80a185613ff2f0b5c02374734ec8f48c30858687febb39782d4c4cd84429800abf8bf5ce55124c019a8a27de4787ab7872bd497e443548f6feba6124c82120c268ca23ae52512c0ef34bca7fb7bae04c149ad4f85160e7371414", 0xc1}, {&(0x7f0000000540)="535c9de2e19138037fa10fb17c9f3a822041f18541be9ebe808a70faa0ab09df7679d1aa92c9ed3ae57714c91c5cff3f2c3f7aaf02faa984370f93c995e4769377e892a1dc7f032839a69e9534a38f62470aed8acf002c5126561e371d513a9f33596271a9711ed7c05aa8841fc8ee668e0c5f5c3ea763bbcd899b26d7ba3668e088a902915a3e7e295eba7836b387e93946a305b2928c18c39426d51bdb25250e7f8f31ce1d", 0xa6}, {&(0x7f0000000600)="5e9a1b8a5138d69de81937826dad7ac6a9240f8cfc9bc059549c8b8ff8a6e21752fb0ad05d3c5321973235f91a93a558000c69c98024244fa4c5754c1c757f02bd74cbf86bd6886e0f9f16deee027d17c573e5e03c87e7e4bad3d6260e1b825b512be2b228030caa68eb360bba655c3b77c4f9a52c24242755d1828fb377ae71c8d2914e441c870b90e6ccfe84809dd9020fe04d1fa8bf527a9d0395501f58bfd25f21455a5fa25b6613cc2eae09b69b84dbdf980d24f34c406970eb69bfc1946be975ec81962c6141616f0a5ca32ef86a6279d4386ef01f980e2d4f6c68bc04fe", 0xe1}, {&(0x7f0000000700)="b363fd8e164cee599adc9c50131f8850eb5c58237b0236c37882f2a78ce135f035fdd290adddaf0808268d103696d4dc3c938d81fa3e33ada1b42b8abc0ff52bde130176891a83d895211fe32d87c6cbdc69089125be967b43f1760e22f76094b3a14d35d1c29c615713a33324604c518aa23051538f409c402df46ecd869759548b4fdb70eb585dad0cd6bcd47f772f8b6d2c8db527762cda1078a93c124e208474accf9fc78ecc0df8acf667c78cf2720c3da8cdf8b0f0add7d1c9e8f65baacdd662a09f8e38d78da17f40f7e77498ed01b2fff948f45e67b18857aa35587fd29045343dc6ab2f8a27404b05668a20f5600ca632ecf439f89788a50c337ed6d3789b2f9a471128f9f0a0cc98c7dc9a3746dbe521b7286d5cc21543efa8542be04da3621005d136f0caa949c6c4fe862bd5312cf31e872026dfe7e7b9bab69ccaa32299e1567ddb105c82b425e3e7af6247f48a208cabdd17144a7d9ea5be7a53c5a34e352a7129075cb40b34f8123bb9d8afccc40290ba466bf401cd40ea9d8a603f186a8b12ad49bbf39e92dc1293f514e4a477fc7a5104902329b8de4fd46cdf8fc4bfeb2090c07f6979b5a6dcce45a8c350951513ab418dfa6a6b33bff8c9fb7b4c47e4d69ff22aef973cced69831b4ba1c7376b446f310fdd16bd99a9c9cfaac1aea2f54afc4c4ec001ca3db85a3f7b79a06c0565ea63899081e96b5cf3c7d6b9c8cffea79b995718ab5ec819e7e93ca15cc9ddc614752b0732bb90d37f9daa242f8eee6d677135d9a1ece406250d39ae4cc81f13af6b15e15333bb07f1c5836738e6229e4c354d8514a328eee0bbac2baa80ea6e944cd6080fcdca49b135fd60ad60ee545b9b4645d9d26f6a9d6abe81e506ceeeaacfa0341ec69e848398c685caa740a98e0d37c2b97a11c273117e13a569e38b3627545b0ae8707f1a6f68b6ebefbd40f72237350b17eaa2b3e7471b48256666482368d8b70153b8f6f92de941231766bbee5c01fcab7844a9af94ccfdc888017cce798bc1dd4282b2480902b07ccd36252cacdd150e3092509c9876142615b2ec03c6d29136ac460f94fc65762948c6357532f00d0aa8827dc792539943def97508a5e5a8011974e74e0336aa304756903c792a75a9f52fb38acd99b8aed4c4e88ff6a08d0774d13f29508d8ab77b17b6236fd637bbd5ca6df29fe695f829b217b4bfae585c9096266a6ea5d01ba379fdae599f848d876dce2ef45f8c2fe7c4208cff75406f251d6f77a0ef92422a3deb45543ca05eaf0141d6bb95b7b31943178c8ba35e54d3ee7ca53b1c291d47a4910e4296b93953769399a80acfb6ad8ec23bca111f66ff8fdf1e2c2a7dff47f6ec03742c1838351f4671f5fa296a3ebbcd6b3e68e60b5540eaada11b75bee36cad2c0862b9930671d4009240827811ed8f276f485b0a0b87505988e474c62f21bad29b622d0ef380908bda05c6c7540cef052bd9a3390a3522357c66d1e6bdce1c240229b2957a9c8032efda6e0584b697a0198fe81f43ceff5e5c6c3cadf9d1112750086abacfcf10aaa300e9801d657b4fb3f1bf9318c98244bc58b6849fc55b7edd6afd2066787f531bcb7fbdd1c7ef18a58c5b2551070b684313ee6a8d5f356666a16224754a1aa925eda7b155d9990126a7705b66a0d6d54de48bea415578650190568733c4aa28d0d5ad138bebe167065264738304bc90fa556bbe1af92a0881a3e38ed19cfa8d9001313cdde2b68c4782e2b6ccc8b81cf7c0916a03bcc8f52de7e307cdc86268c14685593a2983f187134b3a0210e14cb77e303fc9190fb66c7a5045accf7e9764d109db3c774523bb526380b7ea89ce651b28ee3e1ffb3b1718851b8da3d4b6f27a2f69e82a9c95bfc3f705183ce49945a0472b4bb9e3347d2e9e28b1a46b87d460824250e5d4e7f9f13f1700cf640d10292a324652dabe3fc0fc6825969124a8559c857e14ce0164857c06955db67289b60bc70471f458432b3650550491c901fbc2b33f75ef3c16e3b8d705a4737b36a0a512c91bfd08d75e635625d4a366cbd3dcb5ac691a380369fce71d5a2f18cea0f1408d898a3b069adfebe14123a0e0767543724b86297dc203089c31149b7d32435b6ac9281ac8f7e191c81eaf63b2bf73babd2b4954a88c4cc6f64a6d9d84ea63cd0dcb27d698405caea0a5aa99478734ddce8b54d9c78be15fc57bdd9ab1d2c041d2188ab94fd38aa8a00e5c7fb89e8557aa0b8b39a40d23da6c784185d2682912c69556a4f869670d86fc3d76d9c8186908cae1528cc828a9b001fdf46c4936b1741bb8704a26f032a7915b3e02d6f07e3f35680687d30a069d47cc1d9b7a3c5a538a38d02b271af6a31590a65cf7cb907d9c120de83b4a8a2f4462ee353ea9bc94409d4f4471ae78a6165f167c1020b278445bb0fa86e18c1fb8196fcf72587c7af7d7f7a3008a635f9cbd3ad44e5ec3087ca23fc761c030f2eca976c4cee102a2b7a1fccaeff67852b6ea3a8914f3a92503ca4ec239535832aee3ed583e99c50035804ae4ff13708b90634e73220defb8ef323e28fcc3dfb36d36a4eeb3354fd6e893e67dbb0ab2ecc0097dabe31fae2498a4d24c229a5761581b54405a08991462f0b9119704e192cee112dc57c1634c5a96edb83393691e6838f4f50a07e18218814dcced0dc5692e9962d576247328b93f73c2bda7a81d215fb0593bc52e9e2a707f2f0cfe97aa71febe87bae42474f02fe8a4222c232397aed646a423074a50d08f3c86540c2e8adc375ec7810a92792887308398bf381a237f3f9652770552f28b81f6ef0712b0dcb1b55c07c68148f94c7d2f071fc1061f36f0e00563450cd4e56afdb2253584b5ab628772107881e3b8e073b70c2cc63210db2e37ccb5220c919d358f792ce615bfc134f4462e2a7d83b4e1d630daaaa921ef64628b69332a38d8f8e8a510e71e172b5406b78b5d0211a880c3a6f3f16b76bfff4e8a675ca36dca2db4527600cbde13b404c5b45dc7a9456e5dfb3c006c660d3024cf3e74213f2e04e2440ec901807c29d7c67ce6f248c9be3cd34146b95b4595c7f69bb3627f475d5647b679a1185ede936f2a1954148c42d76b0ffbf7d126b0ddaac9db9518420b2fa32f510e88ae6f0d3bd22bb36d575520140e2c8f48809588f5165ae972ae30b6304083582656201481ac6d698a6e9bfd8c5edece683bf1a65b50ba1924638815ba3551bc6c3ebc70830f671abd20b587e1799872eaea0c34165105c1383a8efc6d128becae310be0b01100d2f7188eb1af213645d52219a16f3e061220943f4535cd97e58d604e377b080b72e19a9929eb81ca5dd2d60c56a96f2d59dcf1aef9265dde2be49bb398638e219b65a71d75f70169fe140cbd8904fb34a8bca858dee99b9f4edf980b2fddbe60a25a3be1e495a1457de033b169beaf00cd7003c46129935ac4654e6543fc8f3085aea1d1b4c79fd1cde1626767a7d22ac275bb81347a29e10ed438e8241a0560b95d5bd5644e1b58560392a6509f445369704a552a9932a79f54cea508b1be45ceac2055e8c361a043a1621b5eb2bc1cec88875d23a7fe5d8d462310162b5b8092bd568fbb4941d438030051c3bae3dfe6473384b1b66c45dfc1b27b06d68f899d01bbc33e247735fb1c448372f603039c64fe0795c4500df7fb2129e022a837428f4f9b4f064becdee66d75b17c87dcf0ddef5cce6f604775c05a582ccf2b52d63a40b8ab25ec8fff0712c3704d858ab3389b2696a2dd1719bf58f0f3b72f68c85d9e8e99b98444c13e340a969910d8a98b432486f57cbf5c99443a68e51bb12275f0d76b652b0ec174548cefab49229e4fdc66342ad86bafe1a5672d2c0599d407d4098c607a96570c045db7529e369fe7623e1973071cd8c22d7a7ccd7646ac332e77387bdffbf2e4fa869ba46520c515f9869d9f4d02b8a28ff57a78cc103168cb6ec83393f62eb406f0cae006e098e4b87632da9a506cd6621d8d95e6974d4dac6398bfd2fb9e50673b702d31690c4b3261f38eb7cf6c414c69152f537c8dfaf0fb93e4931e6623fcd78540ecb16bb60755557467f8490da2edf8b0d3929a1183673e3807e3325fdc9e6e7dd4fc8b10c93d15cda1d93e30030373815e6881dbb74cd5b7e912ec3bd8fa6021bd31895c9cd3b4674179d2218c7b759ea483ca44247d0018cfda9232a59ad3c812658e1414f9fdc94346e36d27ecf06ddce498456d525d3584c68fbc9f2e7c1860be467c60b2e327ffc965ef17343b65b34080dbc946d3cab8750d0c7397291bde33b6aff79fa0dbc6a451414a3e832ad4eacf76f7ae5e3d611af41b09f7ad4ca39e85ecf9ffd8f224a2ca579c2b1ad040b04de4ba1cc45e32e053ff8cc2acd1f9500787a2d6fccb6772405cf57fed2e6300053c911b35553f0b70ce5c9b1bc14c4ff5155814938232206499440302d0c18f7eb245b2aea7589ffb495f6698dc90c9e9dd96451daa7dd7a4e4dae374fe0761fe46d407619d03ace582b385f98694facd7fe34d1135c5d11e1d65c92d08690fc0d8f7dbe9f04410504fa73df7fd7b9561b9a0e2dc7050359afc8ac26a0f2af89fdedcb02fea59325e0620a83a75e8901d336bf3f52a4c9e85d8bd82d59b81291bd4fb0a7c777cb107a9f9bdcd5c4e6ccbd3f0504c507a151e4136ec8c34dcf0a9b77762f4cbda9818b5de29e9dc5d732aabdd2bd9369900fca9823713b2d677a669f6866053887bbedeb5437da906d097a022d39fcb6b0bb2816a098023189583360edb42dcc76a574ae39114424f38160ec33eba7267e7bdf0c3d713e7e17db8c0741048378850d47b9a1ee309c16a642738789d38f7c5766d56ed0c8f63de1796313ef4f0a61c380c205b00a65713bd20a8d786296c6fee31ebd8a55cf322e5ce6b7721b4442c050af4eb0a19c9c4c5c83e5d5051f88d2df32d9feecb9015b6f510df1ae4539295678af9404efbb609591bf28dc1b387625109943998ee6a6bd48041bbde4d28da5ed31da492dd1a85a8b8bf61cdf14ee284156f4c61e008a0e040f0690c2b1c57c3ec1aa49e9a5b04ceb1752c3812cdf540a2ce87b6b0e5b897fe2a615e0d28cd8bd7fe4f74612cf4171ce9be502cee6ad602f0b930e987ac60e6f69e58407818361893255e56df358ac5afa7197128ab917966cbf92d1eaf0dbd117c1b9d6c02c7e87123c776676ab2c05d027cea42a87096a4ef33ca0f4f2e43fcc6c0295bb5032003bef5df7b55ba7d3dfa6c62e6693d8c0d8973b66c405e4bee3cc534ed3e4add07a9e19ce8384de30f0953d4b8c5491df7cbdb9938770b8adcf4b8e1e3d67d69c66c7f9589e35d3a3e8998bbf877605affe757b0e9fced507d8f816ea91a25d6f32ade83abda5f11917771af5b46402800261da29de38d74a2bfa5de518e89c20d6cc80741b251c32d60c941c608d2865619df972a29e18ed15f757a60c415f8ed446046ce29248be354adfc82f17b0ebd99d0ad8cf1ff1199512b1124985483c04cf7adb55bacb13347187d6eb95f1294c7f24f0086bcedca6b81a199de79bb5333197c57ba7c398648052c8a1584ff0c240a3f2cd1514920a09ae899115dc4145de61461bf71f1e3b831dbebdd2f0ca026c78b62a16485c00ac1c6ca215cce905fd8abdc7b038cf660a4acf2de0221f0ef8b6f55b8bc6e3b4681b4b9245f5801019d35fd6fbf841815ec7e68512d6a6645d04dad10248c3f2f2fa4f40497bb5ba63e6b6e1aa5b4e6a6fbf15cdaf60e8c501df1797a45d64345bbada46", 0x1000}, {&(0x7f0000001700)="219ffd2686611dad4f4a8330c44ac29a0d90cddbe36d330ee01b46bd72d83dbd6951585a08335d40ca3030cecb1ddba327622cab2a2a96637b1a1d6d6e1d488b35066eb3325baae83575279f3b8bdc3d0322cf05e95ac9d2a4f7224c522a579c723524d53cf382219f27e4f96ea71484319f40f24efa8a69ae4453dea05ed834e7095272333fe3af780dd79536f244e7d55477dc0c2a678803c08a9e411e5b2320e8da6c0ed77043cd97bea626baab39a898", 0xb2}], 0x5, &(0x7f00000018c0)=[@rights={{0x1c, 0x1, 0x1, [r3, r0, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, r0, 0xffffffffffffffff, r0, r3]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r3]}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r5, r1, r0, r0, r6, r8]}}], 0xa0, 0xc000}, 0x40000) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r9 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r11 = dup(r10) getsockname$packet(r11, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="2c0000001500120000000000000000000a780000", @ANYRES32=r12, @ANYBLOB="14000100fc0200000000000000caf84438000000"], 0x2c}}, 0x0) 05:26:56 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 05:26:56 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) [ 474.594296][T12867] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 