete_done+0x2ef/0xb60 [ 792.318912][ C1] gro_cell_poll+0x3a9/0x400 [ 792.318912][ C1] net_rx_action+0x786/0x1aa0 [ 792.318912][ C1] __do_softirq+0x311/0x83d [ 792.318912][ C1] [ 792.318912][ C1] Uninit was stored to memory at: [ 792.318912][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 792.318912][ C1] __msan_chain_origin+0x50/0x90 [ 792.318912][ C1] __skb_clone+0x939/0x970 [ 792.318912][ C1] skb_clone+0x404/0x5d0 [ 792.318912][ C1] br_flood+0xa8e/0xf90 [ 792.318912][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 792.318912][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 792.318912][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 792.318912][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 792.318912][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 792.318912][ C1] br_handle_frame+0xcd2/0x2050 [ 792.318912][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 792.318912][ C1] __netif_receive_skb_list_core+0x315/0x1380 [ 792.318912][ C1] netif_receive_skb_list_internal+0xf62/0x1620 [ 792.318912][ C1] napi_complete_done+0x2ef/0xb60 [ 792.318912][ C1] gro_cell_poll+0x3a9/0x400 [ 792.318912][ C1] net_rx_action+0x786/0x1aa0 [ 792.318912][ C1] __do_softirq+0x311/0x83d [ 792.318912][ C1] [ 792.318912][ C1] Uninit was stored to memory at: [ 792.318912][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 793.188219][ C1] __msan_chain_origin+0x50/0x90 [ 793.188219][ C1] pskb_expand_head+0x1750/0x1b00 [ 793.188219][ C1] geneve_build_skb+0x4c0/0xe00 [ 793.188219][ C1] geneve_xmit+0x25a3/0x2c20 [ 793.188219][ C1] dev_hard_start_xmit+0x531/0xab0 [ 793.188219][ C1] __dev_queue_xmit+0x2f8d/0x3b20 [ 793.188219][ C1] dev_queue_xmit+0x4b/0x60 [ 793.188219][ C1] br_dev_queue_push_xmit+0x7f5/0x8b0 [ 793.188219][ C1] br_nf_dev_queue_xmit+0x693/0x1910 [ 793.188219][ C1] br_nf_post_routing+0x152e/0x17e0 [ 793.188219][ C1] nf_hook_slow+0x16e/0x400 [ 793.188219][ C1] br_forward_finish+0x24a/0x3f0 [ 793.188219][ C1] br_nf_forward_finish+0xf47/0x11a0 [ 793.188219][ C1] br_nf_forward_ip+0x1d4e/0x1f30 [ 793.188219][ C1] nf_hook_slow+0x16e/0x400 [ 793.188219][ C1] __br_forward+0x75c/0xe30 [ 793.188219][ C1] br_flood+0xb0b/0xf90 [ 793.188219][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 793.188219][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 793.188219][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 793.188219][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 793.188219][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 793.188219][ C1] br_handle_frame+0xcd2/0x2050 [ 793.188219][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 793.188219][ C1] process_backlog+0x936/0x1410 [ 793.188219][ C1] net_rx_action+0x786/0x1aa0 [ 793.188219][ C1] __do_softirq+0x311/0x83d [ 793.188219][ C1] [ 793.188219][ C1] Uninit was stored to memory at: [ 793.188219][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 793.188219][ C1] __msan_chain_origin+0x50/0x90 [ 793.188219][ C1] __skb_clone+0x863/0x970 [ 793.188219][ C1] skb_clone+0x404/0x5d0 [ 793.188219][ C1] br_flood+0xa8e/0xf90 [ 793.188219][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 793.188219][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 793.188219][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 793.188219][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 793.188219][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 793.188219][ C1] br_handle_frame+0xcd2/0x2050 [ 793.188219][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 793.188219][ C1] process_backlog+0x936/0x1410 [ 793.188219][ C1] net_rx_action+0x786/0x1aa0 [ 793.188219][ C1] __do_softirq+0x311/0x83d [ 793.188219][ C1] [ 793.188219][ C1] Uninit was stored to memory at: [ 793.188219][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 793.188219][ C1] __msan_chain_origin+0x50/0x90 [ 793.188219][ C1] skb_clone+0x486/0x5d0 [ 793.188219][ C1] br_flood+0xa8e/0xf90 [ 793.188219][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 793.188219][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 793.188219][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 793.188219][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 793.188219][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 793.188219][ C1] br_handle_frame+0xcd2/0x2050 [ 793.188219][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 793.188219][ C1] process_backlog+0x936/0x1410 [ 793.188219][ C1] net_rx_action+0x786/0x1aa0 [ 793.188219][ C1] __do_softirq+0x311/0x83d [ 793.188219][ C1] [ 793.188219][ C1] Uninit was created at: [ 793.188219][ C1] kmsan_internal_poison_shadow+0x66/0xd0 [ 793.188219][ C1] kmsan_slab_alloc+0x8a/0xe0 [ 793.188219][ C1] kmem_cache_alloc+0x711/0xd70 [ 793.188219][ C1] skb_clone+0x328/0x5d0 [ 793.188219][ C1] br_flood+0xa8e/0xf90 [ 793.188219][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 793.188219][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 793.188219][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 793.188219][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 793.188219][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 793.188219][ C1] br_handle_frame+0xcd2/0x2050 [ 793.188219][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 793.188219][ C1] process_backlog+0x936/0x1410 [ 793.188219][ C1] net_rx_action+0x786/0x1aa0 [ 793.561172][ C1] __do_softirq+0x311/0x83d [ 794.870281][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) 00:14:42 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, 0x0, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:14:42 executing program 5: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:14:42 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) 00:14:42 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:14:42 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 796.889485][T14022] binder: 14011:14022 unknown command 0 [ 796.895271][T14022] binder: 14011:14022 ioctl c0306201 20000280 returned -22 [ 796.929003][T14022] binder: 14011:14022 ioctl c0306201 20000540 returned -14 [ 796.944857][T14023] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 796.994460][T14031] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:14:43 executing program 5: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:14:43 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:14:43 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 798.833130][ C0] not chained 570000 origins [ 798.837794][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.6.0-rc7-syzkaller #0 [ 798.840092][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 798.840092][ C0] Call Trace: [ 798.840092][ C0] dump_stack+0x1c9/0x220 [ 798.840092][ C0] kmsan_internal_chain_origin+0x6f/0x130 [ 798.840092][ C0] ? kmsan_internal_chain_origin+0xad/0x130 [ 798.840092][ C0] ? __msan_chain_origin+0x50/0x90 [ 798.840092][ C0] ? __skb_clone+0x863/0x970 [ 798.840092][ C0] ? skb_clone+0x404/0x5d0 [ 798.840092][ C0] ? br_flood+0xd14/0xf90 [ 798.840092][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 798.840092][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 798.840092][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 798.840092][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 798.840092][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 798.840092][ C0] ? br_handle_frame+0xcd2/0x2050 [ 798.840092][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 798.840092][ C0] ? process_backlog+0x936/0x1410 [ 798.840092][ C0] ? net_rx_action+0x786/0x1aa0 [ 798.840092][ C0] ? __do_softirq+0x311/0x83d [ 798.840092][ C0] ? run_ksoftirqd+0x25/0x40 [ 798.840092][ C0] ? smpboot_thread_fn+0x493/0x980 [ 798.840092][ C0] ? kthread+0x4b5/0x4f0 [ 798.840092][ C0] ? ret_from_fork+0x35/0x40 [ 798.840092][ C0] ? __msan_chain_origin+0x50/0x90 [ 798.840092][ C0] ? skb_clone+0x486/0x5d0 [ 798.840092][ C0] ? br_flood+0xd14/0xf90 [ 798.840092][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 798.840092][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 798.840092][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 798.840092][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 798.840092][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 798.840092][ C0] ? br_handle_frame+0xcd2/0x2050 [ 798.840092][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 798.840092][ C0] ? process_backlog+0x936/0x1410 [ 798.840092][ C0] ? net_rx_action+0x786/0x1aa0 [ 798.840092][ C0] ? __do_softirq+0x311/0x83d [ 798.840092][ C0] ? run_ksoftirqd+0x25/0x40 [ 798.840092][ C0] ? smpboot_thread_fn+0x493/0x980 [ 798.840092][ C0] ? kthread+0x4b5/0x4f0 [ 798.840092][ C0] ? ret_from_fork+0x35/0x40 [ 798.840092][ C0] ? kmsan_memcpy_memmove_metadata+0x10c/0x2e0 [ 798.840092][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 798.840092][ C0] ? kmsan_set_origin_checked+0x95/0xf0 [ 798.840092][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 798.840092][ C0] __msan_chain_origin+0x50/0x90 [ 798.840092][ C0] __skb_clone+0x939/0x970 [ 798.840092][ C0] skb_clone+0x404/0x5d0 [ 798.840092][ C0] br_flood+0xd14/0xf90 [ 798.840092][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 798.840092][ C0] ? brport_get_ownership+0xf0/0xf0 [ 798.840092][ C0] ? brport_get_ownership+0xf0/0xf0 [ 798.840092][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 798.840092][ C0] ? brport_get_ownership+0xf0/0xf0 [ 798.840092][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 798.840092][ C0] ? brport_get_ownership+0xf0/0xf0 [ 798.840092][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 798.840092][ C0] ? br_nf_pre_routing_ipv6+0x7f0/0x7f0 [ 798.840092][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 798.840092][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 798.840092][ C0] ? brnf_device_event+0x3c0/0x3c0 [ 798.840092][ C0] br_handle_frame+0xcd2/0x2050 [ 798.840092][ C0] ? brport_get_ownership+0xf0/0xf0 [ 798.840092][ C0] ? br_pass_frame_up+0x9c0/0x9c0 [ 798.840092][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 798.840092][ C0] ? __msan_poison_alloca+0xf0/0x120 [ 798.840092][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 798.840092][ C0] process_backlog+0x936/0x1410 [ 798.840092][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 798.840092][ C0] ? ip_local_deliver_finish+0x350/0x350 [ 798.840092][ C0] ? rps_trigger_softirq+0x2e0/0x2e0 [ 798.840092][ C0] net_rx_action+0x786/0x1aa0 [ 798.840092][ C0] ? net_tx_action+0xc30/0xc30 [ 798.840092][ C0] __do_softirq+0x311/0x83d [ 798.840092][ C0] ? ksoftirqd_should_run+0x30/0x30 [ 798.840092][ C0] ? takeover_tasklets+0x8f0/0x8f0 [ 798.840092][ C0] run_ksoftirqd+0x25/0x40 [ 798.840092][ C0] smpboot_thread_fn+0x493/0x980 [ 798.840092][ C0] kthread+0x4b5/0x4f0 [ 798.840092][ C0] ? cpu_report_death+0x180/0x180 [ 798.840092][ C0] ? kthread_blkcg+0xf0/0xf0 [ 798.840092][ C0] ret_from_fork+0x35/0x40 [ 798.840092][ C0] Uninit was stored to memory at: [ 798.840092][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 798.840092][ C0] __msan_chain_origin+0x50/0x90 [ 798.840092][ C0] __skb_clone+0x939/0x970 [ 798.840092][ C0] skb_clone+0x404/0x5d0 [ 798.840092][ C0] br_flood+0xa8e/0xf90 [ 798.840092][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 798.840092][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 798.840092][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 798.840092][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 798.840092][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 798.840092][ C0] br_handle_frame+0xcd2/0x2050 [ 798.840092][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 798.840092][ C0] process_backlog+0x936/0x1410 [ 798.840092][ C0] net_rx_action+0x786/0x1aa0 [ 798.840092][ C0] __do_softirq+0x311/0x83d [ 798.840092][ C0] [ 798.840092][ C0] Uninit was stored to memory at: [ 798.840092][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 798.840092][ C0] __msan_chain_origin+0x50/0x90 [ 798.840092][ C0] __skb_clone+0x939/0x970 [ 798.840092][ C0] skb_clone+0x404/0x5d0 [ 798.840092][ C0] br_flood+0xa8e/0xf90 [ 798.840092][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 798.840092][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 798.840092][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 798.840092][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 798.840092][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 798.840092][ C0] br_handle_frame+0xcd2/0x2050 [ 798.840092][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 798.840092][ C0] process_backlog+0x936/0x1410 [ 798.840092][ C0] net_rx_action+0x786/0x1aa0 [ 798.840092][ C0] __do_softirq+0x311/0x83d [ 798.840092][ C0] [ 798.840092][ C0] Uninit was stored to memory at: [ 798.840092][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 798.840092][ C0] __msan_chain_origin+0x50/0x90 [ 798.840092][ C0] __skb_clone+0x939/0x970 [ 798.840092][ C0] skb_clone+0x404/0x5d0 [ 798.840092][ C0] br_flood+0xa8e/0xf90 [ 798.840092][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 798.840092][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 798.840092][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 798.840092][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 798.840092][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 798.840092][ C0] br_handle_frame+0xcd2/0x2050 [ 798.840092][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 798.840092][ C0] process_backlog+0x936/0x1410 [ 798.840092][ C0] net_rx_action+0x786/0x1aa0 [ 798.840092][ C0] __do_softirq+0x311/0x83d [ 798.840092][ C0] [ 798.840092][ C0] Uninit was stored to memory at: [ 798.840092][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 798.840092][ C0] __msan_chain_origin+0x50/0x90 [ 798.840092][ C0] __skb_clone+0x939/0x970 [ 798.840092][ C0] skb_clone+0x404/0x5d0 [ 798.840092][ C0] br_flood+0xa8e/0xf90 [ 798.840092][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 798.840092][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 798.840092][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 798.840092][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 798.840092][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 798.840092][ C0] br_handle_frame+0xcd2/0x2050 [ 798.840092][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 798.840092][ C0] process_backlog+0x936/0x1410 [ 798.840092][ C0] net_rx_action+0x786/0x1aa0 [ 798.840092][ C0] __do_softirq+0x311/0x83d [ 798.840092][ C0] [ 798.840092][ C0] Uninit was stored to memory at: [ 798.840092][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 798.840092][ C0] __msan_chain_origin+0x50/0x90 [ 798.840092][ C0] __skb_clone+0x939/0x970 [ 798.840092][ C0] skb_clone+0x404/0x5d0 [ 798.840092][ C0] br_flood+0xa8e/0xf90 [ 798.840092][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 798.840092][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 798.840092][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 