474.677931][T12877] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:26:56 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 05:26:57 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x20, r1, 0xab9535e9a6578fc1, 0x0, 0x0, {0x5}, [@NL80211_ATTR_WDEV={0xc}]}, 0x20}}, 0x0) 05:26:57 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x28a100, 0x0) r4 = dup(r3) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="b60000001500010000000000000000000a781000", @ANYRES32=r5, @ANYBLOB="14000100fc0200"/20], 0x2c}}, 0x0) 05:26:57 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 475.064450][T12881] not chained 180000 origins [ 475.069086][T12881] CPU: 0 PID: 12881 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 475.077764][T12881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 475.087835][T12881] Call Trace: [ 475.091139][T12881] dump_stack+0x1df/0x240 [ 475.095485][T12881] kmsan_internal_chain_origin+0x6f/0x130 [ 475.101220][T12881] ? kmsan_get_metadata+0x4f/0x180 [ 475.106358][T12881] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 475.112262][T12881] ? __msan_poison_alloca+0xf0/0x120 [ 475.117543][T12881] ? kmsan_get_metadata+0x11d/0x180 [ 475.122887][T12881] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 475.128742][T12881] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 475.134807][T12881] ? kfree+0x61/0x30f0 [ 475.138867][T12881] ? kmsan_get_metadata+0x4f/0x180 [ 475.143964][T12881] ? kmsan_set_origin_checked+0x95/0xf0 [ 475.149500][T12881] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 475.155560][T12881] ? _copy_from_user+0x15b/0x260 [ 475.160482][T12881] ? kmsan_get_metadata+0x4f/0x180 [ 475.165580][T12881] __msan_chain_origin+0x50/0x90 [ 475.170516][T12881] do_recvmmsg+0x105a/0x1ee0 [ 475.175128][T12881] ? __msan_poison_alloca+0xf0/0x120 [ 475.180401][T12881] ? __se_sys_recvmmsg+0xac/0x350 [ 475.185418][T12881] ? __se_sys_recvmmsg+0xac/0x350 [ 475.190437][T12881] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 475.196319][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 475.201259][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 475.206099][T12881] do_syscall_64+0xb0/0x150 [ 475.210591][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 475.216468][T12881] RIP: 0033:0x45c1d9 [ 475.220340][T12881] Code: Bad RIP value. [ 475.224390][T12881] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 475.232784][T12881] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 475.240737][T12881] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 475.248698][T12881] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 475.256653][T12881] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 475.264611][T12881] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 475.272575][T12881] Uninit was stored to memory at: [ 475.277588][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 475.283291][T12881] __msan_chain_origin+0x50/0x90 [ 475.288215][T12881] do_recvmmsg+0x105a/0x1ee0 [ 475.292814][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 475.297736][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 475.302572][T12881] do_syscall_64+0xb0/0x150 [ 475.307058][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 475.312927][T12881] [ 475.315240][T12881] Uninit was stored to memory at: [ 475.320256][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 475.325955][T12881] __msan_chain_origin+0x50/0x90 [ 475.330876][T12881] do_recvmmsg+0x105a/0x1ee0 [ 475.335449][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 475.340372][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 475.345207][T12881] do_syscall_64+0xb0/0x150 [ 475.349726][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 475.355619][T12881] [ 475.358106][T12881] Uninit was stored to memory at: [ 475.363118][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 475.368995][T12881] __msan_chain_origin+0x50/0x90 [ 475.373941][T12881] do_recvmmsg+0x105a/0x1ee0 [ 475.378702][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 475.383630][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 475.388473][T12881] do_syscall_64+0xb0/0x150 [ 475.392969][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 475.398848][T12881] [ 475.401170][T12881] Uninit was stored to memory at: [ 475.406188][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 475.411898][T12881] __msan_chain_origin+0x50/0x90 [ 475.416824][T12881] do_recvmmsg+0x105a/0x1ee0 [ 475.421489][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 475.426429][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 475.431269][T12881] do_syscall_64+0xb0/0x150 [ 475.435763][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 475.441732][T12881] [ 475.444055][T12881] Uninit was stored to memory at: [ 475.449154][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 475.454858][T12881] __msan_chain_origin+0x50/0x90 [ 475.459787][T12881] do_recvmmsg+0x105a/0x1ee0 [ 475.464368][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 475.469295][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 475.474144][T12881] do_syscall_64+0xb0/0x150 [ 475.478634][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 475.484502][T12881] [ 475.486812][T12881] Uninit was stored to memory at: [ 475.491825][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 475.497542][T12881] __msan_chain_origin+0x50/0x90 [ 475.502656][T12881] do_recvmmsg+0x105a/0x1ee0 [ 475.507241][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 475.512181][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 475.517018][T12881] do_syscall_64+0xb0/0x150 [ 475.521511][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 475.527382][T12881] [ 475.529701][T12881] Uninit was stored to memory at: [ 475.534711][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 475.540413][T12881] __msan_chain_origin+0x50/0x90 [ 475.545338][T12881] do_recvmmsg+0x105a/0x1ee0 [ 475.549912][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 475.554835][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 475.559678][T12881] do_syscall_64+0xb0/0x150 [ 475.564168][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 475.570037][T12881] [ 475.572347][T12881] Local variable ----msg_sys@do_recvmmsg created at: [ 475.579010][T12881] do_recvmmsg+0xc5/0x1ee0 [ 475.583429][T12881] do_recvmmsg+0xc5/0x1ee0 05:26:57 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 475.816225][T12895] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 05:26:58 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r5}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) r6 = creat(&(0x7f00000000c0)='./file0\x00', 0x51f) write$binfmt_script(r6, &(0x7f0000002300)={'#! ', './file0'}, 0xb) close(r6) ioctl$DRM_IOCTL_MODE_SETCRTC(r6, 0xc06864a2, &(0x7f0000000180)={&(0x7f0000000040)=[0x81d0, 0x1], 0x2, 0x80000001, 0x100, 0xffff, 0x5, 0x7a85, 0x2, {0x5, 0x84, 0x1000, 0x8, 0xff, 0xff, 0xf6, 0x4, 0x7, 0x5, 0x3, 0x8000, 0x4, 0x6, "5fdb35f7195c3b1eb8f7453b405324b46d8e62af9a0e895dca2ed68c78d5565d"}}) [ 475.884346][T12900] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 476.249971][T12881] not chained 190000 origins [ 476.254614][T12881] CPU: 1 PID: 12881 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 476.263546][T12881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 476.273697][T12881] Call Trace: [ 476.277004][T12881] dump_stack+0x1df/0x240 [ 476.281351][T12881] kmsan_internal_chain_origin+0x6f/0x130 [ 476.287188][T12881] ? kmsan_get_metadata+0x4f/0x180 [ 476.292308][T12881] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 476.298267][T12881] ? __msan_poison_alloca+0xf0/0x120 [ 476.303564][T12881] ? kmsan_get_metadata+0x11d/0x180 [ 476.308770][T12881] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 476.314593][T12881] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 476.320671][T12881] ? kfree+0x61/0x30f0 [ 476.324756][T12881] ? kmsan_get_metadata+0x4f/0x180 [ 476.329877][T12881] ? kmsan_set_origin_checked+0x95/0xf0 [ 476.335434][T12881] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 476.341514][T12881] ? _copy_from_user+0x15b/0x260 [ 476.346459][T12881] ? kmsan_get_metadata+0x4f/0x180 [ 476.351581][T12881] __msan_chain_origin+0x50/0x90 [ 476.356530][T12881] do_recvmmsg+0x105a/0x1ee0 [ 476.361167][T12881] ? __msan_poison_alloca+0xf0/0x120 [ 476.366474][T12881] ? __se_sys_recvmmsg+0xac/0x350 [ 476.371516][T12881] ? __se_sys_recvmmsg+0xac/0x350 [ 476.376561][T12881] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 476.382555][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 476.387688][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 476.392672][T12881] do_syscall_64+0xb0/0x150 [ 476.397224][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 476.403121][T12881] RIP: 0033:0x45c1d9 [ 476.407009][T12881] Code: Bad RIP value. [ 476.411073][T12881] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 476.419489][T12881] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 476.427554][T12881] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 476.435533][T12881] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 476.443511][T12881] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 476.451487][T12881] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 476.459480][T12881] Uninit was stored to memory at: [ 476.464516][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 476.470679][T12881] __msan_chain_origin+0x50/0x90 [ 476.475628][T12881] do_recvmmsg+0x105a/0x1ee0 [ 476.480232][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 476.485182][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 476.490040][T12881] do_syscall_64+0xb0/0x150 [ 476.494555][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 476.500440][T12881] [ 476.502764][T12881] Uninit was stored to memory at: [ 476.507800][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 476.512036][T12861] not chained 200000 origins [ 476.513533][T12881] __msan_chain_origin+0x50/0x90 [ 476.518106][T12861] CPU: 0 PID: 12861 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 476.523022][T12881] do_recvmmsg+0x105a/0x1ee0 [ 476.531668][T12861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 476.536240][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 476.546280][T12861] Call Trace: [ 476.551218][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 476.554477][T12861] dump_stack+0x1df/0x240 [ 476.559304][T12881] do_syscall_64+0xb0/0x150 [ 476.563608][T12861] kmsan_internal_chain_origin+0x6f/0x130 [ 476.568089][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 476.573791][T12861] ? kmsan_get_metadata+0x4f/0x180 [ 476.579736][T12881] [ 476.584832][T12861] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 476.587140][T12881] Uninit was stored to memory at: [ 476.593029][T12861] ? __msan_poison_alloca+0xf0/0x120 [ 476.598039][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 476.603305][T12861] ? kmsan_get_metadata+0x11d/0x180 [ 476.608999][T12881] __msan_chain_origin+0x50/0x90 [ 476.614240][T12861] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 476.619154][T12881] do_recvmmsg+0x105a/0x1ee0 [ 476.624932][T12861] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 476.629494][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 476.635537][T12861] ? kfree+0x61/0x30f0 [ 476.640450][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 476.644511][T12861] ? kmsan_get_metadata+0x4f/0x180 [ 476.649337][T12881] do_syscall_64+0xb0/0x150 [ 476.654421][T12861] ? kmsan_set_origin_checked+0x95/0xf0 [ 476.658901][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 476.664419][T12861] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 476.670287][T12881] [ 476.676361][T12861] ? _copy_from_user+0x15b/0x260 [ 476.678657][T12881] Uninit was stored to memory at: [ 476.683664][T12861] ? kmsan_get_metadata+0x4f/0x180 [ 476.688749][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 476.693835][T12861] __msan_chain_origin+0x50/0x90 [ 476.702483][T12881] __msan_chain_origin+0x50/0x90 [ 476.707397][T12861] do_recvmmsg+0x105a/0x1ee0 [ 476.712308][T12881] do_recvmmsg+0x105a/0x1ee0 [ 476.716901][T12861] ? __msan_poison_alloca+0xf0/0x120 [ 476.721442][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 476.726799][T12861] ? __se_sys_recvmmsg+0xac/0x350 [ 476.731717][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 476.736707][T12861] ? __se_sys_recvmmsg+0xac/0x350 [ 476.742066][T12881] do_syscall_64+0xb0/0x150 [ 476.747062][T12861] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 476.751550][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 476.757413][T12861] __se_sys_recvmmsg+0x1d1/0x350 [ 476.763277][T12881] [ 476.768749][T12861] __x64_sys_recvmmsg+0x62/0x80 [ 476.771044][T12881] Uninit was stored to memory at: [ 476.775881][T12861] do_syscall_64+0xb0/0x150 [ 476.780879][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 476.785360][T12861] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 476.791136][T12881] __msan_chain_origin+0x50/0x90 [ 476.797018][T12861] RIP: 0033:0x45c1d9 [ 476.801941][T12881] do_recvmmsg+0x105a/0x1ee0 [ 476.805798][T12861] Code: Bad RIP value. [ 476.810373][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 476.814406][T12861] RSP: 002b:00007fd04b9a7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 476.819325][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 476.827704][T12861] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 476.832537][T12881] do_syscall_64+0xb0/0x150 [ 476.840477][T12861] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 476.845047][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 476.852998][T12861] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 476.858857][T12881] [ 476.866809][T12861] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 476.869111][T12881] Uninit was stored to memory at: [ 476.877065][T12861] R13: 0000000000c9fb6f R14: 00007fd04b9a89c0 R15: 000000000078bf0c [ 476.882069][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 476.890099][T12861] Uninit was stored to memory at: [ 476.895883][T12881] __msan_chain_origin+0x50/0x90 [ 476.900893][T12861] kmsan_internal_chain_origin+0xad/0x130 [ 476.905824][T12881] do_recvmmsg+0x105a/0x1ee0 [ 476.911510][T12861] __msan_chain_origin+0x50/0x90 [ 476.916075][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 476.920986][T12861] do_recvmmsg+0x105a/0x1ee0 [ 476.925914][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 476.930483][T12861] __se_sys_recvmmsg+0x1d1/0x350 [ 476.935313][T12881] do_syscall_64+0xb0/0x150 [ 476.940221][T12861] __x64_sys_recvmmsg+0x62/0x80 [ 476.944720][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 476.949547][T12861] do_syscall_64+0xb0/0x150 [ 476.955403][T12881] [ 476.959893][T12861] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 476.962187][T12881] Uninit was stored to memory at: [ 476.968048][T12861] [ 476.973053][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 476.975349][T12861] Uninit was stored to memory at: [ 476.981047][T12881] __msan_chain_origin+0x50/0x90 [ 476.986046][T12861] kmsan_internal_chain_origin+0xad/0x130 [ 476.990960][T12881] do_recvmmsg+0x105a/0x1ee0 [ 476.996652][T12861] __msan_chain_origin+0x50/0x90 [ 477.001217][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 477.006128][T12861] do_recvmmsg+0x105a/0x1ee0 [ 477.011040][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 477.015604][T12861] __se_sys_recvmmsg+0x1d1/0x350 [ 477.020445][T12881] do_syscall_64+0xb0/0x150 [ 477.025355][T12861] __x64_sys_recvmmsg+0x62/0x80 [ 477.029834][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 477.034655][T12861] do_syscall_64+0xb0/0x150 [ 477.040509][T12881] [ 477.045011][T12861] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 477.047307][T12881] Local variable ----msg_sys@do_recvmmsg created at: [ 477.053168][T12861] [ 477.059879][T12881] do_recvmmsg+0xc5/0x1ee0 [ 477.062176][T12861] Uninit was stored to memory at: [ 477.066574][T12881] do_recvmmsg+0xc5/0x1ee0 [ 477.071589][T12861] kmsan_internal_chain_origin+0xad/0x130 [ 477.081678][T12861] __msan_chain_origin+0x50/0x90 [ 477.086627][T12861] do_recvmmsg+0x105a/0x1ee0 [ 477.091224][T12861] __se_sys_recvmmsg+0x1d1/0x350 [ 477.096171][T12861] __x64_sys_recvmmsg+0x62/0x80 [ 477.101032][T12861] do_syscall_64+0xb0/0x150 [ 477.105546][T12861] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 477.111609][T12861] [ 477.113939][T12861] Uninit was stored to memory at: [ 477.118983][T12861] kmsan_internal_chain_origin+0xad/0x130 [ 477.124715][T12861] __msan_chain_origin+0x50/0x90 [ 477.129665][T12861] do_recvmmsg+0x105a/0x1ee0 [ 477.134281][T12861] __se_sys_recvmmsg+0x1d1/0x350 [ 477.139229][T12861] __x64_sys_recvmmsg+0x62/0x80 [ 477.144092][T12861] do_syscall_64+0xb0/0x150 [ 477.148608][T12861] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 477.154498][T12861] [ 477.156831][T12861] Uninit was stored to memory at: [ 477.161871][T12861] kmsan_internal_chain_origin+0xad/0x130 [ 477.167602][T12861] __msan_chain_origin+0x50/0x90 [ 477.172573][T12861] do_recvmmsg+0x105a/0x1ee0 [ 477.177176][T12861] __se_sys_recvmmsg+0x1d1/0x350 [ 477.182140][T12861] __x64_sys_recvmmsg+0x62/0x80 [ 477.187010][T12861] do_syscall_64+0xb0/0x150 [ 477.191526][T12861] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 477.197629][T12861] [ 477.199960][T12861] Uninit was stored to memory at: [ 477.205003][T12861] kmsan_internal_chain_origin+0xad/0x130 [ 477.210741][T12861] __msan_chain_origin+0x50/0x90 [ 477.215715][T12861] do_recvmmsg+0x105a/0x1ee0 [ 477.220776][T12861] __se_sys_recvmmsg+0x1d1/0x350 [ 477.225754][T12861] __x64_sys_recvmmsg+0x62/0x80 [ 477.230620][T12861] do_syscall_64+0xb0/0x150 [ 477.235227][T12861] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 477.241120][T12861] [ 477.243446][T12861] Uninit was stored to memory at: [ 477.248484][T12861] kmsan_internal_chain_origin+0xad/0x130 [ 477.254245][T12861] __msan_chain_origin+0x50/0x90 [ 477.259712][T12861] do_recvmmsg+0x105a/0x1ee0 [ 477.264432][T12861] __se_sys_recvmmsg+0x1d1/0x350 [ 477.269654][T12861] __x64_sys_recvmmsg+0x62/0x80 [ 477.274690][T12861] do_syscall_64+0xb0/0x150 [ 477.279219][T12861] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 477.285111][T12861] [ 477.287468][T12861] Local variable ----msg_sys@do_recvmmsg created at: [ 477.294163][T12861] do_recvmmsg+0xc5/0x1ee0 [ 477.298591][T12861] do_recvmmsg+0xc5/0x1ee0 [ 478.486872][T12881] not chained 210000 origins [ 478.491699][T12881] CPU: 0 PID: 12881 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 478.501642][T12881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 478.512883][T12881] Call Trace: [ 478.516291][T12881] dump_stack+0x1df/0x240 [ 478.521178][T12881] kmsan_internal_chain_origin+0x6f/0x130 [ 478.527114][T12881] ? kmsan_get_metadata+0x4f/0x180 [ 478.533056][T12881] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 478.539164][T12881] ? __msan_poison_alloca+0xf0/0x120 [ 478.545400][T12881] ? kmsan_get_metadata+0x11d/0x180 [ 478.551278][T12881] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 478.557575][T12881] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 478.566589][T12881] ? kfree+0x61/0x30f0 [ 478.570980][T12881] ? kmsan_get_metadata+0x4f/0x180 [ 478.576909][T12881] ? kmsan_set_origin_checked+0x95/0xf0 [ 478.591597][T12881] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 478.598456][T12881] ? _copy_from_user+0x15b/0x260 [ 478.603417][T12881] ? kmsan_get_metadata+0x4f/0x180 [ 478.608633][T12881] __msan_chain_origin+0x50/0x90 [ 478.613594][T12881] do_recvmmsg+0x105a/0x1ee0 [ 478.629500][T12881] ? __msan_poison_alloca+0xf0/0x120 [ 478.634955][T12881] ? __se_sys_recvmmsg+0xac/0x350 [ 478.640363][T12881] ? __se_sys_recvmmsg+0xac/0x350 [ 478.645581][T12881] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 478.651839][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 478.657147][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 478.663138][T12881] do_syscall_64+0xb0/0x150 [ 478.667778][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 478.674225][T12881] RIP: 0033:0x45c1d9 [ 478.678125][T12881] Code: Bad RIP value. [ 478.682281][T12881] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 478.691316][T12881] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 478.699515][T12881] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 478.707514][T12881] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 478.715672][T12881] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 478.724099][T12881] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 478.732318][T12881] Uninit was stored to memory at: [ 478.737531][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 478.743350][T12881] __msan_chain_origin+0x50/0x90 [ 478.748819][T12881] do_recvmmsg+0x105a/0x1ee0 [ 478.753622][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 