798.840092][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 798.840092][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 798.840092][ C0] br_handle_frame+0xcd2/0x2050 [ 798.840092][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 798.840092][ C0] process_backlog+0x936/0x1410 [ 798.840092][ C0] net_rx_action+0x786/0x1aa0 [ 798.840092][ C0] __do_softirq+0x311/0x83d [ 798.840092][ C0] [ 798.840092][ C0] Uninit was stored to memory at: [ 798.840092][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 798.840092][ C0] __msan_chain_origin+0x50/0x90 [ 798.840092][ C0] __skb_clone+0x863/0x970 [ 798.840092][ C0] skb_clone+0x404/0x5d0 [ 798.840092][ C0] br_flood+0xa8e/0xf90 [ 798.840092][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 798.840092][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 798.840092][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 798.840092][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 798.840092][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 798.840092][ C0] br_handle_frame+0xcd2/0x2050 [ 798.840092][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 798.840092][ C0] process_backlog+0x936/0x1410 [ 798.840092][ C0] net_rx_action+0x786/0x1aa0 [ 798.840092][ C0] __do_softirq+0x311/0x83d [ 798.840092][ C0] [ 798.840092][ C0] Uninit was stored to memory at: [ 798.840092][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 798.840092][ C0] __msan_chain_origin+0x50/0x90 [ 798.840092][ C0] skb_clone+0x486/0x5d0 [ 798.840092][ C0] br_flood+0xa8e/0xf90 [ 798.840092][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 798.840092][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 798.840092][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 798.840092][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 798.840092][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 798.840092][ C0] br_handle_frame+0xcd2/0x2050 [ 798.840092][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 798.840092][ C0] process_backlog+0x936/0x1410 [ 798.840092][ C0] net_rx_action+0x786/0x1aa0 [ 798.840092][ C0] __do_softirq+0x311/0x83d [ 798.840092][ C0] [ 798.840092][ C0] Uninit was created at: [ 798.840092][ C0] kmsan_internal_poison_shadow+0x66/0xd0 [ 798.840092][ C0] kmsan_slab_alloc+0x8a/0xe0 [ 798.840092][ C0] kmem_cache_alloc+0x711/0xd70 [ 798.840092][ C0] skb_clone+0x328/0x5d0 [ 798.840092][ C0] br_flood+0xa8e/0xf90 [ 798.840092][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 798.840092][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 798.840092][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 798.840092][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 798.840092][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 798.840092][ C0] br_handle_frame+0xcd2/0x2050 [ 798.840092][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 798.840092][ C0] process_backlog+0x936/0x1410 [ 798.840092][ C0] net_rx_action+0x786/0x1aa0 [ 798.840092][ C0] __do_softirq+0x311/0x83d [ 802.605110][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 802.622864][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 802.642051][ C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 802.730213][ C0] bridge0: received packet on geneve0 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 804.354993][ C0] not chained 580000 origins [ 804.358885][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.6.0-rc7-syzkaller #0 [ 804.358885][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 804.358885][ C0] Call Trace: [ 804.358885][ C0] dump_stack+0x1c9/0x220 [ 804.358885][ C0] kmsan_internal_chain_origin+0x6f/0x130 [ 804.358885][ C0] ? kmsan_internal_chain_origin+0xad/0x130 [ 804.358885][ C0] ? __msan_chain_origin+0x50/0x90 [ 804.358885][ C0] ? __skb_clone+0x863/0x970 [ 804.358885][ C0] ? skb_clone+0x404/0x5d0 [ 804.358885][ C0] ? br_flood+0xd14/0xf90 [ 804.358885][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 804.358885][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 804.358885][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 804.358885][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 804.358885][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 804.358885][ C0] ? br_handle_frame+0xcd2/0x2050 [ 804.358885][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 804.358885][ C0] ? process_backlog+0x936/0x1410 [ 804.358885][ C0] ? net_rx_action+0x786/0x1aa0 [ 804.358885][ C0] ? __do_softirq+0x311/0x83d [ 804.358885][ C0] ? run_ksoftirqd+0x25/0x40 [ 804.358885][ C0] ? smpboot_thread_fn+0x493/0x980 [ 804.358885][ C0] ? kthread+0x4b5/0x4f0 [ 804.358885][ C0] ? ret_from_fork+0x35/0x40 [ 804.358885][ C0] ? __msan_chain_origin+0x50/0x90 [ 804.358885][ C0] ? skb_clone+0x486/0x5d0 [ 804.358885][ C0] ? br_flood+0xd14/0xf90 [ 804.358885][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 804.358885][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 804.358885][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 804.358885][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 804.358885][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 804.358885][ C0] ? br_handle_frame+0xcd2/0x2050 [ 804.358885][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 804.358885][ C0] ? process_backlog+0x936/0x1410 [ 804.358885][ C0] ? net_rx_action+0x786/0x1aa0 [ 804.358885][ C0] ? __do_softirq+0x311/0x83d [ 804.358885][ C0] ? run_ksoftirqd+0x25/0x40 [ 804.358885][ C0] ? smpboot_thread_fn+0x493/0x980 [ 804.358885][ C0] ? kthread+0x4b5/0x4f0 [ 804.358885][ C0] ? ret_from_fork+0x35/0x40 [ 804.358885][ C0] ? kmsan_memcpy_memmove_metadata+0x10c/0x2e0 [ 804.358885][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 804.358885][ C0] ? kmsan_set_origin_checked+0x95/0xf0 [ 804.358885][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 804.358885][ C0] __msan_chain_origin+0x50/0x90 [ 804.358885][ C0] __skb_clone+0x939/0x970 [ 804.358885][ C0] skb_clone+0x404/0x5d0 [ 804.358885][ C0] br_flood+0xd14/0xf90 [ 804.358885][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 804.358885][ C0] ? brport_get_ownership+0xf0/0xf0 [ 804.358885][ C0] ? brport_get_ownership+0xf0/0xf0 [ 804.358885][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 804.358885][ C0] ? brport_get_ownership+0xf0/0xf0 [ 804.358885][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 804.358885][ C0] ? brport_get_ownership+0xf0/0xf0 [ 804.358885][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 804.358885][ C0] ? br_nf_pre_routing_ipv6+0x7f0/0x7f0 [ 804.358885][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 804.358885][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 804.358885][ C0] ? brnf_device_event+0x3c0/0x3c0 [ 804.358885][ C0] br_handle_frame+0xcd2/0x2050 [ 804.358885][ C0] ? brport_get_ownership+0xf0/0xf0 [ 804.358885][ C0] ? br_pass_frame_up+0x9c0/0x9c0 [ 804.358885][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 804.358885][ C0] ? __msan_poison_alloca+0xf0/0x120 [ 804.358885][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 804.358885][ C0] process_backlog+0x936/0x1410 [ 804.358885][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 804.358885][ C0] ? ip_local_deliver_finish+0x350/0x350 [ 804.358885][ C0] ? rps_trigger_softirq+0x2e0/0x2e0 [ 804.358885][ C0] net_rx_action+0x786/0x1aa0 [ 804.358885][ C0] ? net_tx_action+0xc30/0xc30 [ 804.358885][ C0] __do_softirq+0x311/0x83d [ 804.358885][ C0] ? ksoftirqd_should_run+0x30/0x30 [ 804.358885][ C0] ? takeover_tasklets+0x8f0/0x8f0 [ 804.358885][ C0] run_ksoftirqd+0x25/0x40 [ 804.358885][ C0] smpboot_thread_fn+0x493/0x980 [ 804.358885][ C0] kthread+0x4b5/0x4f0 [ 804.358885][ C0] ? cpu_report_death+0x180/0x180 [ 804.358885][ C0] ? kthread_blkcg+0xf0/0xf0 [ 804.358885][ C0] ret_from_fork+0x35/0x40 [ 804.358885][ C0] Uninit was stored to memory at: [ 804.358885][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 804.358885][ C0] __msan_chain_origin+0x50/0x90 [ 804.358885][ C0] __skb_clone+0x939/0x970 [ 804.358885][ C0] skb_clone+0x404/0x5d0 [ 804.358885][ C0] br_flood+0xa8e/0xf90 [ 804.358885][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 804.358885][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 804.358885][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 804.358885][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 804.358885][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 804.358885][ C0] br_handle_frame+0xcd2/0x2050 [ 804.358885][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 804.358885][ C0] process_backlog+0x936/0x1410 [ 804.358885][ C0] net_rx_action+0x786/0x1aa0 [ 804.358885][ C0] __do_softirq+0x311/0x83d [ 804.358885][ C0] [ 804.358885][ C0] Uninit was stored to memory at: [ 804.358885][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 804.358885][ C0] __msan_chain_origin+0x50/0x90 [ 804.358885][ C0] __skb_clone+0x939/0x970 [ 804.358885][ C0] skb_clone+0x404/0x5d0 [ 804.358885][ C0] br_flood+0xa8e/0xf90 [ 804.358885][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 804.358885][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 804.358885][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 804.358885][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 804.358885][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 804.358885][ C0] br_handle_frame+0xcd2/0x2050 [ 804.358885][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 804.358885][ C0] process_backlog+0x936/0x1410 [ 804.358885][ C0] net_rx_action+0x786/0x1aa0 [ 804.358885][ C0] __do_softirq+0x311/0x83d [ 804.358885][ C0] [ 804.358885][ C0] Uninit was stored to memory at: [ 804.358885][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 804.358885][ C0] __msan_chain_origin+0x50/0x90 [ 804.358885][ C0] __skb_clone+0x939/0x970 [ 804.358885][ C0] skb_clone+0x404/0x5d0 [ 804.358885][ C0] br_flood+0xa8e/0xf90 [ 804.358885][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 804.358885][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 804.358885][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 804.358885][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 804.358885][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 804.358885][ C0] br_handle_frame+0xcd2/0x2050 [ 804.358885][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 804.358885][ C0] process_backlog+0x936/0x1410 [ 804.358885][ C0] net_rx_action+0x786/0x1aa0 [ 804.358885][ C0] __do_softirq+0x311/0x83d [ 804.358885][ C0] [ 804.358885][ C0] Uninit was stored to memory at: [ 804.358885][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 804.358885][ C0] __msan_chain_origin+0x50/0x90 [ 804.358885][ C0] __skb_clone+0x939/0x970 [ 804.358885][ C0] skb_clone+0x404/0x5d0 [ 804.358885][ C0] br_flood+0xa8e/0xf90 [ 804.358885][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 804.358885][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 804.358885][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 804.358885][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 804.358885][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 804.358885][ C0] br_handle_frame+0xcd2/0x2050 [ 804.358885][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 804.358885][ C0] process_backlog+0x936/0x1410 [ 804.358885][ C0] net_rx_action+0x786/0x1aa0 [ 804.358885][ C0] __do_softirq+0x311/0x83d [ 804.358885][ C0] [ 804.358885][ C0] Uninit was stored to memory at: [ 804.358885][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 804.358885][ C0] __msan_chain_origin+0x50/0x90 [ 804.358885][ C0] __skb_clone+0x939/0x970 [ 804.358885][ C0] skb_clone+0x404/0x5d0 [ 804.358885][ C0] br_flood+0xa8e/0xf90 [ 804.358885][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 804.358885][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 804.358885][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 804.358885][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 804.358885][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 804.358885][ C0] br_handle_frame+0xcd2/0x2050 [ 804.358885][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 804.358885][ C0] process_backlog+0x936/0x1410 [ 804.358885][ C0] net_rx_action+0x786/0x1aa0 [ 804.358885][ C0] __do_softirq+0x311/0x83d [ 804.358885][ C0] [ 804.358885][ C0] Uninit was stored to memory at: [ 804.358885][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 804.358885][ C0] __msan_chain_origin+0x50/0x90 [ 804.358885][ C0] __skb_clone+0x863/0x970 [ 804.358885][ C0] skb_clone+0x404/0x5d0 [ 804.358885][ C0] br_flood+0xa8e/0xf90 [ 804.358885][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 804.358885][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 804.358885][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 804.358885][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 804.358885][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 804.358885][ C0] br_handle_frame+0xcd2/0x2050 [ 804.358885][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 804.358885][ C0] process_backlog+0x936/0x1410 [ 804.358885][ C0] net_rx_action+0x786/0x1aa0 [ 804.358885][ C0] __do_softirq+0x311/0x83d [ 804.358885][ C0] [ 804.358885][ C0] Uninit was stored to memory at: [ 804.358885][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 804.358885][ C0] __msan_chain_origin+0x50/0x90 [ 804.358885][ C0] skb_clone+0x486/0x5d0 [ 804.358885][ C0] br_flood+0xa8e/0xf90 [ 804.358885][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 804.358885][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 804.358885][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 804.358885][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 804.358885][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 804.358885][ C0] br_handle_frame+0xcd2/0x2050 [ 804.358885][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 804.358885][ C0] process_backlog+0x936/0x1410 [ 804.358885][ C0] net_rx_action+0x786/0x1aa0 [ 804.358885][ C0] __do_softirq+0x311/0x83d [ 804.358885][ C0] [ 804.358885][ C0] Uninit was created at: [ 804.358885][ C0] kmsan_internal_poison_shadow+0x66/0xd0 [ 804.358885][ C0] kmsan_slab_alloc+0x8a/0xe0 [ 804.358885][ C0] kmem_cache_alloc+0x711/0xd70 [ 804.358885][ C0] skb_clone+0x328/0x5d0 [ 804.358885][ C0] br_flood+0xa8e/0xf90 [ 804.358885][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 804.358885][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 804.358885][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 804.358885][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 804.358885][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 804.358885][ C0] br_handle_frame+0xcd2/0x2050 [ 804.358885][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 804.358885][ C0] process_backlog+0x936/0x1410 [ 804.358885][ C0] net_rx_action+0x786/0x1aa0 [ 804.358885][ C0] __do_softirq+0x311/0x83d [ 809.764353][ C0] not chained 590000 origins [ 809.768876][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.6.0-rc7-syzkaller #0 [ 809.768876][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 809.768876][ C0] Call Trace: [ 809.768876][ C0] dump_stack+0x1c9/0x220 [ 809.768876][ C0] kmsan_internal_chain_origin+0x6f/0x130 [ 809.768876][ C0] ? kmsan_internal_chain_origin+0xad/0x130 [ 809.768876][ C0] ? __msan_chain_origin+0x50/0x90 [ 809.768876][ C0] ? __skb_clone+0x863/0x970 [ 809.768876][ C0] ? skb_clone+0x404/0x5d0 [ 809.768876][ C0] ? br_flood+0xa8e/0xf90 [ 809.768876][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 809.768876][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 809.768876][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 809.768876][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 809.768876][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 809.768876][ C0] ? br_handle_frame+0xcd2/0x2050 [ 809.768876][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 809.768876][ C0] ? process_backlog+0x936/0x1410 [ 809.768876][ C0] ? net_rx_action+0x786/0x1aa0 [ 809.768876][ C0] ? __do_softirq+0x311/0x83d [ 809.768876][ C0] ? run_ksoftirqd+0x25/0x40 [ 809.768876][ C0] ? smpboot_thread_fn+0x493/0x980 [ 809.768876][ C0] ? kthread+0x4b5/0x4f0 [ 809.768876][ C0] ? ret_from_fork+0x35/0x40 [ 809.768876][ C0] ? __msan_chain_origin+0x50/0x90 [ 809.768876][ C0] ? skb_clone+0x486/0x5d0 [ 809.768876][ C0] ? br_flood+0xa8e/0xf90 [ 809.768876][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 809.768876][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 809.768876][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 809.768876][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 809.768876][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 809.768876][ C0] ? br_handle_frame+0xcd2/0x2050 [ 809.768876][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 809.768876][ C0] ? process_backlog+0x936/0x1410 [ 809.768876][ C0] ? net_rx_action+0x786/0x1aa0 [ 809.768876][ C0] ? __do_softirq+0x311/0x83d [ 809.768876][ C0] ? run_ksoftirqd+0x25/0x40 [ 809.768876][ C0] ? smpboot_thread_fn+0x493/0x980 [ 809.768876][ C0] ? kthread+0x4b5/0x4f0 [ 809.768876][ C0] ? ret_from_fork+0x35/0x40 [ 809.768876][ C0] ? kmsan_memcpy_memmove_metadata+0x10c/0x2e0 [ 809.768876][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 809.768876][ C0] ? kmsan_set_origin_checked+0x95/0xf0 [ 809.768876][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 809.768876][ C0] __msan_chain_origin+0x50/0x90 [ 809.768876][ C0] __skb_clone+0x939/0x970 [ 809.768876][ C0] skb_clone+0x404/0x5d0 [ 809.768876][ C0] br_flood+0xa8e/0xf90 [ 809.768876][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 809.768876][ C0] ? brport_get_ownership+0xf0/0xf0 [ 809.768876][ C0] ? brport_get_ownership+0xf0/0xf0 [ 809.768876][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 809.768876][ C0] ? brport_get_ownership+0xf0/0xf0 [ 809.768876][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 809.768876][ C0] ? brport_get_ownership+0xf0/0xf0 [ 809.768876][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 809.768876][ C0] ? br_nf_pre_routing_ipv6+0x7f0/0x7f0 [ 809.768876][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 809.768876][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 809.768876][ C0] ? brnf_device_event+0x3c0/0x3c0 [ 809.768876][ C0] br_handle_frame+0xcd2/0x2050 [ 809.768876][ C0] ? brport_get_ownership+0xf0/0xf0 [ 809.768876][ C0] ? br_pass_frame_up+0x9c0/0x9c0 [ 809.768876][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 809.768876][ C0] ? __msan_poison_alloca+0xf0/0x120 [ 809.768876][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 809.768876][ C0] process_backlog+0x936/0x1410 [ 809.768876][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 809.768876][ C0] ? ip_local_deliver_finish+0x350/0x350 [ 809.768876][ C0] ? rps_trigger_softirq+0x2e0/0x2e0 [ 809.768876][ C0] net_rx_action+0x786/0x1aa0 [ 809.768876][ C0] ? net_tx_action+0xc30/0xc30 [ 809.768876][ C0] __do_softirq+0x311/0x83d [ 809.768876][ C0] ? ksoftirqd_should_run+0x30/0x30 [ 809.768876][ C0] ? takeover_tasklets+0x8f0/0x8f0 [ 809.768876][ C0] run_ksoftirqd+0x25/0x40 [ 809.768876][ C0] smpboot_thread_fn+0x493/0x980 [ 809.768876][ C0] kthread+0x4b5/0x4f0 [ 809.768876][ C0] ? cpu_report_death+0x180/0x180 [ 809.768876][ C0] ? kthread_blkcg+0xf0/0xf0 [ 809.768876][ C0] ret_from_fork+0x35/0x40 [ 809.768876][ C0] Uninit was stored to memory at: [ 809.768876][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 809.768876][ C0] __msan_chain_origin+0x50/0x90 [ 809.768876][ C0] __skb_clone+0x939/0x970 [ 809.768876][ C0] skb_clone+0x404/0x5d0 [ 809.768876][ C0] br_flood+0xa8e/0xf90 [ 809.768876][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 809.768876][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 809.768876][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 809.768876][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 809.768876][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 809.768876][ C0] br_handle_frame+0xcd2/0x2050 [ 809.768876][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 809.768876][ C0] process_backlog+0x936/0x1410 [ 809.768876][ C0] net_rx_action+0x786/0x1aa0 [ 809.768876][ C0] __do_softirq+0x311/0x83d [ 809.768876][ C0] [ 809.768876][ C0] Uninit was stored to memory at: [ 809.768876][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 809.768876][ C0] __msan_chain_origin+0x50/0x90 [ 809.768876][ C0] __skb_clone+0x939/0x970 [ 809.768876][ C0] skb_clone+0x404/0x5d0 [ 809.768876][ C0] br_flood+0xa8e/0xf90 [ 809.768876][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 809.768876][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 809.768876][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 809.768876][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 809.768876][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 809.768876][ C0] br_handle_frame+0xcd2/0x2050 [ 809.768876][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 809.768876][ C0] process_backlog+0x936/0x1410 [ 809.768876][ C0] net_rx_action+0x786/0x1aa0 [ 809.768876][ C0] __do_softirq+0x311/0x83d [ 809.768876][ C0] [ 809.768876][ C0] Uninit was stored to memory at: [ 809.768876][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 809.768876][ C0] __msan_chain_origin+0x50/0x90 [ 809.768876][ C0] __skb_clone+0x939/0x970 [ 809.768876][ C0] skb_clone+0x404/0x5d0 [ 809.768876][ C0] br_flood+0xa8e/0xf90 [ 809.768876][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 809.768876][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 809.768876][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 809.768876][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 809.768876][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 809.768876][ C0] br_handle_frame+0xcd2/0x2050 [ 809.768876][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 809.768876][ C0] process_backlog+0x936/0x1410 [ 809.768876][ C0] net_rx_action+0x786/0x1aa0 [ 809.768876][ C0] __do_softirq+0x311/0x83d [ 809.768876][ C0] [ 809.768876][ C0] Uninit was stored to memory at: [ 809.768876][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 809.768876][ C0] __msan_chain_origin+0x50/0x90 [ 809.768876][ C0] __skb_clone+0x939/0x970 [ 809.768876][ C0] skb_clone+0x404/0x5d0 [ 809.768876][ C0] br_flood+0xa8e/0xf90 [ 809.768876][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 809.768876][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 809.768876][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 809.768876][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 809.768876][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 809.768876][ C0] br_handle_frame+0xcd2/0x2050 [ 809.768876][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 809.768876][ C0] process_backlog+0x936/0x1410 [ 809.768876][ C0] net_rx_action+0x786/0x1aa0 [ 809.768876][ C0] __do_softirq+0x311/0x83d [ 809.768876][ C0] [ 809.768876][ C0] Uninit was stored to memory at: [ 809.768876][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 809.768876][ C0] __msan_chain_origin+0x50/0x90 [ 809.768876][ C0] __skb_clone+0x939/0x970 [ 809.768876][ C0] skb_clone+0x404/0x5d0 [ 809.768876][ C0] br_flood+0xa8e/0xf90 [ 809.768876][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 809.768876][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 809.768876][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 809.768876][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 809.768876][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 809.768876][ C0] br_handle_frame+0xcd2/0x2050 [ 809.768876][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 809.768876][ C0] process_backlog+0x936/0x1410 [ 809.768876][ C0] net_rx_action+0x786/0x1aa0 [ 809.768876][ C0] __do_softirq+0x311/0x83d [ 809.768876][ C0] [ 809.768876][ C0] Uninit was stored to memory at: [ 809.768876][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 809.768876][ C0] __msan_chain_origin+0x50/0x90 [ 810.646253][ C0] __skb_clone+0x863/0x970 [ 810.646253][ C0] skb_clone+0x404/0x5d0 [ 810.646253][ C0] br_flood+0xa8e/0xf90 [ 810.646253][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 810.646253][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 810.646253][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 810.646253][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 810.646253][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 810.646253][ C0] br_handle_frame+0xcd2/0x2050 [ 810.646253][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 810.646253][ C0] process_backlog+0x936/0x1410 [ 810.646253][ C0] net_rx_action+0x786/0x1aa0 [ 810.646253][ C0] __do_softirq+0x311/0x83d [ 810.646253][ C0] [ 810.646253][ C0] Uninit was stored to memory at: [ 810.646253][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 810.646253][ C0] __msan_chain_origin+0x50/0x90 [ 810.646253][ C0] skb_clone+0x486/0x5d0 [ 810.646253][ C0] br_flood+0xa8e/0xf90 [ 810.646253][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 810.646253][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 810.646253][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 810.646253][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 810.646253][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 810.646253][ C0] br_handle_frame+0xcd2/0x2050 [ 810.646253][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 810.646253][ C0] process_backlog+0x936/0x1410 [ 810.646253][ C0] net_rx_action+0x786/0x1aa0 [ 810.646253][ C0] __do_softirq+0x311/0x83d [ 810.646253][ C0] [ 810.646253][ C0] Uninit was created at: [ 810.646253][ C0] kmsan_internal_poison_shadow+0x66/0xd0 [ 810.646253][ C0] kmsan_slab_alloc+0x8a/0xe0 [ 810.646253][ C0] kmem_cache_alloc+0x711/0xd70 [ 810.646253][ C0] skb_clone+0x328/0x5d0 [ 810.646253][ C0] br_flood+0xa8e/0xf90 [ 810.646253][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 810.646253][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 810.646253][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 810.646253][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 810.646253][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 810.646253][ C0] br_handle_frame+0xcd2/0x2050 [ 810.646253][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 810.646253][ C0] process_backlog+0x936/0x1410 [ 810.646253][ C0] net_rx_action+0x786/0x1aa0 [ 810.646253][ C0] __do_softirq+0x311/0x83d 00:14:57 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7}}) close(r0) write$tun(0xffffffffffffffff, 0x0, 0x0) 00:14:57 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:14:57 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) [ 811.834745][T14069] binder: 14062:14069 unknown command 0 [ 811.840643][T14069] binder: 14062:14069 ioctl c0306201 20000280 returned -22 [ 811.875303][T14069] binder: 14062:14069 ioctl c0306201 20000540 returned -14 00:14:57 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) [ 815.989393][ C0] not chained 600000 origins [ 815.994060][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.6.0-rc7-syzkaller #0 [ 815.998888][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 815.998888][ C0] Call Trace: [ 815.998888][ C0] dump_stack+0x1c9/0x220 [ 815.998888][ C0] kmsan_internal_chain_origin+0x6f/0x130 [ 815.998888][ C0] ? kmsan_internal_chain_origin+0xad/0x130 [ 815.998888][ C0] ? __msan_chain_origin+0x50/0x90 [ 815.998888][ C0] ? __skb_clone+0x863/0x970 [ 815.998888][ C0] ? skb_clone+0x404/0x5d0 [ 815.998888][ C0] ? br_flood+0xa8e/0xf90 [ 815.998888][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 815.998888][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 815.998888][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 815.998888][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 815.998888][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 815.998888][ C0] ? br_handle_frame+0xcd2/0x2050 [ 815.998888][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 815.998888][ C0] ? process_backlog+0x936/0x1410 [ 815.998888][ C0] ? net_rx_action+0x786/0x1aa0 [ 815.998888][ C0] ? __do_softirq+0x311/0x83d [ 815.998888][ C0] ? run_ksoftirqd+0x25/0x40 [ 815.998888][ C0] ? smpboot_thread_fn+0x493/0x980 [ 815.998888][ C0] ? kthread+0x4b5/0x4f0 [ 815.998888][ C0] ? ret_from_fork+0x35/0x40 [ 815.998888][ C0] ? __msan_chain_origin+0x50/0x90 [ 815.998888][ C0] ? skb_clone+0x486/0x5d0 [ 815.998888][ C0] ? br_flood+0xa8e/0xf90 [ 815.998888][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 815.998888][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 815.998888][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 815.998888][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 815.998888][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 815.998888][ C0] ? br_handle_frame+0xcd2/0x2050 [ 815.998888][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 815.998888][ C0] ? process_backlog+0x936/0x1410 [ 815.998888][ C0] ? net_rx_action+0x786/0x1aa0 [ 815.998888][ C0] ? __do_softirq+0x311/0x83d [ 815.998888][ C0] ? run_ksoftirqd+0x25/0x40 [ 815.998888][ C0] ? smpboot_thread_fn+0x493/0x980 [ 815.998888][ C0] ? kthread+0x4b5/0x4f0 [ 815.998888][ C0] ? ret_from_fork+0x35/0x40 [ 815.998888][ C0] ? kmsan_memcpy_memmove_metadata+0x10c/0x2e0 [ 815.998888][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 815.998888][ C0] ? kmsan_set_origin_checked+0x95/0xf0 [ 815.998888][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 815.998888][ C0] __msan_chain_origin+0x50/0x90 [ 815.998888][ C0] __skb_clone+0x939/0x970 [ 815.998888][ C0] skb_clone+0x404/0x5d0 [ 815.998888][ C0] br_flood+0xa8e/0xf90 [ 815.998888][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 815.998888][ C0] ? brport_get_ownership+0xf0/0xf0 [ 815.998888][ C0] ? brport_get_ownership+0xf0/0xf0 [ 815.998888][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 815.998888][ C0] ? brport_get_ownership+0xf0/0xf0 [ 815.998888][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 