478.758661][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 478.763889][T12881] do_syscall_64+0xb0/0x150 [ 478.768664][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 478.774560][T12881] [ 478.776901][T12881] Uninit was stored to memory at: [ 478.782550][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 478.788620][T12881] __msan_chain_origin+0x50/0x90 [ 478.794595][T12881] do_recvmmsg+0x105a/0x1ee0 [ 478.799634][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 478.804590][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 478.809543][T12881] do_syscall_64+0xb0/0x150 [ 478.814188][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 478.820079][T12881] [ 478.822407][T12881] Uninit was stored to memory at: [ 478.828388][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 478.834256][T12881] __msan_chain_origin+0x50/0x90 [ 478.839291][T12881] do_recvmmsg+0x105a/0x1ee0 [ 478.844160][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 478.849284][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 478.854157][T12881] do_syscall_64+0xb0/0x150 [ 478.858675][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 478.865099][T12881] [ 478.867436][T12881] Uninit was stored to memory at: [ 478.872604][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 478.878668][T12881] __msan_chain_origin+0x50/0x90 [ 478.884068][T12881] do_recvmmsg+0x105a/0x1ee0 [ 478.888829][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 478.893795][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 478.898656][T12881] do_syscall_64+0xb0/0x150 [ 478.904415][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 478.910393][T12881] [ 478.912757][T12881] Uninit was stored to memory at: [ 478.917885][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 478.924603][T12881] __msan_chain_origin+0x50/0x90 [ 478.929547][T12881] do_recvmmsg+0x105a/0x1ee0 [ 478.934245][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 478.939186][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 478.944201][T12881] do_syscall_64+0xb0/0x150 [ 478.949343][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 478.956195][T12881] [ 478.958612][T12881] Uninit was stored to memory at: [ 478.963914][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 478.970176][T12881] __msan_chain_origin+0x50/0x90 [ 478.975905][T12881] do_recvmmsg+0x105a/0x1ee0 [ 478.980496][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 478.985442][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 478.990385][T12881] do_syscall_64+0xb0/0x150 [ 478.994901][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 479.000831][T12881] [ 479.003158][T12881] Uninit was stored to memory at: [ 479.009357][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 479.015322][T12881] __msan_chain_origin+0x50/0x90 [ 479.020697][T12881] do_recvmmsg+0x105a/0x1ee0 [ 479.025548][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 479.030663][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 479.035753][T12881] do_syscall_64+0xb0/0x150 [ 479.040350][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 479.046442][T12881] [ 479.048868][T12881] Local variable ----msg_sys@do_recvmmsg created at: [ 479.055648][T12881] do_recvmmsg+0xc5/0x1ee0 [ 479.060448][T12881] do_recvmmsg+0xc5/0x1ee0 [ 479.368720][T12881] not chained 220000 origins [ 479.373579][T12881] CPU: 1 PID: 12881 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 479.382908][T12881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 479.394528][T12881] Call Trace: [ 479.397853][T12881] dump_stack+0x1df/0x240 [ 479.402217][T12881] kmsan_internal_chain_origin+0x6f/0x130 [ 479.408851][T12881] ? kmsan_get_metadata+0x4f/0x180 [ 479.414177][T12881] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 479.420091][T12881] ? __msan_poison_alloca+0xf0/0x120 [ 479.425830][T12881] ? kmsan_get_metadata+0x11d/0x180 [ 479.431367][T12881] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 479.437216][T12881] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 479.443403][T12881] ? kfree+0x61/0x30f0 [ 479.447491][T12881] ? kmsan_get_metadata+0x4f/0x180 [ 479.452971][T12881] ? kmsan_set_origin_checked+0x95/0xf0 [ 479.458722][T12881] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 479.464826][T12881] ? _copy_from_user+0x15b/0x260 [ 479.469829][T12881] ? kmsan_get_metadata+0x4f/0x180 [ 479.475227][T12881] __msan_chain_origin+0x50/0x90 [ 479.481688][T12881] do_recvmmsg+0x105a/0x1ee0 [ 479.486910][T12881] ? __msan_poison_alloca+0xf0/0x120 [ 479.492400][T12881] ? __se_sys_recvmmsg+0xac/0x350 [ 479.497784][T12881] ? __se_sys_recvmmsg+0xac/0x350 [ 479.503845][T12881] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 479.510042][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 479.516091][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 479.521436][T12881] do_syscall_64+0xb0/0x150 [ 479.526791][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 479.533282][T12881] RIP: 0033:0x45c1d9 [ 479.537471][T12881] Code: Bad RIP value. [ 479.542213][T12881] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 479.551170][T12881] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 479.563404][T12881] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 479.571913][T12881] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 479.580599][T12881] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 479.588849][T12881] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 479.597340][T12881] Uninit was stored to memory at: [ 479.602606][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 479.608436][T12881] __msan_chain_origin+0x50/0x90 [ 479.613478][T12881] do_recvmmsg+0x105a/0x1ee0 [ 479.618165][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 479.623134][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 479.628013][T12881] do_syscall_64+0xb0/0x150 [ 479.632537][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 479.638688][T12881] [ 479.641020][T12881] Uninit was stored to memory at: [ 479.646059][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 479.652026][T12881] __msan_chain_origin+0x50/0x90 [ 479.657071][T12881] do_recvmmsg+0x105a/0x1ee0 [ 479.662067][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 479.667029][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 479.671990][T12881] do_syscall_64+0xb0/0x150 [ 479.676617][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 479.683537][T12881] [ 479.685873][T12881] Uninit was stored to memory at: [ 479.690916][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 479.696651][T12881] __msan_chain_origin+0x50/0x90 [ 479.701776][T12881] do_recvmmsg+0x105a/0x1ee0 [ 479.706533][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 479.711503][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 479.716553][T12881] do_syscall_64+0xb0/0x150 [ 479.721072][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 479.726964][T12881] [ 479.729292][T12881] Uninit was stored to memory at: [ 479.734694][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 479.740525][T12881] __msan_chain_origin+0x50/0x90 [ 479.746258][T12881] do_recvmmsg+0x105a/0x1ee0 [ 479.750990][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 479.756564][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 479.761654][T12881] do_syscall_64+0xb0/0x150 [ 479.766530][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 479.772509][T12881] [ 479.774862][T12881] Uninit was stored to memory at: [ 479.779994][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 479.786135][T12881] __msan_chain_origin+0x50/0x90 [ 479.791449][T12881] do_recvmmsg+0x105a/0x1ee0 [ 479.796160][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 479.801293][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 479.806176][T12881] do_syscall_64+0xb0/0x150 [ 479.810986][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 479.816898][T12881] [ 479.819258][T12881] Uninit was stored to memory at: [ 479.824522][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 479.830365][T12881] __msan_chain_origin+0x50/0x90 [ 479.835395][T12881] do_recvmmsg+0x105a/0x1ee0 [ 479.840010][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 479.845101][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 479.850227][T12881] do_syscall_64+0xb0/0x150 [ 479.854756][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 479.860948][T12881] [ 479.863624][T12881] Uninit was stored to memory at: [ 479.868792][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 479.875051][T12881] __msan_chain_origin+0x50/0x90 [ 479.879998][T12881] do_recvmmsg+0x105a/0x1ee0 [ 479.884981][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 479.890211][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 479.895122][T12881] do_syscall_64+0xb0/0x150 [ 479.899639][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 479.905845][T12881] [ 479.908268][T12881] Local variable ----msg_sys@do_recvmmsg created at: [ 479.915058][T12881] do_recvmmsg+0xc5/0x1ee0 [ 479.919730][T12881] do_recvmmsg+0xc5/0x1ee0 [ 480.054565][T12881] not chained 230000 origins [ 480.060512][T12881] CPU: 1 PID: 12881 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 480.069951][T12881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 480.080539][T12881] Call Trace: [ 480.084346][T12881] dump_stack+0x1df/0x240 [ 480.088961][T12881] kmsan_internal_chain_origin+0x6f/0x130 [ 480.099192][T12881] ? kmsan_get_metadata+0x4f/0x180 [ 480.104472][T12881] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 480.110394][T12881] ? __msan_poison_alloca+0xf0/0x120 [ 480.116053][T12881] ? kmsan_get_metadata+0x11d/0x180 [ 480.121448][T12881] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 480.127268][T12881] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 480.133524][T12881] ? kfree+0x61/0x30f0 [ 480.137616][T12881] ? kmsan_get_metadata+0x4f/0x180 [ 480.142761][T12881] ? kmsan_set_origin_checked+0x95/0xf0 [ 480.148347][T12881] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 480.154732][T12881] ? _copy_from_user+0x15b/0x260 [ 480.160066][T12881] ? kmsan_get_metadata+0x4f/0x180 [ 480.165454][T12881] __msan_chain_origin+0x50/0x90 [ 480.170524][T12881] do_recvmmsg+0x105a/0x1ee0 [ 480.176054][T12881] ? __msan_poison_alloca+0xf0/0x120 [ 480.181445][T12881] ? __se_sys_recvmmsg+0xac/0x350 [ 480.186860][T12881] ? __se_sys_recvmmsg+0xac/0x350 [ 480.192242][T12881] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 