815.998888][ C0] ? brport_get_ownership+0xf0/0xf0 [ 815.998888][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 815.998888][ C0] ? br_nf_pre_routing_ipv6+0x7f0/0x7f0 [ 815.998888][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 815.998888][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 815.998888][ C0] ? brnf_device_event+0x3c0/0x3c0 [ 815.998888][ C0] br_handle_frame+0xcd2/0x2050 [ 815.998888][ C0] ? brport_get_ownership+0xf0/0xf0 [ 815.998888][ C0] ? br_pass_frame_up+0x9c0/0x9c0 [ 815.998888][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 815.998888][ C0] ? __msan_poison_alloca+0xf0/0x120 [ 815.998888][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 815.998888][ C0] process_backlog+0x936/0x1410 [ 815.998888][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 815.998888][ C0] ? ip_local_deliver_finish+0x350/0x350 [ 815.998888][ C0] ? rps_trigger_softirq+0x2e0/0x2e0 [ 815.998888][ C0] net_rx_action+0x786/0x1aa0 [ 815.998888][ C0] ? net_tx_action+0xc30/0xc30 [ 815.998888][ C0] __do_softirq+0x311/0x83d [ 815.998888][ C0] ? ksoftirqd_should_run+0x30/0x30 [ 815.998888][ C0] ? takeover_tasklets+0x8f0/0x8f0 [ 815.998888][ C0] run_ksoftirqd+0x25/0x40 [ 815.998888][ C0] smpboot_thread_fn+0x493/0x980 [ 815.998888][ C0] kthread+0x4b5/0x4f0 [ 815.998888][ C0] ? cpu_report_death+0x180/0x180 [ 815.998888][ C0] ? kthread_blkcg+0xf0/0xf0 [ 815.998888][ C0] ret_from_fork+0x35/0x40 [ 815.998888][ C0] Uninit was stored to memory at: [ 815.998888][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 815.998888][ C0] __msan_chain_origin+0x50/0x90 [ 815.998888][ C0] __skb_clone+0x939/0x970 [ 815.998888][ C0] skb_clone+0x404/0x5d0 [ 815.998888][ C0] br_flood+0xa8e/0xf90 [ 815.998888][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 815.998888][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 815.998888][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 815.998888][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 815.998888][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 815.998888][ C0] br_handle_frame+0xcd2/0x2050 [ 815.998888][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 815.998888][ C0] process_backlog+0x936/0x1410 [ 815.998888][ C0] net_rx_action+0x786/0x1aa0 [ 815.998888][ C0] __do_softirq+0x311/0x83d [ 815.998888][ C0] [ 815.998888][ C0] Uninit was stored to memory at: [ 815.998888][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 815.998888][ C0] __msan_chain_origin+0x50/0x90 [ 815.998888][ C0] __skb_clone+0x939/0x970 [ 815.998888][ C0] skb_clone+0x404/0x5d0 [ 815.998888][ C0] br_flood+0xa8e/0xf90 [ 815.998888][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 815.998888][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 815.998888][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 815.998888][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 815.998888][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 815.998888][ C0] br_handle_frame+0xcd2/0x2050 [ 815.998888][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 815.998888][ C0] process_backlog+0x936/0x1410 [ 815.998888][ C0] net_rx_action+0x786/0x1aa0 [ 815.998888][ C0] __do_softirq+0x311/0x83d [ 815.998888][ C0] [ 815.998888][ C0] Uninit was stored to memory at: [ 815.998888][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 815.998888][ C0] __msan_chain_origin+0x50/0x90 [ 815.998888][ C0] __skb_clone+0x939/0x970 [ 815.998888][ C0] skb_clone+0x404/0x5d0 [ 815.998888][ C0] br_flood+0xa8e/0xf90 [ 815.998888][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 815.998888][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 815.998888][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 815.998888][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 815.998888][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 815.998888][ C0] br_handle_frame+0xcd2/0x2050 [ 815.998888][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 815.998888][ C0] process_backlog+0x936/0x1410 [ 815.998888][ C0] net_rx_action+0x786/0x1aa0 [ 815.998888][ C0] __do_softirq+0x311/0x83d [ 815.998888][ C0] [ 815.998888][ C0] Uninit was stored to memory at: [ 815.998888][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 815.998888][ C0] __msan_chain_origin+0x50/0x90 [ 815.998888][ C0] __skb_clone+0x939/0x970 [ 815.998888][ C0] skb_clone+0x404/0x5d0 [ 815.998888][ C0] br_flood+0xa8e/0xf90 [ 815.998888][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 815.998888][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 815.998888][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 815.998888][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 815.998888][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 815.998888][ C0] br_handle_frame+0xcd2/0x2050 [ 815.998888][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 815.998888][ C0] process_backlog+0x936/0x1410 [ 815.998888][ C0] net_rx_action+0x786/0x1aa0 [ 815.998888][ C0] __do_softirq+0x311/0x83d [ 815.998888][ C0] [ 815.998888][ C0] Uninit was stored to memory at: [ 815.998888][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 815.998888][ C0] __msan_chain_origin+0x50/0x90 [ 815.998888][ C0] __skb_clone+0x939/0x970 [ 815.998888][ C0] skb_clone+0x404/0x5d0 [ 815.998888][ C0] br_flood+0xa8e/0xf90 [ 815.998888][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 815.998888][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 815.998888][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 815.998888][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 815.998888][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 815.998888][ C0] br_handle_frame+0xcd2/0x2050 [ 815.998888][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 815.998888][ C0] process_backlog+0x936/0x1410 [ 815.998888][ C0] net_rx_action+0x786/0x1aa0 [ 815.998888][ C0] __do_softirq+0x311/0x83d [ 815.998888][ C0] [ 815.998888][ C0] Uninit was stored to memory at: [ 815.998888][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 815.998888][ C0] __msan_chain_origin+0x50/0x90 [ 815.998888][ C0] __skb_clone+0x863/0x970 [ 815.998888][ C0] skb_clone+0x404/0x5d0 [ 815.998888][ C0] br_flood+0xa8e/0xf90 [ 815.998888][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 815.998888][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 815.998888][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 815.998888][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 815.998888][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 815.998888][ C0] br_handle_frame+0xcd2/0x2050 [ 815.998888][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 815.998888][ C0] process_backlog+0x936/0x1410 [ 815.998888][ C0] net_rx_action+0x786/0x1aa0 [ 815.998888][ C0] __do_softirq+0x311/0x83d [ 815.998888][ C0] [ 815.998888][ C0] Uninit was stored to memory at: [ 815.998888][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 815.998888][ C0] __msan_chain_origin+0x50/0x90 [ 815.998888][ C0] skb_clone+0x486/0x5d0 [ 815.998888][ C0] br_flood+0xa8e/0xf90 [ 815.998888][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 815.998888][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 815.998888][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 815.998888][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 815.998888][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 815.998888][ C0] br_handle_frame+0xcd2/0x2050 [ 815.998888][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 815.998888][ C0] process_backlog+0x936/0x1410 [ 815.998888][ C0] net_rx_action+0x786/0x1aa0 [ 815.998888][ C0] __do_softirq+0x311/0x83d [ 815.998888][ C0] [ 815.998888][ C0] Uninit was created at: [ 815.998888][ C0] kmsan_internal_poison_shadow+0x66/0xd0 [ 815.998888][ C0] kmsan_slab_alloc+0x8a/0xe0 [ 815.998888][ C0] kmem_cache_alloc+0x711/0xd70 [ 815.998888][ C0] skb_clone+0x328/0x5d0 [ 815.998888][ C0] br_flood+0xa8e/0xf90 [ 815.998888][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 815.998888][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 815.998888][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 815.998888][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 815.998888][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 815.998888][ C0] br_handle_frame+0xcd2/0x2050 [ 815.998888][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 815.998888][ C0] process_backlog+0x936/0x1410 [ 815.998888][ C0] net_rx_action+0x786/0x1aa0 [ 815.998888][ C0] __do_softirq+0x311/0x83d [ 821.400864][ C0] not chained 610000 origins [ 821.405899][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.6.0-rc7-syzkaller #0 [ 821.408893][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 821.408893][ C0] Call Trace: [ 821.408893][ C0] dump_stack+0x1c9/0x220 [ 821.408893][ C0] kmsan_internal_chain_origin+0x6f/0x130 [ 821.408893][ C0] ? kmsan_internal_chain_origin+0xad/0x130 [ 821.408893][ C0] ? __msan_chain_origin+0x50/0x90 [ 821.408893][ C0] ? __skb_clone+0x863/0x970 [ 821.408893][ C0] ? skb_clone+0x404/0x5d0 [ 821.408893][ C0] ? br_flood+0xa8e/0xf90 [ 821.408893][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 821.408893][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 821.408893][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 821.408893][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 821.408893][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 821.408893][ C0] ? br_handle_frame+0xcd2/0x2050 [ 821.408893][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 821.408893][ C0] ? process_backlog+0x936/0x1410 [ 821.408893][ C0] ? net_rx_action+0x786/0x1aa0 [ 821.408893][ C0] ? __do_softirq+0x311/0x83d [ 821.408893][ C0] ? run_ksoftirqd+0x25/0x40 [ 821.408893][ C0] ? smpboot_thread_fn+0x493/0x980 [ 821.408893][ C0] ? kthread+0x4b5/0x4f0 [ 821.408893][ C0] ? ret_from_fork+0x35/0x40 [ 821.408893][ C0] ? __msan_chain_origin+0x50/0x90 [ 821.408893][ C0] ? skb_clone+0x486/0x5d0 [ 821.408893][ C0] ? br_flood+0xa8e/0xf90 [ 821.408893][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 821.408893][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 821.408893][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 821.408893][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 821.408893][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 821.408893][ C0] ? br_handle_frame+0xcd2/0x2050 [ 821.408893][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 821.408893][ C0] ? process_backlog+0x936/0x1410 [ 821.408893][ C0] ? net_rx_action+0x786/0x1aa0 [ 821.408893][ C0] ? __do_softirq+0x311/0x83d [ 821.408893][ C0] ? run_ksoftirqd+0x25/0x40 [ 821.408893][ C0] ? smpboot_thread_fn+0x493/0x980 [ 821.408893][ C0] ? kthread+0x4b5/0x4f0 [ 821.408893][ C0] ? ret_from_fork+0x35/0x40 [ 821.408893][ C0] ? kmsan_memcpy_memmove_metadata+0x10c/0x2e0 [ 821.408893][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 821.408893][ C0] ? kmsan_set_origin_checked+0x95/0xf0 [ 821.408893][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 821.408893][ C0] __msan_chain_origin+0x50/0x90 [ 821.408893][ C0] __skb_clone+0x939/0x970 [ 821.408893][ C0] skb_clone+0x404/0x5d0 [ 821.408893][ C0] br_flood+0xa8e/0xf90 [ 821.408893][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 821.408893][ C0] ? brport_get_ownership+0xf0/0xf0 [ 821.408893][ C0] ? brport_get_ownership+0xf0/0xf0 [ 821.408893][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 821.408893][ C0] ? brport_get_ownership+0xf0/0xf0 [ 821.408893][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 821.408893][ C0] ? brport_get_ownership+0xf0/0xf0 [ 821.408893][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 821.408893][ C0] ? br_nf_pre_routing_ipv6+0x7f0/0x7f0 [ 821.408893][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 821.408893][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 821.408893][ C0] ? brnf_device_event+0x3c0/0x3c0 [ 821.408893][ C0] br_handle_frame+0xcd2/0x2050 [ 821.408893][ C0] ? brport_get_ownership+0xf0/0xf0 [ 821.408893][ C0] ? br_pass_frame_up+0x9c0/0x9c0 [ 821.408893][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 821.408893][ C0] ? __msan_poison_alloca+0xf0/0x120 [ 821.408893][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 821.408893][ C0] process_backlog+0x936/0x1410 [ 821.408893][ C0] ? ip_local_deliver_finish+0x350/0x350 [ 821.408893][ C0] ? rps_trigger_softirq+0x2e0/0x2e0 [ 821.408893][ C0] net_rx_action+0x786/0x1aa0 [ 821.408893][ C0] ? net_tx_action+0xc30/0xc30 [ 821.408893][ C0] __do_softirq+0x311/0x83d [ 821.408893][ C0] ? ksoftirqd_should_run+0x30/0x30 [ 821.408893][ C0] ? takeover_tasklets+0x8f0/0x8f0 [ 821.408893][ C0] run_ksoftirqd+0x25/0x40 [ 821.408893][ C0] smpboot_thread_fn+0x493/0x980 [ 821.408893][ C0] kthread+0x4b5/0x4f0 [ 821.408893][ C0] ? cpu_report_death+0x180/0x180 [ 821.408893][ C0] ? kthread_blkcg+0xf0/0xf0 [ 821.408893][ C0] ret_from_fork+0x35/0x40 [ 821.408893][ C0] Uninit was stored to memory at: [ 821.408893][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 821.408893][ C0] __msan_chain_origin+0x50/0x90 [ 821.408893][ C0] __skb_clone+0x939/0x970 [ 821.408893][ C0] skb_clone+0x404/0x5d0 [ 821.408893][ C0] br_flood+0xa8e/0xf90 [ 821.408893][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 821.408893][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 821.408893][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 821.408893][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 821.408893][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 821.408893][ C0] br_handle_frame+0xcd2/0x2050 [ 821.408893][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 821.408893][ C0] process_backlog+0x936/0x1410 [ 821.408893][ C0] net_rx_action+0x786/0x1aa0 [ 821.408893][ C0] __do_softirq+0x311/0x83d [ 821.408893][ C0] [ 821.408893][ C0] Uninit was stored to memory at: [ 821.408893][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 821.408893][ C0] __msan_chain_origin+0x50/0x90 [ 821.408893][ C0] __skb_clone+0x939/0x970 [ 821.408893][ C0] skb_clone+0x404/0x5d0 [ 821.408893][ C0] br_flood+0xa8e/0xf90 [ 821.408893][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 821.408893][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 821.408893][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 821.408893][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 821.408893][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 821.408893][ C0] br_handle_frame+0xcd2/0x2050 [ 821.408893][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 821.408893][ C0] process_backlog+0x936/0x1410 [ 821.408893][ C0] net_rx_action+0x786/0x1aa0 [ 821.408893][ C0] __do_softirq+0x311/0x83d [ 821.408893][ C0] [ 821.408893][ C0] Uninit was stored to memory at: [ 821.408893][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 821.408893][ C0] __msan_chain_origin+0x50/0x90 [ 821.408893][ C0] __skb_clone+0x939/0x970 [ 821.408893][ C0] skb_clone+0x404/0x5d0 [ 821.408893][ C0] br_flood+0xa8e/0xf90 [ 821.408893][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 821.408893][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 821.408893][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 821.408893][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 821.408893][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 821.408893][ C0] br_handle_frame+0xcd2/0x2050 [ 821.408893][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 821.408893][ C0] process_backlog+0x936/0x1410 [ 821.408893][ C0] net_rx_action+0x786/0x1aa0 [ 821.408893][ C0] __do_softirq+0x311/0x83d [ 821.408893][ C0] [ 821.408893][ C0] Uninit was stored to memory at: [ 821.408893][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 821.408893][ C0] __msan_chain_origin+0x50/0x90 [ 821.408893][ C0] __skb_clone+0x939/0x970 [ 821.408893][ C0] skb_clone+0x404/0x5d0 [ 821.408893][ C0] br_flood+0xa8e/0xf90 [ 821.408893][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 821.408893][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 821.408893][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 821.408893][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 821.408893][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 821.408893][ C0] br_handle_frame+0xcd2/0x2050 [ 821.408893][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 821.408893][ C0] process_backlog+0x936/0x1410 [ 821.408893][ C0] net_rx_action+0x786/0x1aa0 [ 821.408893][ C0] __do_softirq+0x311/0x83d [ 821.408893][ C0] [ 821.408893][ C0] Uninit was stored to memory at: [ 821.408893][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 821.408893][ C0] __msan_chain_origin+0x50/0x90 [ 821.408893][ C0] __skb_clone+0x939/0x970 [ 821.408893][ C0] skb_clone+0x404/0x5d0 [ 821.408893][ C0] br_flood+0xa8e/0xf90 [ 821.408893][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 821.408893][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 821.408893][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 821.408893][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 821.408893][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 821.408893][ C0] br_handle_frame+0xcd2/0x2050 [ 821.408893][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 821.408893][ C0] process_backlog+0x936/0x1410 [ 821.408893][ C0] net_rx_action+0x786/0x1aa0 [ 821.408893][ C0] __do_softirq+0x311/0x83d [ 821.408893][ C0] [ 821.408893][ C0] Uninit was stored to memory at: [ 821.408893][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 821.408893][ C0] __msan_chain_origin+0x50/0x90 [ 821.408893][ C0] __skb_clone+0x863/0x970 [ 821.408893][ C0] skb_clone+0x404/0x5d0 [ 821.408893][ C0] br_flood+0xa8e/0xf90 [ 821.408893][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 821.408893][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 821.408893][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 821.408893][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 821.408893][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 821.408893][ C0] br_handle_frame+0xcd2/0x2050 [ 821.408893][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 821.408893][ C0] process_backlog+0x936/0x1410 [ 821.408893][ C0] net_rx_action+0x786/0x1aa0 [ 821.408893][ C0] __do_softirq+0x311/0x83d [ 821.408893][ C0] [ 821.408893][ C0] Uninit was stored to memory at: [ 821.408893][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 821.408893][ C0] __msan_chain_origin+0x50/0x90 [ 821.408893][ C0] skb_clone+0x486/0x5d0 [ 821.408893][ C0] br_flood+0xa8e/0xf90 [ 821.408893][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 821.408893][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 821.408893][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 821.408893][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 821.408893][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 821.408893][ C0] br_handle_frame+0xcd2/0x2050 [ 821.408893][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 821.408893][ C0] process_backlog+0x936/0x1410 [ 821.408893][ C0] net_rx_action+0x786/0x1aa0 [ 821.408893][ C0] __do_softirq+0x311/0x83d [ 821.408893][ C0] [ 821.408893][ C0] Uninit was created at: [ 821.408893][ C0] kmsan_internal_poison_shadow+0x66/0xd0 [ 821.408893][ C0] kmsan_slab_alloc+0x8a/0xe0 [ 821.408893][ C0] kmem_cache_alloc+0x711/0xd70 [ 821.408893][ C0] skb_clone+0x328/0x5d0 [ 821.408893][ C0] br_flood+0xa8e/0xf90 [ 821.408893][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 821.408893][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 821.408893][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 821.408893][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 821.408893][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 821.408893][ C0] br_handle_frame+0xcd2/0x2050 [ 821.408893][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 821.408893][ C0] process_backlog+0x936/0x1410 [ 821.408893][ C0] net_rx_action+0x786/0x1aa0 [ 821.408893][ C0] __do_softirq+0x311/0x83d [ 826.828395][ C1] not chained 620000 origins [ 826.828876][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.6.0-rc7-syzkaller #0 [ 826.828876][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 826.828876][ C1] Call Trace: [ 826.828876][ C1] dump_stack+0x1c9/0x220 [ 826.828876][ C1] kmsan_internal_chain_origin+0x6f/0x130 [ 826.828876][ C1] ? kmsan_internal_chain_origin+0xad/0x130 [ 826.828876][ C1] ? __msan_chain_origin+0x50/0x90 [ 826.828876][ C1] ? __skb_clone+0x863/0x970 [ 826.828876][ C1] ? skb_clone+0x404/0x5d0 [ 826.828876][ C1] ? br_flood+0xa8e/0xf90 [ 826.828876][ C1] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 826.828876][ C1] ? br_nf_hook_thresh+0x4f7/0x680 [ 826.828876][ C1] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 826.828876][ C1] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 826.828876][ C1] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 826.828876][ C1] ? br_handle_frame+0xcd2/0x2050 [ 826.828876][ C1] ? __netif_receive_skb_core+0x21de/0x5840 [ 826.828876][ C1] ? process_backlog+0x936/0x1410 [ 826.828876][ C1] ? net_rx_action+0x786/0x1aa0 [ 826.828876][ C1] ? __do_softirq+0x311/0x83d [ 826.828876][ C1] ? run_ksoftirqd+0x25/0x40 [ 826.828876][ C1] ? smpboot_thread_fn+0x493/0x980 [ 826.828876][ C1] ? kthread+0x4b5/0x4f0 [ 826.828876][ C1] ? ret_from_fork+0x35/0x40 [ 826.828876][ C1] ? __msan_chain_origin+0x50/0x90 [ 826.828876][ C1] ? skb_clone+0x486/0x5d0 [ 826.828876][ C1] ? br_flood+0xa8e/0xf90 [ 826.828876][ C1] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 826.828876][ C1] ? br_nf_hook_thresh+0x4f7/0x680 [ 826.828876][ C1] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 826.828876][ C1] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 826.828876][ C1] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 826.828876][ C1] ? br_handle_frame+0xcd2/0x2050 [ 826.828876][ C1] ? __netif_receive_skb_core+0x21de/0x5840 [ 826.828876][ C1] ? process_backlog+0x936/0x1410 [ 826.828876][ C1] ? net_rx_action+0x786/0x1aa0 [ 826.828876][ C1] ? __do_softirq+0x311/0x83d [ 826.828876][ C1] ? run_ksoftirqd+0x25/0x40 [ 826.828876][ C1] ? smpboot_thread_fn+0x493/0x980 [ 826.828876][ C1] ? kthread+0x4b5/0x4f0 [ 826.828876][ C1] ? ret_from_fork+0x35/0x40 [ 826.828876][ C1] ? kmsan_memcpy_memmove_metadata+0x10c/0x2e0 [ 826.828876][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 826.828876][ C1] ? kmsan_set_origin_checked+0x95/0xf0 [ 826.828876][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 826.828876][ C1] __msan_chain_origin+0x50/0x90 [ 826.828876][ C1] __skb_clone+0x939/0x970 [ 826.828876][ C1] skb_clone+0x404/0x5d0 [ 826.828876][ C1] br_flood+0xa8e/0xf90 [ 827.104475][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 827.104475][ C1] ? brport_get_ownership+0xf0/0xf0 [ 827.104475][ C1] ? brport_get_ownership+0xf0/0xf0 [ 827.104475][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 827.104475][ C1] ? brport_get_ownership+0xf0/0xf0 [ 827.104475][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 827.104475][ C1] ? brport_get_ownership+0xf0/0xf0 [ 827.104475][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 827.104475][ C1] ? br_nf_pre_routing_ipv6+0x7f0/0x7f0 [ 827.104475][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 827.104475][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 827.104475][ C1] ? brnf_device_event+0x3c0/0x3c0 [ 827.104475][ C1] br_handle_frame+0xcd2/0x2050 [ 827.104475][ C1] ? brport_get_ownership+0xf0/0xf0 [ 827.104475][ C1] ? br_pass_frame_up+0x9c0/0x9c0 [ 827.104475][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 827.104475][ C1] ? __msan_poison_alloca+0xf0/0x120 [ 827.104475][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 827.104475][ C1] process_backlog+0x936/0x1410 [ 827.104475][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 827.104475][ C1] ? ip_local_deliver_finish+0x350/0x350 [ 827.104475][ C1] ? rps_trigger_softirq+0x2e0/0x2e0 [ 827.104475][ C1] net_rx_action+0x786/0x1aa0 [ 827.104475][ C1] ? net_tx_action+0xc30/0xc30 [ 827.104475][ C1] __do_softirq+0x311/0x83d [ 827.104475][ C1] ? ksoftirqd_should_run+0x30/0x30 [ 827.104475][ C1] ? takeover_tasklets+0x8f0/0x8f0 [ 827.104475][ C1] run_ksoftirqd+0x25/0x40 [ 827.104475][ C1] smpboot_thread_fn+0x493/0x980 [ 827.104475][ C1] kthread+0x4b5/0x4f0 [ 827.104475][ C1] ? cpu_report_death+0x180/0x180 [ 827.104475][ C1] ? kthread_blkcg+0xf0/0xf0 [ 827.104475][ C1] ret_from_fork+0x35/0x40 00:15:13 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 00:15:13 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:15:13 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 00:15:13 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:15:13 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x2f, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000580)=""/228, 0xe4}, @fda}, &(0x7f0000000100)={0x0, 0x28, 0x50}}}], 0xfeffff, 0x2, 0x0}) [ 827.104475][ C1] Uninit was stored to memory at: [ 827.104475][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 827.284535][ C1] __msan_chain_origin+0x50/0x90 [ 827.284535][ C1] __skb_clone+0x939/0x970 [ 827.284535][ C1] skb_clone+0x404/0x5d0 [ 827.284535][ C1] br_flood+0xa8e/0xf90 [ 827.284535][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 827.284535][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 827.284535][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 827.284535][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 827.329453][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 827.331150][ C1] br_handle_frame+0xcd2/0x2050 [ 827.331150][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 827.342495][ C1] process_backlog+0x936/0x1410 [ 827.342495][ C1] net_rx_action+0x786/0x1aa0 [ 827.342495][ C1] __do_softirq+0x311/0x83d [ 827.342495][ C1] [ 827.342495][ C1] Uninit was stored to memory at: [ 827.342495][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 827.342495][ C1] __msan_chain_origin+0x50/0x90 [ 827.342495][ C1] __skb_clone+0x939/0x970 [ 827.342495][ C1] skb_clone+0x404/0x5d0 [ 827.342495][ C1] br_flood+0xa8e/0xf90 [ 827.342495][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 827.342495][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 827.342495][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 827.342495][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 827.342495][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 827.342495][ C1] br_handle_frame+0xcd2/0x2050 [ 827.342495][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 827.342495][ C1] process_backlog+0x936/0x1410 [ 827.342495][ C1] net_rx_action+0x786/0x1aa0 [ 827.342495][ C1] __do_softirq+0x311/0x83d [ 827.342495][ C1] [ 827.342495][ C1] Uninit was stored to memory at: [ 827.342495][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 827.342495][ C1] __msan_chain_origin+0x50/0x90 [ 827.342495][ C1] __skb_clone+0x939/0x970 [ 827.342495][ C1] skb_clone+0x404/0x5d0 [ 827.342495][ C1] br_flood+0xa8e/0xf90 [ 827.342495][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 827.342495][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 827.342495][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 827.342495][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 827.342495][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 827.342495][ C1] br_handle_frame+0xcd2/0x2050 [ 827.342495][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 827.342495][ C1] process_backlog+0x936/0x1410 [ 827.342495][ C1] net_rx_action+0x786/0x1aa0 [ 827.342495][ C1] __do_softirq+0x311/0x83d [ 827.342495][ C1] [ 827.342495][ C1] Uninit was stored to memory at: [ 827.342495][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 827.342495][ C1] __msan_chain_origin+0x50/0x90 [ 827.342495][ C1] __skb_clone+0x939/0x970 [ 827.342495][ C1] skb_clone+0x404/0x5d0 [ 827.342495][ C1] br_flood+0xa8e/0xf90 [ 827.342495][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 827.342495][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 827.342495][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 827.342495][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 827.342495][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 827.342495][ C1] br_handle_frame+0xcd2/0x2050 [ 827.342495][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 827.342495][ C1] process_backlog+0x936/0x1410 [ 827.342495][ C1] net_rx_action+0x786/0x1aa0 [ 827.342495][ C1] __do_softirq+0x311/0x83d [ 827.342495][ C1] [ 827.342495][ C1] Uninit was stored to memory at: [ 827.342495][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 827.342495][ C1] __msan_chain_origin+0x50/0x90 [ 827.342495][ C1] __skb_clone+0x939/0x970 [ 827.342495][ C1] skb_clone+0x404/0x5d0 [ 827.342495][ C1] br_flood+0xa8e/0xf90 [ 827.342495][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 827.342495][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 827.342495][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 827.342495][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 827.342495][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 827.342495][ C1] br_handle_frame+0xcd2/0x2050 [ 827.342495][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 827.342495][ C1] process_backlog+0x936/0x1410 [ 827.342495][ C1] net_rx_action+0x786/0x1aa0 [ 827.342495][ C1] __do_softirq+0x311/0x83d [ 827.342495][ C1] [ 827.342495][ C1] Uninit was stored to memory at: [ 827.342495][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 827.342495][ C1] __msan_chain_origin+0x50/0x90 [ 827.342495][ C1] __skb_clone+0x863/0x970 [ 827.342495][ C1] skb_clone+0x404/0x5d0 [ 827.342495][ C1] br_flood+0xa8e/0xf90 [ 827.342495][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 827.342495][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 827.342495][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 827.342495][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 