480.198425][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 480.203569][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 480.208895][T12881] do_syscall_64+0xb0/0x150 [ 480.213512][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 480.219517][T12881] RIP: 0033:0x45c1d9 [ 480.223412][T12881] Code: Bad RIP value. [ 480.227568][T12881] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 480.236248][T12881] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 480.244231][T12881] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 480.252361][T12881] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 480.260618][T12881] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 480.268695][T12881] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 480.277132][T12881] Uninit was stored to memory at: [ 480.282178][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 480.288081][T12881] __msan_chain_origin+0x50/0x90 [ 480.293327][T12881] do_recvmmsg+0x105a/0x1ee0 [ 480.297930][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 480.302877][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 480.307952][T12881] do_syscall_64+0xb0/0x150 [ 480.312562][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 480.318453][T12881] [ 480.320788][T12881] Uninit was stored to memory at: [ 480.325830][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 480.331654][T12881] __msan_chain_origin+0x50/0x90 [ 480.336605][T12881] do_recvmmsg+0x105a/0x1ee0 [ 480.341301][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 480.346447][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 480.352098][T12881] do_syscall_64+0xb0/0x150 [ 480.356820][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 480.362866][T12881] [ 480.365298][T12881] Uninit was stored to memory at: [ 480.370506][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 480.376597][T12881] __msan_chain_origin+0x50/0x90 [ 480.381627][T12881] do_recvmmsg+0x105a/0x1ee0 [ 480.386576][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 480.391706][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 480.396742][T12881] do_syscall_64+0xb0/0x150 [ 480.401285][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 480.407174][T12881] [ 480.409597][T12881] Uninit was stored to memory at: [ 480.415079][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 480.420823][T12881] __msan_chain_origin+0x50/0x90 [ 480.425806][T12881] do_recvmmsg+0x105a/0x1ee0 [ 480.430619][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 480.435812][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 480.441030][T12881] do_syscall_64+0xb0/0x150 [ 480.445664][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 480.451640][T12881] [ 480.453975][T12881] Uninit was stored to memory at: [ 480.459452][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 480.465359][T12881] __msan_chain_origin+0x50/0x90 [ 480.470396][T12881] do_recvmmsg+0x105a/0x1ee0 [ 480.475352][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 480.481455][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 480.486357][T12881] do_syscall_64+0xb0/0x150 [ 480.491238][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 480.497873][T12881] [ 480.500307][T12881] Uninit was stored to memory at: [ 480.505349][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 480.511080][T12881] __msan_chain_origin+0x50/0x90 [ 480.516122][T12881] do_recvmmsg+0x105a/0x1ee0 [ 480.520733][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 480.525937][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 480.530895][T12881] do_syscall_64+0xb0/0x150 [ 480.536026][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 480.542702][T12881] [ 480.545124][T12881] Uninit was stored to memory at: [ 480.550350][T12881] kmsan_internal_chain_origin+0xad/0x130 [ 480.556727][T12881] __msan_chain_origin+0x50/0x90 [ 480.564162][T12881] do_recvmmsg+0x105a/0x1ee0 [ 480.568959][T12881] __se_sys_recvmmsg+0x1d1/0x350 [ 480.574133][T12881] __x64_sys_recvmmsg+0x62/0x80 [ 480.579100][T12881] do_syscall_64+0xb0/0x150 [ 480.583885][T12881] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 480.589871][T12881] [ 480.592309][T12881] Local variable ----msg_sys@do_recvmmsg created at: [ 480.599264][T12881] do_recvmmsg+0xc5/0x1ee0 [ 480.604050][T12881] do_recvmmsg+0xc5/0x1ee0 05:27:02 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00'}) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:27:02 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x20, r1, 0xab9535e9a6578fc1, 0x0, 0x0, {0x5}, [@NL80211_ATTR_WDEV={0xc}]}, 0x20}}, 0x0) 05:27:02 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 05:27:02 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:27:02 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$sock_SIOCGIFVLAN_SET_VLAN_FLAG_CMD(r6, 0x8982, &(0x7f0000000040)={0x7, 'veth0_to_hsr\x00', {0x9}, 0xfdd}) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r7}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) 05:27:02 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) [ 480.919343][T12931] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 481.007894][T12941] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:03 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x20, r1, 0xab9535e9a6578fc1, 0x0, 0x0, {0x5}, [@NL80211_ATTR_WDEV={0xc}]}, 0x20}}, 0x0) 05:27:03 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$cgroup_netprio_ifpriomap(r6, &(0x7f0000000040)={'veth0_vlan', 0x32, 0x33}, 0xd) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r7}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) 05:27:03 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00'}) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:27:03 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$packet(0x11, 0xa, 0x300) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080), 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:03 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 481.568286][T12954] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:03 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2c78000000000000000000000000000000000000e06ebffef777332b8e2ab55bcc5391f3eafd4ac1bb195a43b894f45bde42b82004bda69c753ed3e020bd6418edeb8ffebd1f607edf40d8c0bc5eb7b1e1b2c68ea99269d1840cbce306cf490f8bd7f230179b670165ff0e42cb0c1601000000e24ba70f9fb946665cadbda9e0274800740a4939d1105c4da5e682c687614952c51ef63718", @ANYRES32=r5, @ANYBLOB="14000100fc0200"/20], 0x2c}}, 0x0) 05:27:03 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x20, 0x0, 0xab9535e9a6578fc1, 0x0, 0x0, {0x5}, [@NL80211_ATTR_WDEV={0xc}]}, 0x20}}, 0x0) 05:27:03 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 481.831836][T12963] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:04 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:27:04 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockname$packet(r4, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r5}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) r6 = creat(&(0x7f00000000c0)='./file0\x00', 0x51f) write$binfmt_script(r6, &(0x7f0000002300)={'#! ', './file0'}, 0xb) close(r6) write$6lowpan_control(r6, &(0x7f0000000040)='connect aa:aa:aa:aa:aa:10 2', 0x1b) 05:27:04 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x20, 0x0, 0xab9535e9a6578fc1, 0x0, 0x0, {0x5}, [@NL80211_ATTR_WDEV={0xc}]}, 0x20}}, 0x0) 05:27:04 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00'}) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:27:04 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$packet(0x11, 0xa, 0x300) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080), 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:04 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 482.241518][T12979] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:04 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x20, 0x0, 0xab9535e9a6578fc1, 0x0, 0x0, {0x5}, [@NL80211_ATTR_WDEV={0xc}]}, 0x20}}, 0x0) [ 482.446131][T12995] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:04 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r5 = creat(&(0x7f00000000c0)='./file0\x00', 0x51f) write$binfmt_script(r5, &(0x7f0000002300)={'#! ', './file0'}, 0xb) close(r5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r8) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r9) io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x6, &(0x7f0000000080)={0x0, &(0x7f0000000040)=[r5, r7, r2, r0, r8, r9]}, 0x6) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r10}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) 05:27:04 executing program 1: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x20, r0, 0xab9535e9a6578fc1, 0x0, 0x0, {0x5}, [@NL80211_ATTR_WDEV={0xc}]}, 0x20}}, 0x0) 05:27:04 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$packet(0x11, 0xa, 0x300) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080), 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:27:04 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$packet(0x11, 0xa, 0x300) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080), 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:04 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 482.988555][T13020] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 483.124247][T13023] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:05 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:05 executing program 1: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x20, r0, 0xab9535e9a6578fc1, 0x0, 0x0, {0x5}, [@NL80211_ATTR_WDEV={0xc}]}, 0x20}}, 0x0) 05:27:05 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000080)=@assoc_value={0x0}, &(0x7f0000000040)) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4}, 0x20) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000040)={r4, 0x270c}, &(0x7f0000000100)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000040)={r4, 0x2}, 0xc) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r5 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) getsockname$packet(r7, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="2c00000015000800000b32683f0000000a8000008a3c6a7418fdec88d2df41c269752d0a6d6532d4e643f9a2947fd8db4c3c051a8fb675d844b63175dd919d021eaf315069f02336aad7b4530524f371", @ANYRES32=r8, @ANYBLOB="14000100fc0200"/20], 0x2c}}, 0x0) r9 = creat(&(0x7f00000000c0)='./file0\x00', 0x51f) write$binfmt_script(r9, &(0x7f0000002300)={'#! ', './file0'}, 