827.342495][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 827.342495][ C1] br_handle_frame+0xcd2/0x2050 [ 827.342495][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 827.342495][ C1] process_backlog+0x936/0x1410 [ 827.342495][ C1] net_rx_action+0x786/0x1aa0 [ 827.342495][ C1] __do_softirq+0x311/0x83d [ 827.342495][ C1] [ 827.342495][ C1] Uninit was stored to memory at: [ 827.342495][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 827.342495][ C1] __msan_chain_origin+0x50/0x90 [ 827.342495][ C1] skb_clone+0x486/0x5d0 [ 827.342495][ C1] br_flood+0xa8e/0xf90 [ 827.342495][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 827.342495][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 827.342495][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 827.342495][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 827.342495][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 827.342495][ C1] br_handle_frame+0xcd2/0x2050 [ 827.342495][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 827.342495][ C1] process_backlog+0x936/0x1410 [ 827.342495][ C1] net_rx_action+0x786/0x1aa0 [ 827.342495][ C1] __do_softirq+0x311/0x83d [ 827.342495][ C1] [ 827.342495][ C1] Uninit was created at: [ 827.342495][ C1] kmsan_internal_poison_shadow+0x66/0xd0 [ 827.342495][ C1] kmsan_slab_alloc+0x8a/0xe0 [ 827.342495][ C1] kmem_cache_alloc+0x711/0xd70 [ 827.342495][ C1] skb_clone+0x328/0x5d0 [ 827.342495][ C1] br_flood+0xa8e/0xf90 [ 827.342495][ C1] br_handle_frame_finish+0x1a00/0x1bb0 [ 827.342495][ C1] br_nf_hook_thresh+0x4f7/0x680 [ 827.342495][ C1] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 827.342495][ C1] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 827.342495][ C1] br_nf_pre_routing+0xd0e/0x1fd0 [ 827.342495][ C1] br_handle_frame+0xcd2/0x2050 [ 827.342495][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 827.342495][ C1] process_backlog+0x936/0x1410 [ 827.342495][ C1] net_rx_action+0x786/0x1aa0 [ 827.342495][ C1] __do_softirq+0x311/0x83d [ 828.176345][T14093] binder: 14091:14093 unknown command 0 [ 828.182540][T14093] binder: 14091:14093 ioctl c0306201 20000280 returned -22 [ 828.222289][T14101] binder: 14091:14101 ioctl c0306201 20000540 returned -14 00:15:14 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:15:14 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext, 0x41800, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:15:14 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r2, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) shutdown(r1, 0x1) socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$procfs(0xffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000500)={r5, 0x8000}, 0x8) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x613c3bf68bef511d) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 828.633230][T14117] kvm [14113]: vcpu0, guest rIP: 0x135 Hyper-V unhandled rdmsr: 0x40000024 [ 829.672239][T14137] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 829.719086][T14142] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 833.576893][ C0] not chained 630000 origins [ 833.578868][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.6.0-rc7-syzkaller #0 [ 833.578868][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 833.578868][ C0] Call Trace: [ 833.578868][ C0] dump_stack+0x1c9/0x220 [ 833.578868][ C0] kmsan_internal_chain_origin+0x6f/0x130 [ 833.578868][ C0] ? kmsan_internal_chain_origin+0xad/0x130 [ 833.578868][ C0] ? __msan_chain_origin+0x50/0x90 [ 833.578868][ C0] ? __skb_clone+0x863/0x970 [ 833.578868][ C0] ? skb_clone+0x404/0x5d0 [ 833.578868][ C0] ? br_flood+0xa8e/0xf90 [ 833.578868][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 833.578868][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 833.578868][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 833.578868][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 833.578868][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 833.578868][ C0] ? br_handle_frame+0xcd2/0x2050 [ 833.578868][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 833.578868][ C0] ? process_backlog+0x936/0x1410 [ 833.578868][ C0] ? net_rx_action+0x786/0x1aa0 [ 833.578868][ C0] ? __do_softirq+0x311/0x83d [ 833.578868][ C0] ? run_ksoftirqd+0x25/0x40 [ 833.578868][ C0] ? smpboot_thread_fn+0x493/0x980 [ 833.578868][ C0] ? kthread+0x4b5/0x4f0 [ 833.578868][ C0] ? ret_from_fork+0x35/0x40 [ 833.578868][ C0] ? __msan_chain_origin+0x50/0x90 [ 833.578868][ C0] ? skb_clone+0x486/0x5d0 [ 833.578868][ C0] ? br_flood+0xa8e/0xf90 [ 833.578868][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 833.578868][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 833.578868][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 833.578868][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 833.578868][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 833.578868][ C0] ? br_handle_frame+0xcd2/0x2050 [ 833.578868][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 833.578868][ C0] ? process_backlog+0x936/0x1410 [ 833.578868][ C0] ? net_rx_action+0x786/0x1aa0 [ 833.578868][ C0] ? __do_softirq+0x311/0x83d [ 833.578868][ C0] ? run_ksoftirqd+0x25/0x40 [ 833.578868][ C0] ? smpboot_thread_fn+0x493/0x980 [ 833.578868][ C0] ? kthread+0x4b5/0x4f0 [ 833.578868][ C0] ? ret_from_fork+0x35/0x40 [ 833.578868][ C0] ? kmsan_memcpy_memmove_metadata+0x10c/0x2e0 [ 833.578868][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 833.578868][ C0] ? kmsan_set_origin_checked+0x95/0xf0 [ 833.578868][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 833.578868][ C0] __msan_chain_origin+0x50/0x90 [ 833.578868][ C0] __skb_clone+0x939/0x970 [ 833.578868][ C0] skb_clone+0x404/0x5d0 [ 833.578868][ C0] br_flood+0xa8e/0xf90 [ 833.578868][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 833.578868][ C0] ? brport_get_ownership+0xf0/0xf0 [ 833.578868][ C0] ? brport_get_ownership+0xf0/0xf0 [ 833.578868][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 833.578868][ C0] ? brport_get_ownership+0xf0/0xf0 [ 833.578868][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 833.578868][ C0] ? brport_get_ownership+0xf0/0xf0 [ 833.578868][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 833.578868][ C0] ? br_nf_pre_routing_ipv6+0x7f0/0x7f0 [ 833.578868][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 833.578868][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 833.578868][ C0] ? brnf_device_event+0x3c0/0x3c0 [ 833.578868][ C0] br_handle_frame+0xcd2/0x2050 [ 833.578868][ C0] ? brport_get_ownership+0xf0/0xf0 [ 833.578868][ C0] ? br_pass_frame_up+0x9c0/0x9c0 [ 833.578868][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 833.578868][ C0] ? __msan_poison_alloca+0xf0/0x120 [ 833.578868][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 833.578868][ C0] process_backlog+0x936/0x1410 [ 833.578868][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 833.578868][ C0] ? ip_local_deliver_finish+0x350/0x350 [ 833.578868][ C0] ? rps_trigger_softirq+0x2e0/0x2e0 [ 833.578868][ C0] net_rx_action+0x786/0x1aa0 [ 833.578868][ C0] ? net_tx_action+0xc30/0xc30 [ 833.578868][ C0] __do_softirq+0x311/0x83d [ 833.578868][ C0] ? ksoftirqd_should_run+0x30/0x30 [ 833.578868][ C0] ? takeover_tasklets+0x8f0/0x8f0 [ 833.578868][ C0] run_ksoftirqd+0x25/0x40 [ 833.578868][ C0] smpboot_thread_fn+0x493/0x980 [ 833.578868][ C0] kthread+0x4b5/0x4f0 [ 833.578868][ C0] ? cpu_report_death+0x180/0x180 [ 833.578868][ C0] ? kthread_blkcg+0xf0/0xf0 [ 833.578868][ C0] ret_from_fork+0x35/0x40 [ 833.578868][ C0] Uninit was stored to memory at: [ 833.578868][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 833.578868][ C0] __msan_chain_origin+0x50/0x90 [ 833.578868][ C0] __skb_clone+0x939/0x970 [ 833.578868][ C0] skb_clone+0x404/0x5d0 [ 833.578868][ C0] br_flood+0xa8e/0xf90 [ 833.578868][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 833.578868][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 833.578868][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 833.578868][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 833.578868][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 833.578868][ C0] br_handle_frame+0xcd2/0x2050 [ 833.578868][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 833.578868][ C0] process_backlog+0x936/0x1410 [ 833.578868][ C0] net_rx_action+0x786/0x1aa0 [ 833.578868][ C0] __do_softirq+0x311/0x83d [ 833.578868][ C0] [ 833.578868][ C0] Uninit was stored to memory at: [ 833.578868][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 833.578868][ C0] __msan_chain_origin+0x50/0x90 [ 833.578868][ C0] __skb_clone+0x939/0x970 [ 833.578868][ C0] skb_clone+0x404/0x5d0 [ 833.578868][ C0] br_flood+0xa8e/0xf90 [ 833.578868][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 833.578868][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 833.578868][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 833.578868][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 833.578868][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 833.578868][ C0] br_handle_frame+0xcd2/0x2050 [ 833.578868][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 833.578868][ C0] process_backlog+0x936/0x1410 [ 833.578868][ C0] net_rx_action+0x786/0x1aa0 [ 833.578868][ C0] __do_softirq+0x311/0x83d [ 833.578868][ C0] [ 833.578868][ C0] Uninit was stored to memory at: [ 833.578868][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 833.578868][ C0] __msan_chain_origin+0x50/0x90 [ 833.578868][ C0] __skb_clone+0x939/0x970 [ 833.578868][ C0] skb_clone+0x404/0x5d0 [ 833.578868][ C0] br_flood+0xa8e/0xf90 [ 833.578868][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 833.578868][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 833.578868][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 833.578868][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 833.578868][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 833.578868][ C0] br_handle_frame+0xcd2/0x2050 [ 833.578868][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 833.578868][ C0] process_backlog+0x936/0x1410 [ 833.578868][ C0] net_rx_action+0x786/0x1aa0 [ 833.578868][ C0] __do_softirq+0x311/0x83d [ 833.578868][ C0] [ 833.578868][ C0] Uninit was stored to memory at: [ 833.578868][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 833.578868][ C0] __msan_chain_origin+0x50/0x90 [ 833.578868][ C0] __skb_clone+0x939/0x970 [ 833.578868][ C0] skb_clone+0x404/0x5d0 [ 833.578868][ C0] br_flood+0xa8e/0xf90 [ 833.578868][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 833.578868][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 833.578868][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 833.578868][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 833.578868][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 833.578868][ C0] br_handle_frame+0xcd2/0x2050 [ 833.578868][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 833.578868][ C0] process_backlog+0x936/0x1410 [ 833.578868][ C0] net_rx_action+0x786/0x1aa0 [ 833.578868][ C0] __do_softirq+0x311/0x83d [ 833.578868][ C0] [ 833.578868][ C0] Uninit was stored to memory at: [ 833.578868][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 833.578868][ C0] __msan_chain_origin+0x50/0x90 [ 833.578868][ C0] __skb_clone+0x939/0x970 [ 833.578868][ C0] skb_clone+0x404/0x5d0 [ 833.578868][ C0] br_flood+0xa8e/0xf90 [ 833.578868][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 833.578868][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 833.578868][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 833.578868][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 833.578868][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 833.578868][ C0] br_handle_frame+0xcd2/0x2050 [ 833.578868][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 833.578868][ C0] process_backlog+0x936/0x1410 [ 833.578868][ C0] net_rx_action+0x786/0x1aa0 [ 833.578868][ C0] __do_softirq+0x311/0x83d [ 833.578868][ C0] [ 833.578868][ C0] Uninit was stored to memory at: [ 833.578868][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 833.578868][ C0] __msan_chain_origin+0x50/0x90 [ 833.578868][ C0] __skb_clone+0x863/0x970 [ 833.578868][ C0] skb_clone+0x404/0x5d0 [ 833.578868][ C0] br_flood+0xa8e/0xf90 [ 833.578868][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 833.578868][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 833.578868][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 833.578868][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 833.578868][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 833.578868][ C0] br_handle_frame+0xcd2/0x2050 [ 833.578868][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 833.578868][ C0] __netif_receive_skb_list_core+0x315/0x1380 [ 833.578868][ C0] netif_receive_skb_list_internal+0xf62/0x1620 [ 833.578868][ C0] napi_gro_receive+0xae7/0xf90 [ 833.578868][ C0] gro_cell_poll+0x24c/0x400 [ 833.578868][ C0] net_rx_action+0x786/0x1aa0 [ 833.578868][ C0] __do_softirq+0x311/0x83d [ 833.578868][ C0] [ 833.578868][ C0] Uninit was stored to memory at: [ 833.578868][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 833.578868][ C0] __msan_chain_origin+0x50/0x90 [ 833.578868][ C0] skb_clone+0x486/0x5d0 [ 833.578868][ C0] br_flood+0xa8e/0xf90 [ 833.578868][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 833.578868][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 833.578868][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 833.578868][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 833.578868][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 833.578868][ C0] br_handle_frame+0xcd2/0x2050 [ 833.578868][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 833.578868][ C0] __netif_receive_skb_list_core+0x315/0x1380 [ 833.578868][ C0] netif_receive_skb_list_internal+0xf62/0x1620 [ 833.578868][ C0] napi_gro_receive+0xae7/0xf90 [ 833.578868][ C0] gro_cell_poll+0x24c/0x400 [ 833.578868][ C0] net_rx_action+0x786/0x1aa0 [ 833.578868][ C0] __do_softirq+0x311/0x83d [ 833.578868][ C0] [ 833.578868][ C0] Uninit was created at: [ 833.578868][ C0] kmsan_internal_poison_shadow+0x66/0xd0 [ 833.578868][ C0] kmsan_slab_alloc+0x8a/0xe0 [ 833.578868][ C0] kmem_cache_alloc+0x711/0xd70 [ 833.578868][ C0] skb_clone+0x328/0x5d0 [ 833.578868][ C0] br_flood+0xa8e/0xf90 [ 833.578868][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 833.578868][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 833.578868][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 833.578868][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 833.578868][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 833.578868][ C0] br_handle_frame+0xcd2/0x2050 [ 833.578868][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 833.578868][ C0] __netif_receive_skb_list_core+0x315/0x1380 [ 833.578868][ C0] netif_receive_skb_list_internal+0xf62/0x1620 [ 833.578868][ C0] napi_gro_receive+0xae7/0xf90 [ 833.578868][ C0] gro_cell_poll+0x24c/0x400 [ 833.578868][ C0] net_rx_action+0x786/0x1aa0 [ 833.578868][ C0] __do_softirq+0x311/0x83d [ 839.107705][ C0] not chained 640000 origins [ 839.112674][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.6.0-rc7-syzkaller #0 [ 839.121011][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 839.122546][ C0] Call Trace: [ 839.122546][ C0] dump_stack+0x1c9/0x220 [ 839.122546][ C0] ? __dev_queue_xmit+0x2f8d/0x3b20 [ 839.122546][ C0] kmsan_internal_chain_origin+0x6f/0x130 [ 839.122546][ C0] ? br_flood+0xb0b/0xf90 [ 839.122546][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 839.122546][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 839.122546][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 839.122546][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 839.122546][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 839.122546][ C0] ? br_handle_frame+0xcd2/0x2050 [ 839.122546][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 839.122546][ C0] ? process_backlog+0x936/0x1410 [ 839.122546][ C0] ? net_rx_action+0x786/0x1aa0 [ 839.122546][ C0] ? __do_softirq+0x311/0x83d [ 839.122546][ C0] ? run_ksoftirqd+0x25/0x40 [ 839.122546][ C0] ? smpboot_thread_fn+0x493/0x980 [ 839.122546][ C0] ? kthread+0x4b5/0x4f0 [ 839.122546][ C0] ? ret_from_fork+0x35/0x40 [ 839.122546][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 839.122546][ C0] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 839.122546][ C0] ? should_fail+0x72/0x9e0 [ 839.122546][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 839.122546][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 839.122546][ C0] ? __should_failslab+0x1f6/0x290 [ 839.122546][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 839.122546][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 839.122546][ C0] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 839.122546][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 839.122546][ C0] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 839.122546][ C0] kmsan_memcpy_metadata+0xb/0x10 [ 839.122546][ C0] __msan_memcpy+0x43/0x50 [ 839.122546][ C0] pskb_expand_head+0x38b/0x1b00 [ 839.122546][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 839.122546][ C0] geneve_build_skb+0x4c0/0xe00 [ 839.122546][ C0] geneve_xmit+0x25a3/0x2c20 [ 839.122546][ C0] ? geneve_stop+0x400/0x400 [ 839.122546][ C0] dev_hard_start_xmit+0x531/0xab0 [ 839.122546][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 839.122546][ C0] __dev_queue_xmit+0x2f8d/0x3b20 [ 839.122546][ C0] dev_queue_xmit+0x4b/0x60 [ 839.122546][ C0] br_dev_queue_push_xmit+0x7f5/0x8b0 [ 839.122546][ C0] ? __skb_ext_del+0x33f/0x450 [ 839.122546][ C0] br_nf_dev_queue_xmit+0x693/0x1910 [ 839.122546][ C0] br_nf_post_routing+0x152e/0x17e0 [ 839.122546][ C0] ? br_nf_forward_finish+0x11a0/0x11a0 [ 839.122546][ C0] ? br_nf_forward_arp+0x1370/0x1370 [ 839.122546][ C0] nf_hook_slow+0x16e/0x400 [ 839.122546][ C0] br_forward_finish+0x24a/0x3f0 [ 839.122546][ C0] ? fdb_add_hw_addr+0x4f0/0x4f0 [ 839.122546][ C0] br_nf_forward_finish+0xf47/0x11a0 [ 839.122546][ C0] ? br_dev_queue_push_xmit+0x8b0/0x8b0 [ 839.122546][ C0] br_nf_forward_ip+0x1d4e/0x1f30 [ 839.122546][ C0] ? br_nf_pre_routing_finish+0x2470/0x2470 [ 839.122546][ C0] ? br_nf_pre_routing+0x1fd0/0x1fd0 [ 839.122546][ C0] nf_hook_slow+0x16e/0x400 [ 839.122546][ C0] __br_forward+0x75c/0xe30 [ 839.122546][ C0] ? br_dev_queue_push_xmit+0x8b0/0x8b0 [ 839.122546][ C0] br_flood+0xb0b/0xf90 [ 839.122546][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 839.122546][ C0] ? brport_get_ownership+0xf0/0xf0 [ 839.122546][ C0] ? brport_get_ownership+0xf0/0xf0 [ 839.122546][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 839.122546][ C0] ? brport_get_ownership+0xf0/0xf0 [ 839.122546][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 839.482207][ C0] ? brport_get_ownership+0xf0/0xf0 [ 839.482207][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 839.482207][ C0] ? br_nf_pre_routing_ipv6+0x7f0/0x7f0 [ 839.482207][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 839.482207][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 839.482207][ C0] ? brnf_device_event+0x3c0/0x3c0 [ 839.482207][ C0] br_handle_frame+0xcd2/0x2050 [ 839.482207][ C0] ? brport_get_ownership+0xf0/0xf0 [ 839.482207][ C0] ? br_pass_frame_up+0x9c0/0x9c0 [ 839.482207][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 839.482207][ C0] ? __msan_poison_alloca+0xf0/0x120 [ 839.482207][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 839.482207][ C0] process_backlog+0x936/0x1410 [ 839.482207][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 839.482207][ C0] ? ip_local_deliver_finish+0x350/0x350 [ 839.482207][ C0] ? rps_trigger_softirq+0x2e0/0x2e0 [ 839.482207][ C0] net_rx_action+0x786/0x1aa0 [ 839.482207][ C0] ? net_tx_action+0xc30/0xc30 [ 839.482207][ C0] __do_softirq+0x311/0x83d [ 839.482207][ C0] ? ksoftirqd_should_run+0x30/0x30 [ 839.482207][ C0] ? takeover_tasklets+0x8f0/0x8f0 [ 839.482207][ C0] run_ksoftirqd+0x25/0x40 [ 839.482207][ C0] smpboot_thread_fn+0x493/0x980 [ 839.482207][ C0] kthread+0x4b5/0x4f0 [ 839.482207][ C0] ? cpu_report_death+0x180/0x180 [ 839.482207][ C0] ? kthread_blkcg+0xf0/0xf0 [ 839.482207][ C0] ret_from_fork+0x35/0x40 [ 839.636202][ C0] Uninit was stored to memory at: [ 839.641575][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 839.647502][ C0] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 839.654199][ C0] kmsan_memcpy_metadata+0xb/0x10 [ 839.660437][ C0] __msan_memcpy+0x43/0x50 [ 839.666278][ C0] pskb_expand_head+0x38b/0x1b00 [ 839.671599][ C0] geneve_build_skb+0x4c0/0xe00 [ 839.676898][ C0] geneve_xmit+0x25a3/0x2c20 [ 839.681851][ C0] dev_hard_start_xmit+0x531/0xab0 [ 839.687156][ C0] __dev_queue_xmit+0x2f8d/0x3b20 [ 839.692502][ C0] dev_queue_xmit+0x4b/0x60 [ 839.697193][ C0] br_dev_queue_push_xmit+0x7f5/0x8b0 [ 839.702892][ C0] br_nf_dev_queue_xmit+0x693/0x1910 [ 839.708476][ C0] br_nf_post_routing+0x152e/0x17e0 [ 839.714229][ C0] nf_hook_slow+0x16e/0x400 [ 839.719101][ C0] br_forward_finish+0x24a/0x3f0 [ 839.724895][ C0] br_nf_forward_finish+0xf47/0x11a0 [ 839.732084][ C0] br_nf_forward_ip+0x1d4e/0x1f30 [ 839.737894][ C0] nf_hook_slow+0x16e/0x400 [ 839.742882][ C0] __br_forward+0x75c/0xe30 [ 839.747586][ C0] br_flood+0xb0b/0xf90 [ 839.752164][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 839.758258][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 839.763897][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 839.771543][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 839.777491][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 839.783065][ C0] br_handle_frame+0xcd2/0x2050 [ 839.788609][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 839.795105][ C0] process_backlog+0x936/0x1410 [ 839.801919][ C0] net_rx_action+0x786/0x1aa0 [ 839.808136][ C0] __do_softirq+0x311/0x83d [ 839.814391][ C0] [ 839.816862][ C0] Uninit was stored to memory at: [ 839.822455][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 839.828378][ C0] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 839.834693][ C0] kmsan_memcpy_metadata+0xb/0x10 [ 839.840017][ C0] __msan_memcpy+0x43/0x50 [ 839.844613][ C0] pskb_expand_head+0x38b/0x1b00 [ 839.849886][ C0] geneve_build_skb+0x4c0/0xe00 [ 839.854915][ C0] geneve_xmit+0x25a3/0x2c20 [ 839.859993][ C0] dev_hard_start_xmit+0x531/0xab0 [ 839.865289][ C0] __dev_queue_xmit+0x2f8d/0x3b20 [ 839.870737][ C0] dev_queue_xmit+0x4b/0x60 [ 839.875436][ C0] br_dev_queue_push_xmit+0x7f5/0x8b0 [ 839.881233][ C0] br_nf_dev_queue_xmit+0x693/0x1910 [ 839.887241][ C0] br_nf_post_routing+0x152e/0x17e0 [ 839.892803][ C0] nf_hook_slow+0x16e/0x400 [ 839.897681][ C0] br_forward_finish+0x24a/0x3f0 [ 839.903349][ C0] br_nf_forward_finish+0xf47/0x11a0 [ 839.908969][ C0] br_nf_forward_ip+0x1d4e/0x1f30 [ 839.914992][ C0] nf_hook_slow+0x16e/0x400 [ 839.919822][ C0] __br_forward+0x75c/0xe30 [ 839.924505][ C0] br_flood+0xb0b/0xf90 [ 839.929142][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 839.935108][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 839.940846][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 839.947553][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 839.953266][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 839.958557][ C0] br_handle_frame+0xcd2/0x2050 [ 839.963877][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 839.970044][ C0] process_backlog+0x936/0x1410 [ 839.975102][ C0] net_rx_action+0x786/0x1aa0 [ 839.980216][ C0] __do_softirq+0x311/0x83d [ 839.984913][ C0] [ 839.987382][ C0] Uninit was stored to memory at: [ 839.992850][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 839.998823][ C0] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 840.005243][ C0] kmsan_memcpy_metadata+0xb/0x10 [ 840.010709][ C0] __msan_memcpy+0x43/0x50 [ 840.015321][ C0] pskb_expand_head+0x38b/0x1b00 [ 840.020673][ C0] geneve_build_skb+0x4c0/0xe00 [ 840.025728][ C0] geneve_xmit+0x25a3/0x2c20 [ 840.030764][ C0] dev_hard_start_xmit+0x531/0xab0 [ 840.036082][ C0] __dev_queue_xmit+0x2f8d/0x3b20 [ 840.041549][ C0] dev_queue_xmit+0x4b/0x60 [ 840.046267][ C0] br_dev_queue_push_xmit+0x7f5/0x8b0 [ 840.052067][ C0] br_nf_dev_queue_xmit+0x693/0x1910 [ 840.057575][ C0] br_nf_post_routing+0x152e/0x17e0 [ 840.063235][ C0] nf_hook_slow+0x16e/0x400 [ 840.067937][ C0] br_forward_finish+0x24a/0x3f0 [ 840.074107][ C0] br_nf_forward_finish+0xf47/0x11a0 [ 840.079855][ C0] br_nf_forward_ip+0x1d4e/0x1f30 [ 840.085090][ C0] nf_hook_slow+0x16e/0x400 [ 840.090027][ C0] __br_forward+0x75c/0xe30 [ 840.094769][ C0] br_flood+0xb0b/0xf90 [ 840.099353][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 840.105294][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 840.110764][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 840.117290][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 840.123293][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 840.128538][ C0] br_handle_frame+0xcd2/0x2050 [ 840.133857][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 840.140478][ C0] process_backlog+0x936/0x1410 [ 840.145558][ C0] net_rx_action+0x786/0x1aa0 [ 840.150752][ C0] __do_softirq+0x311/0x83d [ 840.155392][ C0] [ 840.157862][ C0] Uninit was stored to memory at: [ 840.163211][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 840.169280][ C0] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 840.175589][ C0] kmsan_memcpy_metadata+0xb/0x10 [ 840.180980][ C0] __msan_memcpy+0x43/0x50 [ 840.185687][ C0] pskb_expand_head+0x38b/0x1b00 [ 840.191059][ C0] geneve_build_skb+0x4c0/0xe00 [ 840.196141][ C0] geneve_xmit+0x25a3/0x2c20 [ 840.202585][ C0] dev_hard_start_xmit+0x531/0xab0 [ 840.207901][ C0] __dev_queue_xmit+0x2f8d/0x3b20 [ 840.213380][ C0] dev_queue_xmit+0x4b/0x60 [ 840.218145][ C0] br_dev_queue_push_xmit+0x7f5/0x8b0 [ 840.223985][ C0] br_nf_dev_queue_xmit+0x693/0x1910 [ 840.229693][ C0] br_nf_post_routing+0x152e/0x17e0 [ 840.235135][ C0] nf_hook_slow+0x16e/0x400 [ 840.240099][ C0] br_forward_finish+0x24a/0x3f0 [ 840.245285][ C0] br_nf_forward_finish+0xf47/0x11a0 [ 840.250946][ C0] br_nf_forward_ip+0x1d4e/0x1f30 [ 840.256172][ C0] nf_hook_slow+0x16e/0x400 [ 840.261021][ C0] __br_forward+0x75c/0xe30 [ 840.265714][ C0] br_flood+0xb0b/0xf90 [ 840.270317][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 840.276142][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 840.281520][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 840.288127][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 840.293850][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 840.299311][ C0] br_handle_frame+0xcd2/0x2050 [ 840.304369][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 840.310525][ C0] process_backlog+0x936/0x1410 [ 840.315682][ C0] net_rx_action+0x786/0x1aa0 [ 840.320969][ C0] __do_softirq+0x311/0x83d [ 840.325711][ C0] [ 840.328220][ C0] Uninit was stored to memory at: [ 840.333755][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 840.339839][ C0] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 840.346081][ C0] kmsan_memcpy_metadata+0xb/0x10 [ 840.351445][ C0] __msan_memcpy+0x43/0x50 [ 840.356137][ C0] pskb_expand_head+0x38b/0x1b00 [ 840.361561][ C0] geneve_build_skb+0x4c0/0xe00 [ 840.366595][ C0] geneve_xmit+0x25a3/0x2c20 [ 840.371534][ C0] dev_hard_start_xmit+0x531/0xab0 [ 840.376954][ C0] __dev_queue_xmit+0x2f8d/0x3b20 [ 840.382331][ C0] dev_queue_xmit+0x4b/0x60 [ 840.387032][ C0] br_dev_queue_push_xmit+0x7f5/0x8b0 [ 840.392747][ C0] br_nf_dev_queue_xmit+0x693/0x1910 [ 840.398258][ C0] br_nf_post_routing+0x152e/0x17e0 [ 840.403898][ C0] nf_hook_slow+0x16e/0x400 [ 840.408652][ C0] br_forward_finish+0x24a/0x3f0 [ 840.414148][ C0] br_nf_forward_finish+0xf47/0x11a0 [ 840.419953][ C0] br_nf_forward_ip+0x1d4e/0x1f30 [ 840.425212][ C0] nf_hook_slow+0x16e/0x400 [ 840.430192][ C0] __br_forward+0x75c/0xe30 [ 840.434885][ C0] br_flood+0xb0b/0xf90 [ 840.439435][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 840.445213][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 840.450599][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 840.456862][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 840.462751][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 840.467975][ C0] br_handle_frame+0xcd2/0x2050 [ 840.473178][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 840.479264][ C0] process_backlog+0x936/0x1410 [ 840.484314][ C0] net_rx_action+0x786/0x1aa0 [ 840.489324][ C0] __do_softirq+0x311/0x83d [ 840.494050][ C0] [ 840.496512][ C0] Uninit was stored to memory at: [ 840.501885][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 840.507816][ C0] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 840.514298][ C0] kmsan_memcpy_metadata+0xb/0x10 [ 840.519706][ C0] __msan_memcpy+0x43/0x50 [ 840.524361][ C0] pskb_expand_head+0x38b/0x1b00 [ 840.529700][ C0] geneve_build_skb+0x4c0/0xe00 [ 840.534725][ C0] geneve_xmit+0x25a3/0x2c20 [ 840.539788][ C0] dev_hard_start_xmit+0x531/0xab0 [ 840.545103][ C0] __dev_queue_xmit+0x2f8d/0x3b20 [ 840.550499][ C0] dev_queue_xmit+0x4b/0x60 [ 840.555182][ C0] br_dev_queue_push_xmit+0x7f5/0x8b0 [ 840.560879][ C0] br_nf_dev_queue_xmit+0x693/0x1910 [ 840.566362][ C0] br_nf_post_routing+0x152e/0x17e0 [ 840.572188][ C0] nf_hook_slow+0x16e/0x400 [ 840.577060][ C0] br_forward_finish+0x24a/0x3f0 [ 840.582331][ C0] br_nf_forward_finish+0xf47/0x11a0 [ 840.587901][ C0] br_nf_forward_ip+0x1d4e/0x1f30 [ 840.593285][ C0] nf_hook_slow+0x16e/0x400 [ 840.598991][ C0] __br_forward+0x75c/0xe30 [ 840.603770][ C0] br_flood+0xb0b/0xf90 [ 840.608119][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 840.614093][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 840.619656][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 840.626205][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 840.632129][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 