0xb) close(r9) ioctl$VIDIOC_TRY_EXT_CTRLS(r3, 0xc0205649, &(0x7f0000000300)={0x9e0000, 0x5, 0x7, r9, 0x0, &(0x7f00000002c0)={0x990906, 0xff, [], @p_u32=&(0x7f0000000240)=0x6}}) 05:27:05 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$packet(0x11, 0xa, 0x300) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080), 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:27:05 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, 0x0, &(0x7f0000000200)) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27}, 0x24}}, 0x0) 05:27:05 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 483.602927][T13043] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:05 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:05 executing program 1: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x20, r0, 0xab9535e9a6578fc1, 0x0, 0x0, {0x5}, [@NL80211_ATTR_WDEV={0xc}]}, 0x20}}, 0x0) 05:27:05 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES32=r5, @ANYBLOB="140100de0200"/20], 0x2c}}, 0x0) 05:27:05 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$packet(0x11, 0xa, 0x300) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080), 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) [ 483.843912][T13055] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:06 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, 0x0, &(0x7f0000000200)) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27}, 0x24}}, 0x0) 05:27:06 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:06 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0) sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x20, r1, 0xab9535e9a6578fc1, 0x0, 0x0, {0x5}, [@NL80211_ATTR_WDEV={0xc}]}, 0x20}}, 0x0) 05:27:06 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3}, 0x20) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000040)={r3, 0x270c}, &(0x7f0000000100)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000480)={r3, @in={{0x2, 0x4e22, @multicast2}}, 0x5, 0xf04, 0x800, 0x2, 0x25, 0x9, 0x5}, 0x9c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockname$packet(r5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2c0000001500010000000000000000000a780000", @ANYRES32=r6, @ANYBLOB="14000100fc020000000000000000000000000000d6f61ebd9c62407215f3715b1c727758de7a9e097d496d3d04dec9d683b5fe10b9d8f0867eb9055629c9355600f8695fbfc7b72d7fba61819a4b0a0a05af57a09a96992cc5d0be1d224031458f8fa9bf0505c6dac6692c98de1b41aa1d7d14780649f6fe2b6cf2e30decbda3ccf9865d6aee5585fe6bebcb917cf7ed4eb37f4838996d3a323b142b00000000000000656f8b236c26fdbaaab3fa916c604c9f3c6f4000e33172eba946a016a8350eaf9577e22e4f9c68fcb7e79c7d4d0f7ae6d2918bf0c27ac21a8c9427790334ed0d3a35b05bf24c40fd6f7f3db07b8b955fa54c3b7f521ac96f9a7e12fa47aa1178c9ca523b0b6c38b6fe110a077b8330b9b732437fb81cb4c176b173dee65b275724ae03960abb0bd1bd22a9dde01121ba26628f303a130990bf135be4f8a81a002f3b0a893bc2354ef9883b7aa536c1c30d3de128f928906f0515a560c91af2780a2851b9ee9d5db0d2ee2857"], 0x2c}}, 0x0) 05:27:06 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:27:06 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 05:27:06 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:06 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, 0x0, &(0x7f0000000200)) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27}, 0x24}}, 0x0) 05:27:06 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0) sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x20, r1, 0xab9535e9a6578fc1, 0x0, 0x0, {0x5}, [@NL80211_ATTR_WDEV={0xc}]}, 0x20}}, 0x0) 05:27:06 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$sock_bt_bnep_BNEPCONNDEL(r3, 0x400442c9, &(0x7f0000000040)={0x444, @multicast}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) getsockname$packet(r6, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r7}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) 05:27:06 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:27:07 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0) sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x20, r1, 0xab9535e9a6578fc1, 0x0, 0x0, {0x5}, [@NL80211_ATTR_WDEV={0xc}]}, 0x20}}, 0x0) 05:27:07 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:07 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:27:07 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c0000ab9a001500010000000000000000000a780000", @ANYRES32=r5, @ANYBLOB="14000100fc0200"/20], 0x2c}}, 0x0) 05:27:07 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:27:07 executing program 1: socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x20, r0, 0xab9535e9a6578fc1, 0x0, 0x0, {0x5}, [@NL80211_ATTR_WDEV={0xc}]}, 0x20}}, 0x0) 05:27:07 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 05:27:07 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:07 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:27:08 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:27:08 executing program 1: socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x20, r0, 0xab9535e9a6578fc1, 0x0, 0x0, {0x5}, [@NL80211_ATTR_WDEV={0xc}]}, 0x20}}, 0x0) [ 485.980097][T13138] __nla_validate_parse: 6 callbacks suppressed [ 485.980135][T13138] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 486.181026][T13152] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:08 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = dup(r7) getsockname$packet(r8, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r9}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r12 = dup(r11) getsockname$packet(r12, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r13}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) sendmsg$TEAM_CMD_OPTIONS_GET(0xffffffffffffffff, &(0x7f0000001180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000001140)={&(0x7f0000000540)={0xbd4, 0x0, 0x8, 0x70bd28, 0x25dfdbfb, {}, [{{0x8}, {0x1e4, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x5}, {0x8, 0x4, 0x32e3f264}}, {0x8, 0x6, r5}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x5}, {0x8, 0x4, 0x5}}}, {0x64, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x5}, {0x34, 0x4, [{0x1, 0x3, 0x47, 0x1000}, {0x7, 0x0, 0x81, 0x9b2}, {0x30db, 0x7, 0x7, 0xd6f3}, {0x6, 0x1f, 0x3, 0x7e}, {0x6, 0x4, 0x2, 0x4}, {0x9, 0x7, 0x23, 0x21349cb0}]}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x5}, {0x8, 0x4, 0x2}}}, {0x54, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x5}, {0x24, 0x4, [{0x100, 0x3, 0x8, 0xb0}, {0x6, 0xfd, 0x6}, {0x7, 0x3, 0xc0, 0x2}, {0x200, 0xb4, 0x4}]}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0x1f8, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x5}, {0x8}}}, {0x44, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x5}, {0x8, 0x4, r5}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x5}, {0x8, 0x4, 0x20b9}}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x3c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x5}, {0x8, 0x4, 0x7}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x5}, {0x8, 0x4, 0x1}}}]}}, {{0x8}, {0x174, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x5}, {0x8, 0x4, 0x80000000}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x5}, {0x8, 0x4, 0xffffffff}}, {0x8}}}]}}, {{0x8, 0x1, r5}, {0xb8, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x5}, {0x8}}, {0x8}}}, {0x3c, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x5}, {0xc, 0x4, [{0x200, 0x7, 0x40, 0x5}]}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x5}, {0x8, 0x4, 0x4}}}]}}, {{0x8}, {0x288, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x5}, {0x4}}, {0x8}}}, {0x4c, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x5}, {0x1c, 0x4, [{0x8ed, 0x0, 0x7, 0x8001}, {0x7fff, 0x81, 0x2, 0x8e}, {0xffff, 0x80, 0x0, 0x8}]}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x5}, {0x8}}, {0x8, 0x6, r5}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x5}, {0x8, 0x4, 0x3ff}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x5}, {0x8, 0x4, 0x6}}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x5}, {0x8, 0x4, 0x4}}}, {0x4c, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x5}, {0x1c, 0x4, [{0x8001, 0x20, 0x3f, 0x5}, {0x6, 0x7f, 0x6f, 0x4}, {0xffff, 0x7, 0x5, 0x4179}]}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x5}, {0x8}}}]}}, {{0x8, 0x1, r5}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x5}, {0x8, 0x4, 0x3}}, {0x8}}}]}}, {{0x8}, {0xb4, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x5}, {0x8, 0x4, 0x96f4}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x5}, {0x8, 0x4, 0xb5fa}}, {0x8}}}]}}, {{0x8, 0x1, r5}, {0x148, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x5}, {0x8, 0x4, 0x80000000}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}, {0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x5}, {0x8}}, {0x8}}}]}}, {{0x8, 0x1, r9}, {0xa8, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x5}, {0x8, 0x4, 0x313f}}, {0x8, 0x6, r13}}}, {0x64, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x5}, {0x34, 0x4, [{0x5, 0x4, 0x70}, {0x0, 0x2, 0x9, 0x2e1e}, {0x80, 0x4f, 0x7}, {0xdb, 0xff, 0x4, 0x5}, {0xcea, 0x5, 0xea, 0x8}, {0xffff, 0x3, 0x7, 0x200}]}}}]}}]}, 0xbd4}, 0x1, 0x0, 0x0, 0x4c884}, 0x20008000) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r5}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) 05:27:08 executing program 1: socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x20, r0, 0xab9535e9a6578fc1, 0x0, 0x0, {0x5}, [@NL80211_ATTR_WDEV={0xc}]}, 0x20}}, 0x0) 05:27:08 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r3}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:08 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:27:08 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:27:08 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x10, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 486.669542][T13168] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:08 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="2c0900001500010000000000000000000a780000", @ANYRES32=r5, @ANYBLOB="14000100fc00"/20], 0x2c}}, 0x0) 05:27:08 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(r0, 0x0, 0x0) 05:27:09 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r3}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) [ 486.954563][T13170] not chained 240000 origins [ 486.961317][T13170] CPU: 0 PID: 13170 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 486.972055][T13170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 486.984790][T13170] Call Trace: [ 486.988253][T13170] dump_stack+0x1df/0x240 [ 486.993827][T13170] kmsan_internal_chain_origin+0x6f/0x130 [ 487.000108][T13170] ? kmsan_get_metadata+0x4f/0x180 [ 487.005407][T13170] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 487.012049][T13170] ? __msan_poison_alloca+0xf0/0x120 [ 487.017881][T13170] ? kmsan_get_metadata+0x11d/0x180 [ 487.023140][T13170] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 487.029423][T13170] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 487.035589][T13170] ? kfree+0x61/0x30f0 [ 487.039666][T13170] ? kmsan_get_metadata+0x4f/0x180 [ 487.044802][T13170] ? kmsan_set_origin_checked+0x95/0xf0 [ 487.051010][T13170] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 487.057875][T13170] ? _copy_from_user+0x15b/0x260 [ 487.063447][T13170] ? kmsan_get_metadata+0x4f/0x180 [ 487.068651][T13170] __msan_chain_origin+0x50/0x90 [ 487.073884][T13170] do_recvmmsg+0x105a/0x1ee0 [ 487.078685][T13170] ? __msan_poison_alloca+0xf0/0x120 [ 487.084212][T13170] ? __se_sys_recvmmsg+0xac/0x350 [ 487.089329][T13170] ? __se_sys_recvmmsg+0xac/0x350 [ 487.094538][T13170] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 487.100961][T13170] __se_sys_recvmmsg+0x1d1/0x350 [ 487.106605][T13170] __x64_sys_recvmmsg+0x62/0x80 [ 487.111562][T13170] do_syscall_64+0xb0/0x150 [ 487.116074][T13170] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 487.121968][T13170] RIP: 0033:0x45c1d9 [ 487.126094][T13170] Code: Bad RIP value. [ 487.130256][T13170] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 487.138764][T13170] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 487.147488][T13170] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 487.155645][T13170] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 487.163705][T13170] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 487.171915][T13170] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 487.182011][T13170] Uninit was stored to memory at: [ 487.187596][T13170] kmsan_internal_chain_origin+0xad/0x130 [ 487.193672][T13170] __msan_chain_origin+0x50/0x90 [ 487.198893][T13170] do_recvmmsg+0x105a/0x1ee0 [ 487.203508][T13170] __se_sys_recvmmsg+0x1d1/0x350 [ 487.208451][T13170] __x64_sys_recvmmsg+0x62/0x80 [ 487.213322][T13170] do_syscall_64+0xb0/0x150 [ 487.217921][T13170] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 487.224766][T13170] [ 487.227104][T13170] Uninit was stored to memory at: [ 487.232296][T13170] kmsan_internal_chain_origin+0xad/0x130 [ 487.238115][T13170] __msan_chain_origin+0x50/0x90 [ 487.243138][T13170] do_recvmmsg+0x105a/0x1ee0 [ 487.247801][T13170] __se_sys_recvmmsg+0x1d1/0x350 [ 487.253790][T13170] __x64_sys_recvmmsg+0x62/0x80 [ 487.258645][T13170] do_syscall_64+0xb0/0x150 [ 487.263154][T13170] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 487.269184][T13170] [ 487.271779][T13170] Uninit was stored to memory at: [ 487.277099][T13170] kmsan_internal_chain_origin+0xad/0x130 [ 487.283022][T13170] __msan_chain_origin+0x50/0x90 [ 487.287966][T13170] do_recvmmsg+0x105a/0x1ee0 [ 487.292845][T13170] __se_sys_recvmmsg+0x1d1/0x350 [ 487.298318][T13170] __x64_sys_recvmmsg+0x62/0x80 [ 487.304491][T13170] do_syscall_64+0xb0/0x150 [ 487.309135][T13170] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 487.315206][T13170] [ 487.317624][T13170] Uninit was stored to memory at: [ 487.322933][T13170] kmsan_internal_chain_origin+0xad/0x130 [ 487.329749][T13170] __msan_chain_origin+0x50/0x90 [ 487.334826][T13170] do_recvmmsg+0x105a/0x1ee0 [ 487.339433][T13170] __se_sys_recvmmsg+0x1d1/0x350 [ 487.344858][T13170] __x64_sys_recvmmsg+0x62/0x80 [ 487.350862][T13170] do_syscall_64+0xb0/0x150 [ 487.355515][T13170] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 487.362023][T13170] [ 487.364409][T13170] Uninit was stored to memory at: [ 487.369476][T13170] kmsan_internal_chain_origin+0xad/0x130 [ 487.375568][T13170] __msan_chain_origin+0x50/0x90 [ 487.380516][T13170] do_recvmmsg+0x105a/0x1ee0 [ 487.385329][T13170] __se_sys_recvmmsg+0x1d1/0x350 [ 487.390274][T13170] __x64_sys_recvmmsg+0x62/0x80 [ 487.395137][T13170] do_syscall_64+0xb0/0x150 [ 487.399799][T13170] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 487.405687][T13170] [ 487.408016][T13170] Uninit was stored to memory at: [ 487.413133][T13170] kmsan_internal_chain_origin+0xad/0x130 [ 487.419434][T13170] __msan_chain_origin+0x50/0x90 [ 487.424458][T13170] do_recvmmsg+0x105a/0x1ee0 [ 487.429132][T13170] __se_sys_recvmmsg+0x1d1/0x350 [ 487.434107][T13170] __x64_sys_recvmmsg+0x62/0x80 [ 487.439543][T13170] do_syscall_64+0xb0/0x150 [ 487.444147][T13170] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 487.450031][T13170] [ 487.452563][T13170] Uninit was stored to memory at: [ 487.458213][T13170] kmsan_internal_chain_origin+0xad/0x130 [ 487.464388][T13170] __msan_chain_origin+0x50/0x90 [ 487.469339][T13170] do_recvmmsg+0x105a/0x1ee0 [ 487.473935][T13170] __se_sys_recvmmsg+0x1d1/0x350 [ 487.478884][T13170] __x64_sys_recvmmsg+0x62/0x80 [ 487.483915][T13170] do_syscall_64+0xb0/0x150 [ 487.488567][T13170] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 487.494602][T13170] [ 487.497135][T13170] Local variable ----msg_sys@do_recvmmsg created at: [ 487.503828][T13170] do_recvmmsg+0xc5/0x1ee0 [ 487.508252][T13170] do_recvmmsg+0xc5/0x1ee0 [ 487.524978][T13176] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:09 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(r0, 0x0, 0x0) 05:27:09 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c0000001504000000000000000000000a780000879a737e469914ae7d21", @ANYRES32=r5, @ANYBLOB="14000100fc0200"/20], 0x2c}}, 0x0) 05:27:09 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x10, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 05:27:09 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r3}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:10 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(r0, 0x0, 0x0) 05:27:10 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockname$packet(r5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) fsopen(&(0x7f0000000040)='9p\x00', 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x25dfdbff, {0xa, 0x78, 0x0, 0x0, r6}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) r7 = creat(&(0x7f00000000c0)='./file0\x00', 0x51f) write$binfmt_script(r7, &(0x7f0000002300)={'#! ', './file0'}, 0xb) close(r7) dup3(r3, r7, 0x80000) [ 488.838507][T13170] not chained 250000 origins [ 488.843145][T13170] CPU: 0 PID: 13170 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 488.851813][T13170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 488.861876][T13170] Call Trace: [ 488.865182][T13170] dump_stack+0x1df/0x240 [ 488.869523][T13170] kmsan_internal_chain_origin+0x6f/0x130 [ 488.875250][T13170] ? kmsan_get_metadata+0x4f/0x180 [ 488.880374][T13170] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 488.886273][T13170] ? __msan_poison_alloca+0xf0/0x120 [ 488.891567][T13170] ? kmsan_get_metadata+0x11d/0x180 [ 488.896776][T13170] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 488.902848][T13170] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 488.908920][T13170] ? kfree+0x61/0x30f0 [ 488.913002][T13170] ? kmsan_get_metadata+0x4f/0x180 [ 488.918121][T13170] ? kmsan_set_origin_checked+0x95/0xf0 [ 488.923673][T13170] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 488.929771][T13170] ? _copy_from_user+0x15b/0x260 [ 488.934717][T13170] ? kmsan_get_metadata+0x4f/0x180 [ 488.939842][T13170] __msan_chain_origin+0x50/0x90 [ 488.944790][T13170] do_recvmmsg+0x105a/0x1ee0 [ 488.949419][T13170] ? __msan_poison_alloca+0xf0/0x120 [ 488.954716][T13170] ? __se_sys_recvmmsg+0xac/0x350 [ 488.959887][T13170] ? __se_sys_recvmmsg+0xac/0x350 [ 488.964923][T13170] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 488.970830][T13170] __se_sys_recvmmsg+0x1d1/0x350 [ 488.975796][T13170] __x64_sys_recvmmsg+0x62/0x80 [ 488.980742][T13170] do_syscall_64+0xb0/0x150 [ 488.985257][T13170] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 488.991154][T13170] RIP: 0033:0x45c1d9 [ 488.995039][T13170] Code: Bad RIP value. [ 488.999108][T13170] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 489.007620][T13170] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 489.015593][T13170] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 489.023569][T13170] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 489.031558][T13170] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 489.039543][T13170] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 489.047533][T13170] Uninit was stored to memory at: [ 489.052572][T13170] kmsan_internal_chain_origin+0xad/0x130 [ 489.058310][T13170] __msan_chain_origin+0x50/0x90 [ 489.063392][T13170] do_recvmmsg+0x105a/0x1ee0 [ 489.068005][T13170] __se_sys_recvmmsg+0x1d1/0x350 [ 489.072958][T13170] __x64_sys_recvmmsg+0x62/0x80 [ 489.077832][T13170] do_syscall_64+0xb0/0x150 [ 489.082447][T13170] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 489.088340][T13170] [ 489.090680][T13170] Uninit was stored to memory at: [ 489.095713][T13170] kmsan_internal_chain_origin+0xad/0x130 [ 489.101442][T13170] __msan_chain_origin+0x50/0x90 [ 489.106386][T13170] do_recvmmsg+0x105a/0x1ee0 [ 489.110989][T13170] __se_sys_recvmmsg+0x1d1/0x350 [ 489.115937][T13170] __x64_sys_recvmmsg+0x62/0x80 [ 489.120793][T13170] do_syscall_64+0xb0/0x150 [ 489.125308][T13170] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 489.131192][T13170] [ 489.133527][T13170] Uninit was stored to memory at: [ 489.138649][T13170] kmsan_internal_chain_origin+0xad/0x130 [ 489.144430][T13170] __msan_chain_origin+0x50/0x90 [ 489.149378][T13170] do_recvmmsg+0x105a/0x1ee0 [ 489.153978][T13170] __se_sys_recvmmsg+0x1d1/0x350 [ 489.158921][T13170] __x64_sys_recvmmsg+0x62/0x80 [ 489.163785][T13170] do_syscall_64+0xb0/0x150 [ 489.168371][T13170] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 489.174258][T13170] [ 489.176579][T13170] Uninit was stored to memory at: [ 489.181612][T13170] kmsan_internal_chain_origin+0xad/0x130 [ 489.187342][T13170] __msan_chain_origin+0x50/0x90 [ 489.192292][T13170] do_recvmmsg+0x105a/0x1ee0 [ 489.196926][T13170] __se_sys_recvmmsg+0x1d1/0x350 [ 489.201872][T13170] __x64_sys_recvmmsg+0x62/0x80 [ 489.206735][T13170] do_syscall_64+0xb0/0x150 [ 489.211257][T13170] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 489.217148][T13170] [ 489.219475][T13170] Uninit was stored to memory at: [ 489.224593][T13170] kmsan_internal_chain_origin+0xad/0x130 [ 