840.638299][ C0] br_handle_frame+0xcd2/0x2050 [ 840.643685][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 840.649756][ C0] process_backlog+0x936/0x1410 [ 840.654799][ C0] net_rx_action+0x786/0x1aa0 [ 840.659808][ C0] __do_softirq+0x311/0x83d [ 840.664544][ C0] [ 840.667018][ C0] Uninit was stored to memory at: [ 840.672381][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 840.678307][ C0] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 840.684920][ C0] kmsan_memcpy_metadata+0xb/0x10 [ 840.690807][ C0] __msan_memcpy+0x43/0x50 [ 840.695534][ C0] pskb_expand_head+0x38b/0x1b00 [ 840.700937][ C0] geneve_build_skb+0x4c0/0xe00 [ 840.706035][ C0] geneve_xmit+0x25a3/0x2c20 [ 840.711037][ C0] dev_hard_start_xmit+0x531/0xab0 [ 840.716386][ C0] __dev_queue_xmit+0x2f8d/0x3b20 [ 840.721807][ C0] dev_queue_xmit+0x4b/0x60 [ 840.726650][ C0] br_dev_queue_push_xmit+0x7f5/0x8b0 [ 840.732534][ C0] br_nf_dev_queue_xmit+0x693/0x1910 [ 840.738049][ C0] br_nf_post_routing+0x152e/0x17e0 [ 840.743804][ C0] nf_hook_slow+0x16e/0x400 [ 840.748532][ C0] br_forward_finish+0x24a/0x3f0 [ 840.753812][ C0] br_nf_forward_finish+0xf47/0x11a0 [ 840.759413][ C0] br_nf_forward_ip+0x1d4e/0x1f30 [ 840.764621][ C0] nf_hook_slow+0x16e/0x400 [ 840.769460][ C0] __br_forward+0x75c/0xe30 [ 840.774176][ C0] br_flood+0xb0b/0xf90 [ 840.778508][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 840.784498][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 840.789792][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 840.796058][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 840.801883][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 840.807120][ C0] br_handle_frame+0xcd2/0x2050 [ 840.812423][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 840.818368][ C0] process_backlog+0x936/0x1410 [ 840.823757][ C0] net_rx_action+0x786/0x1aa0 [ 840.828617][ C0] __do_softirq+0x311/0x83d [ 840.833427][ C0] [ 840.835893][ C0] Uninit was created at: [ 840.850098][ C0] ===================================================== [ 840.850103][ C0] BUG: KMSAN: uninit-value in kallsyms_lookup+0x148/0x8e0 [ 840.850108][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.6.0-rc7-syzkaller #0 [ 840.850113][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 840.850116][ C0] Call Trace: [ 840.850120][ C0] dump_stack+0x1c9/0x220 [ 840.850124][ C0] kmsan_report+0xf7/0x1e0 [ 840.850127][ C0] ? kmsan_internal_poison_shadow+0x66/0xd0 [ 840.850131][ C0] __msan_warning+0x58/0xa0 [ 840.850135][ C0] ? kmsan_internal_poison_shadow+0x66/0xd0 [ 840.850139][ C0] kallsyms_lookup+0x148/0x8e0 [ 840.850143][ C0] ? kmsan_internal_poison_shadow+0x66/0xd0 [ 840.850146][ C0] __sprint_symbol+0x140/0x590 [ 840.850150][ C0] ? kmsan_internal_poison_shadow+0x66/0xd0 [ 840.850154][ C0] ? __msan_poison_alloca+0xf0/0x120 [ 840.850158][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 840.850161][ C0] sprint_symbol+0x7c/0x90 [ 840.850165][ C0] ? kmsan_internal_poison_shadow+0x66/0xd0 [ 840.850169][ C0] symbol_string+0x157/0x420 [ 840.850173][ C0] ? kmsan_internal_poison_shadow+0x66/0xd0 [ 840.850176][ C0] ? vsnprintf+0x30f7/0x31b0 [ 840.850180][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 840.850184][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 840.850188][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 840.850192][ C0] ? kmsan_internal_set_origin+0x75/0xb0 [ 840.850195][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 840.850199][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 840.850202][ C0] pointer+0x1560/0x1e40 [ 840.850206][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 840.850210][ C0] ? kmsan_internal_poison_shadow+0x66/0xd0 [ 840.850214][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 840.850218][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 840.850221][ C0] ? kmsan_internal_poison_shadow+0x66/0xd0 [ 840.850225][ C0] vsnprintf+0x1a2a/0x31b0 [ 840.850228][ C0] vscnprintf+0xc2/0x180 [ 840.850232][ C0] vprintk_store+0xef/0x11d0 [ 840.850236][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 840.850239][ C0] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 840.850243][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 840.850247][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 840.850250][ C0] vprintk_emit+0x2c0/0x860 [ 840.850254][ C0] ? tick_nohz_tick_stopped+0x2f/0x60 [ 840.850258][ C0] vprintk_default+0x90/0xa0 [ 840.850261][ C0] vprintk_func+0x636/0x820 [ 840.850265][ C0] ? __msan_poison_alloca+0xf0/0x120 [ 840.850268][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 840.850272][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 840.850276][ C0] printk+0x18b/0x1d3 [ 840.850279][ C0] ? kmsan_internal_poison_shadow+0x66/0xd0 [ 840.850283][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 840.850287][ C0] ? kmsan_internal_poison_shadow+0x66/0xd0 [ 840.850291][ C0] stack_trace_print+0x1b1/0x1f0 [ 840.850294][ C0] kmsan_print_origin+0x180/0x190 [ 840.850298][ C0] kmsan_internal_chain_origin+0x76/0x130 [ 840.850302][ C0] ? br_flood+0xb0b/0xf90 [ 840.850305][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 840.850309][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 840.850313][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 840.850317][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 840.850320][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 840.850324][ C0] ? br_handle_frame+0xcd2/0x2050 [ 840.850328][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 840.850331][ C0] ? process_backlog+0x936/0x1410 [ 840.850335][ C0] ? net_rx_action+0x786/0x1aa0 [ 840.850339][ C0] ? __do_softirq+0x311/0x83d [ 840.850342][ C0] ? run_ksoftirqd+0x25/0x40 [ 840.850342][ C0] ? smpboot_thread_fn+0x493/0x980 [ 840.850342][ C0] ? kthread+0x4b5/0x4f0 [ 840.850342][ C0] ? ret_from_fork+0x35/0x40 [ 840.850342][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 840.850342][ C0] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 840.850342][ C0] ? should_fail+0x72/0x9e0 [ 840.850342][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 840.850342][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 840.850342][ C0] ? __should_failslab+0x1f6/0x290 [ 840.850342][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 840.850342][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 840.850342][ C0] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 840.850342][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 840.850342][ C0] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 840.850342][ C0] kmsan_memcpy_metadata+0xb/0x10 [ 840.850342][ C0] __msan_memcpy+0x43/0x50 [ 840.850342][ C0] pskb_expand_head+0x38b/0x1b00 [ 840.850342][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 840.850342][ C0] geneve_build_skb+0x4c0/0xe00 [ 840.850342][ C0] geneve_xmit+0x25a3/0x2c20 [ 840.850342][ C0] ? geneve_stop+0x400/0x400 [ 840.850342][ C0] dev_hard_start_xmit+0x531/0xab0 [ 840.850342][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 840.850342][ C0] __dev_queue_xmit+0x2f8d/0x3b20 [ 840.850342][ C0] dev_queue_xmit+0x4b/0x60 [ 840.850342][ C0] br_dev_queue_push_xmit+0x7f5/0x8b0 [ 840.850342][ C0] ? __skb_ext_del+0x33f/0x450 [ 840.850342][ C0] br_nf_dev_queue_xmit+0x693/0x1910 [ 840.850342][ C0] br_nf_post_routing+0x152e/0x17e0 [ 840.850342][ C0] ? br_nf_forward_finish+0x11a0/0x11a0 [ 840.850342][ C0] ? br_nf_forward_arp+0x1370/0x1370 [ 840.850342][ C0] nf_hook_slow+0x16e/0x400 [ 840.850342][ C0] br_forward_finish+0x24a/0x3f0 [ 840.850342][ C0] ? fdb_add_hw_addr+0x4f0/0x4f0 [ 840.850342][ C0] br_nf_forward_finish+0xf47/0x11a0 [ 840.850342][ C0] ? br_dev_queue_push_xmit+0x8b0/0x8b0 [ 840.850342][ C0] br_nf_forward_ip+0x1d4e/0x1f30 [ 840.850342][ C0] ? br_nf_pre_routing_finish+0x2470/0x2470 [ 840.850342][ C0] ? br_nf_pre_routing+0x1fd0/0x1fd0 [ 840.850342][ C0] nf_hook_slow+0x16e/0x400 [ 840.850342][ C0] __br_forward+0x75c/0xe30 [ 840.850342][ C0] ? br_dev_queue_push_xmit+0x8b0/0x8b0 [ 840.850342][ C0] br_flood+0xb0b/0xf90 [ 840.850342][ C0] br_handle_frame_finish+0x1a00/0x1bb0 [ 840.850342][ C0] ? brport_get_ownership+0xf0/0xf0 [ 840.850342][ C0] ? brport_get_ownership+0xf0/0xf0 [ 840.850342][ C0] br_nf_hook_thresh+0x4f7/0x680 [ 840.850342][ C0] ? brport_get_ownership+0xf0/0xf0 [ 840.850342][ C0] br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 840.850342][ C0] ? brport_get_ownership+0xf0/0xf0 [ 840.850342][ C0] br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 840.850342][ C0] ? br_nf_pre_routing_ipv6+0x7f0/0x7f0 [ 840.850342][ C0] br_nf_pre_routing+0xd0e/0x1fd0 [ 840.850342][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 840.850342][ C0] ? brnf_device_event+0x3c0/0x3c0 [ 840.850342][ C0] br_handle_frame+0xcd2/0x2050 [ 840.850342][ C0] ? brport_get_ownership+0xf0/0xf0 [ 840.850342][ C0] ? br_pass_frame_up+0x9c0/0x9c0 [ 840.850342][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 840.850342][ C0] ? __msan_poison_alloca+0xf0/0x120 [ 840.850342][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 840.850342][ C0] process_backlog+0x936/0x1410 [ 840.850342][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 840.850342][ C0] ? ip_local_deliver_finish+0x350/0x350 [ 840.850342][ C0] ? rps_trigger_softirq+0x2e0/0x2e0 [ 840.850342][ C0] net_rx_action+0x786/0x1aa0 [ 840.850342][ C0] ? net_tx_action+0xc30/0xc30 [ 840.850342][ C0] __do_softirq+0x311/0x83d [ 840.850342][ C0] ? ksoftirqd_should_run+0x30/0x30 [ 840.850342][ C0] ? takeover_tasklets+0x8f0/0x8f0 [ 840.850342][ C0] run_ksoftirqd+0x25/0x40 [ 840.850342][ C0] smpboot_thread_fn+0x493/0x980 [ 840.850342][ C0] kthread+0x4b5/0x4f0 [ 840.850342][ C0] ? cpu_report_death+0x180/0x180 [ 840.850342][ C0] ? kthread_blkcg+0xf0/0xf0 [ 840.850342][ C0] ret_from_fork+0x35/0x40 [ 840.850342][ C0] [ 840.850342][ C0] Uninit was created at: [ 840.850342][ C0] kmsan_save_stack_with_flags+0x3c/0x90 [ 840.850342][ C0] kmsan_alloc_page+0xb9/0x180 [ 840.850342][ C0] __alloc_pages_nodemask+0x5712/0x5e80 [ 840.850342][ C0] page_frag_alloc+0x3ae/0x910 [ 840.850342][ C0] __netdev_alloc_skb+0x703/0xbb0 [ 840.850342][ C0] batadv_iv_ogm_queue_add+0x10da/0x1900 [ 840.850342][ C0] batadv_iv_ogm_schedule+0xd4c/0x1430 [ 840.850342][ C0] batadv_iv_iface_enabled+0x37/0x40 [ 840.850342][ C0] batadv_hardif_enable_interface+0x1525/0x1890 [ 840.850342][ C0] batadv_softif_slave_add+0x198/0x260 [ 840.850342][ C0] do_setlink+0x1bd9/0x62e0 [ 840.850342][ C0] rtnl_newlink+0x2edd/0x3920 [ 840.850342][ C0] rtnetlink_rcv_msg+0x1153/0x1570 [ 840.850342][ C0] netlink_rcv_skb+0x451/0x650 [ 840.850342][ C0] rtnetlink_rcv+0x50/0x60 [ 840.850342][ C0] netlink_unicast+0xf9e/0x1100 [ 840.850342][ C0] netlink_sendmsg+0x1246/0x14d0 [ 840.850342][ C0] __sys_sendto+0xc1b/0xc50 [ 840.850342][ C0] __se_compat_sys_socketcall+0xede/0x1460 [ 840.850342][ C0] __ia32_compat_sys_socketcall+0x91/0xc0 [ 840.850342][ C0] do_fast_syscall_32+0x3c7/0x6e0 [ 840.850342][ C0] entry_SYSENTER_compat+0x68/0x77 [ 840.850342][ C0] ===================================================== [ 840.850342][ C0] Disabling lock debugging due to kernel taint [ 840.850342][ C0] Kernel panic - not syncing: panic_on_warn set ... [ 840.850342][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Tainted: G B 5.6.0-rc7-syzkaller #0 [ 840.850342][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 840.850342][ C0] Call Trace: [ 840.850342][ C0] dump_stack+0x1c9/0x220 [ 840.850342][ C0] panic+0x3d5/0xc3e [ 840.850342][ C0] kmsan_report+0x1df/0x1e0 [ 840.850342][ C0] ? kmsan_internal_poison_shadow+0x66/0xd0 [ 840.850342][ C0] __msan_warning+0x58/0xa0 [ 840.850342][ C0] ? kmsan_internal_poison_shadow+0x66/0xd0 [ 840.850342][ C0] kallsyms_lookup+0x148/0x8e0 [ 840.850342][ C0] ? kmsan_internal_poison_shadow+0x66/0xd0 [ 840.850342][ C0] __sprint_symbol+0x140/0x590 [ 840.850342][ C0] ? kmsan_internal_poison_shadow+0x66/0xd0 [ 840.850342][ C0] ? __msan_poison_alloca+0xf0/0x120 [ 840.850342][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 840.850342][ C0] sprint_symbol+0x7c/0x90 [ 840.850342][ C0] ? kmsan_internal_poison_shadow+0x66/0xd0 [ 840.850342][ C0] symbol_string+0x157/0x420 [ 840.850342][ C0] ? kmsan_internal_poison_shadow+0x66/0xd0 [ 840.850342][ C0] ? vsnprintf+0x30f7/0x31b0 [ 840.850342][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 840.850342][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 840.850342][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 840.850342][ C0] ? kmsan_internal_set_origin+0x75/0xb0 [ 840.850342][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 840.850342][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 840.850342][ C0] pointer+0x1560/0x1e40 [ 840.850342][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 840.850342][ C0] ? kmsan_internal_poison_shadow+0x66/0xd0 [ 840.850342][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 840.850342][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 840.850342][ C0] ? kmsan_internal_poison_shadow+0x66/0xd0 [ 840.850342][ C0] vsnprintf+0x1a2a/0x31b0 [ 840.850342][ C0] vscnprintf+0xc2/0x180 [ 840.850342][ C0] vprintk_store+0xef/0x11d0 [ 840.850342][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 840.850342][ C0] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 840.850342][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 840.850342][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 840.850342][ C0] vprintk_emit+0x2c0/0x860 [ 840.850342][ C0] ? tick_nohz_tick_stopped+0x2f/0x60 [ 840.850342][ C0] vprintk_default+0x90/0xa0 [ 840.850342][ C0] vprintk_func+0x636/0x820 [ 840.850342][ C0] ? __msan_poison_alloca+0xf0/0x120 [ 840.850342][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 840.850342][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 840.850342][ C0] printk+0x18b/0x1d3 [ 840.850342][ C0] ? kmsan_internal_poison_shadow+0x66/0xd0 [ 840.850342][ C0] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 840.850342][ C0] ? kmsan_internal_poison_shadow+0x66/0xd0 [ 840.850342][ C0] stack_trace_print+0x1b1/0x1f0 [ 840.850342][ C0] kmsan_print_origin+0x180/0x190 [ 840.850342][ C0] kmsan_internal_chain_origin+0x76/0x130 [ 840.850342][ C0] ? br_flood+0xb0b/0xf90 [ 840.850342][ C0] ? br_handle_frame_finish+0x1a00/0x1bb0 [ 840.850342][ C0] ? br_nf_hook_thresh+0x4f7/0x680 [ 840.850342][ C0] ? br_nf_pre_routing_finish_ipv6+0xe72/0x1000 [ 840.850342][ C0] ? br_nf_pre_routing_ipv6+0x6ad/0x7f0 [ 840.850342][ C0] ? br_nf_pre_routing+0xd0e/0x1fd0 [ 840.850342][ C0] ? br_handle_frame+0xcd2/0x2050 [ 840.850342][ C0] ? __netif_receive_skb_core+0x21de/0x5840 [ 840.850342][ C0] ? process_backlog+0x936/0x1410 [ 840.850342][ C0] ? net_rx_action+0x786/0x1aa0 [ 840.850342][ C0] ? __do_softirq+0x311/0x83d [ 840.850342][ C0] ? run_ksoftirqd+0x25/0x40 [ 840.850342][ C0] ? smpboot_thread_fn+0x493/0x980 [ 840.850342][ C0] ? kthread+0x4b5/0x4f0 [ 840.850342][ C0] ? ret_from_fork+ [ 840.850342][ C0] Lost 74 message(s)!