489.230315][T13170] __msan_chain_origin+0x50/0x90 [ 489.235265][T13170] do_recvmmsg+0x105a/0x1ee0 [ 489.239860][T13170] __se_sys_recvmmsg+0x1d1/0x350 [ 489.244802][T13170] __x64_sys_recvmmsg+0x62/0x80 [ 489.249665][T13170] do_syscall_64+0xb0/0x150 [ 489.254178][T13170] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 489.260064][T13170] [ 489.262384][T13170] Uninit was stored to memory at: [ 489.267413][T13170] kmsan_internal_chain_origin+0xad/0x130 [ 489.273140][T13170] __msan_chain_origin+0x50/0x90 [ 489.278086][T13170] do_recvmmsg+0x105a/0x1ee0 [ 489.282682][T13170] __se_sys_recvmmsg+0x1d1/0x350 [ 489.287629][T13170] __x64_sys_recvmmsg+0x62/0x80 [ 489.292491][T13170] do_syscall_64+0xb0/0x150 [ 489.297003][T13170] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 489.302971][T13170] [ 489.305337][T13170] Uninit was stored to memory at: [ 489.310367][T13170] kmsan_internal_chain_origin+0xad/0x130 [ 489.316157][T13170] __msan_chain_origin+0x50/0x90 [ 489.321121][T13170] do_recvmmsg+0x105a/0x1ee0 [ 489.325720][T13170] __se_sys_recvmmsg+0x1d1/0x350 [ 489.330668][T13170] __x64_sys_recvmmsg+0x62/0x80 [ 489.335530][T13170] do_syscall_64+0xb0/0x150 [ 489.340037][T13170] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 489.345919][T13170] [ 489.348245][T13170] Local variable ----msg_sys@do_recvmmsg created at: [ 489.354933][T13170] do_recvmmsg+0xc5/0x1ee0 [ 489.359459][T13170] do_recvmmsg+0xc5/0x1ee0 [ 489.651167][T13170] not chained 260000 origins [ 489.655810][T13170] CPU: 0 PID: 13170 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 489.664572][T13170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 489.674723][T13170] Call Trace: [ 489.678043][T13170] dump_stack+0x1df/0x240 [ 489.682482][T13170] kmsan_internal_chain_origin+0x6f/0x130 [ 489.688232][T13170] ? kmsan_get_metadata+0x4f/0x180 [ 489.693443][T13170] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 489.699348][T13170] ? __msan_poison_alloca+0xf0/0x120 [ 489.704645][T13170] ? kmsan_get_metadata+0x11d/0x180 [ 489.709855][T13170] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 489.715675][T13170] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 489.721753][T13170] ? kfree+0x61/0x30f0 [ 489.725840][T13170] ? kmsan_get_metadata+0x4f/0x180 [ 489.730967][T13170] ? kmsan_set_origin_checked+0x95/0xf0 [ 489.736520][T13170] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 489.742609][T13170] ? _copy_from_user+0x15b/0x260 [ 489.747558][T13170] ? kmsan_get_metadata+0x4f/0x180 [ 489.752676][T13170] __msan_chain_origin+0x50/0x90 [ 489.757626][T13170] do_recvmmsg+0x105a/0x1ee0 [ 489.762260][T13170] ? __msan_poison_alloca+0xf0/0x120 [ 489.767564][T13170] ? __se_sys_recvmmsg+0xac/0x350 [ 489.772599][T13170] ? __se_sys_recvmmsg+0xac/0x350 [ 489.777635][T13170] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 489.783546][T13170] __se_sys_recvmmsg+0x1d1/0x350 [ 489.788502][T13170] __x64_sys_recvmmsg+0x62/0x80 [ 489.793366][T13170] do_syscall_64+0xb0/0x150 [ 489.797881][T13170] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 489.803862][T13170] RIP: 0033:0x45c1d9 [ 489.807746][T13170] Code: Bad RIP value. [ 489.811809][T13170] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 489.820224][T13170] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 489.828201][T13170] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 489.836297][T13170] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 489.844274][T13170] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 489.852275][T13170] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 489.860258][T13170] Uninit was stored to memory at: [ 489.865301][T13170] kmsan_internal_chain_origin+0xad/0x130 [ 489.871121][T13170] __msan_chain_origin+0x50/0x90 [ 489.876063][T13170] do_recvmmsg+0x105a/0x1ee0 [ 489.880656][T13170] __se_sys_recvmmsg+0x1d1/0x350 [ 489.885593][T13170] __x64_sys_recvmmsg+0x62/0x80 [ 489.890445][T13170] do_syscall_64+0xb0/0x150 [ 489.894952][T13170] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 489.900833][T13170] [ 489.903159][T13170] Uninit was stored to memory at: [ 489.908227][T13170] kmsan_internal_chain_origin+0xad/0x130 [ 489.913949][T13170] __msan_chain_origin+0x50/0x90 [ 489.918891][T13170] do_recvmmsg+0x105a/0x1ee0 [ 489.923485][T13170] __se_sys_recvmmsg+0x1d1/0x350 [ 489.928426][T13170] __x64_sys_recvmmsg+0x62/0x80 [ 489.933281][T13170] do_syscall_64+0xb0/0x150 [ 489.937786][T13170] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 489.943668][T13170] [ 489.945990][T13170] Uninit was stored to memory at: [ 489.951026][T13170] kmsan_internal_chain_origin+0xad/0x130 [ 489.956748][T13170] __msan_chain_origin+0x50/0x90 [ 489.961834][T13170] do_recvmmsg+0x105a/0x1ee0 [ 489.966430][T13170] __se_sys_recvmmsg+0x1d1/0x350 [ 489.971805][T13170] __x64_sys_recvmmsg+0x62/0x80 [ 489.976658][T13170] do_syscall_64+0xb0/0x150 [ 489.981163][T13170] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 489.987043][T13170] [ 489.989364][T13170] Uninit was stored to memory at: [ 489.994393][T13170] kmsan_internal_chain_origin+0xad/0x130 [ 490.000113][T13170] __msan_chain_origin+0x50/0x90 [ 490.005066][T13170] do_recvmmsg+0x105a/0x1ee0 [ 490.009654][T13170] __se_sys_recvmmsg+0x1d1/0x350 [ 490.015206][T13170] __x64_sys_recvmmsg+0x62/0x80 [ 490.020056][T13170] do_syscall_64+0xb0/0x150 [ 490.024570][T13170] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 490.030892][T13170] [ 490.033224][T13170] Uninit was stored to memory at: [ 490.038261][T13170] kmsan_internal_chain_origin+0xad/0x130 [ 490.044514][T13170] __msan_chain_origin+0x50/0x90 [ 490.049458][T13170] do_recvmmsg+0x105a/0x1ee0 [ 490.054067][T13170] __se_sys_recvmmsg+0x1d1/0x350 [ 490.059010][T13170] __x64_sys_recvmmsg+0x62/0x80 [ 490.065032][T13170] do_syscall_64+0xb0/0x150 [ 490.069553][T13170] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 490.075453][T13170] [ 490.077872][T13170] Uninit was stored to memory at: [ 490.083054][T13170] kmsan_internal_chain_origin+0xad/0x130 [ 490.090266][T13170] __msan_chain_origin+0x50/0x90 [ 490.095217][T13170] do_recvmmsg+0x105a/0x1ee0 [ 490.099822][T13170] __se_sys_recvmmsg+0x1d1/0x350 [ 490.104777][T13170] __x64_sys_recvmmsg+0x62/0x80 [ 490.109639][T13170] do_syscall_64+0xb0/0x150 [ 490.114153][T13170] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 490.120050][T13170] [ 490.122375][T13170] Uninit was stored to memory at: [ 490.127509][T13170] kmsan_internal_chain_origin+0xad/0x130 [ 490.133239][T13170] __msan_chain_origin+0x50/0x90 [ 490.138362][T13170] do_recvmmsg+0x105a/0x1ee0 [ 490.142965][T13170] __se_sys_recvmmsg+0x1d1/0x350 [ 490.147914][T13170] __x64_sys_recvmmsg+0x62/0x80 [ 490.152860][T13170] do_syscall_64+0xb0/0x150 [ 490.157369][T13170] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 490.163250][T13170] [ 490.165599][T13170] Local variable ----msg_sys@do_recvmmsg created at: [ 490.172277][T13170] do_recvmmsg+0xc5/0x1ee0 [ 490.176691][T13170] do_recvmmsg+0xc5/0x1ee0 05:27:12 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:27:12 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:12 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) 05:27:12 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x10, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 05:27:12 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 05:27:12 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x51f) write$binfmt_script(r1, &(0x7f0000002300)={'#! ', './file0'}, 0xb) close(r1) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x4400200) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nvram\x00', 0x181041, 0x0) ioctl$ION_IOC_HEAP_QUERY(r3, 0xc0184908, &(0x7f0000000180)={0x34, 0x0, &(0x7f0000000080)}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockname$packet(r5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYBLOB="08020000000000000300000000000000020000000000000003000000000000000000000000000000010000800000000095080000ff010000020000000000000006000000000000000100008000000000010000000000000008000000000000000800000000000000000000008100000006000000ff000000fffbffff", @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="000400000000000000000000050000000000000000000000000000000c000000040000002f6465762f766964656f23000000000001060000000000000000000000000000ff0300000000000002000000000000001f00000001000000010000000000000000010000000000007f000000000000001f000000000000000600000000000000010000000000000006000000010000806e060000d16e2e2d00000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000014001f00000000000000050000000000000040000000000000000c000000008000002f6465762f766964656f2300000000000200000000000000030000000000000001000080000000006d01000000000000faffffff03000000000000000000000007000000000000000400000000000000040000000000000081000000000000000000008000000000200000007f000000000400000600000004000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="02000000f9ffffff00000000030000000000000072070000000000000c000000ff0300002f6465762f766964656f230000000000"], 0x208) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000040)=0x375) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000cc0)=[{&(0x7f0000000140)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f0000000380)=[{&(0x7f0000000540)="fdc0c193f65a612ad90c16c9", 0xc}], 0x1, 0x0, 0x0, 0x200008d5}, {&(0x7f0000000580)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000b80)=[{&(0x7f0000000800)="d0", 0x1}, {0x0}, {&(0x7f0000000a00)="30b270da35c176895c0f1985c2f882fb9f3d36c5224cbb91e2d70dfba3a18e0f6b9323657b414ed4a513be9910405f1e544849dce9833aff1799d38b4adc8e1872b870938cd82de52aeb0355cab19f58a04c2b5de363a458e4110fe9247dc4215d8e951b4e4d72a3d9fcf3ded7de6bba65e6fe13ce816d", 0x77}, {&(0x7f0000000740)="efd0bf25fe40ac2ee963d5580eecffb337e212f47cf2602fae610ae0821cf887", 0x20}, {0x0}], 0x5, &(0x7f0000000600)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r8}}}, @cred={{0x1c, 0x1, 0x2, {r7}}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x88, 0x4000}], 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000040)=0x375) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000240)={0x208, 0x0, 0x3, [{{0x2, 0x3, 0x0, 0x80000001, 0x895, 0x1ff, {0x2, 0x6, 0x80000001, 0x1, 0x8, 0x8, 0x0, 0x81, 0x6, 0xff, 0xfffffbff, 0x0, 0xee01, 0x400}}, {0x5, 0x0, 0xc, 0x4, '/dev/video#\x00'}}, {{0x10001, 0x0, 0x3ff, 0x2, 0x1f, 0x1, {0x1, 0x100, 0x7f, 0x1f, 0x6, 0x1, 0x6, 0x80000001, 0x66e, 0x2d2e6ed1, 0x0, 0x0, r8, 0x140000, 0x1f}}, {0x5, 0x40, 0xc, 0x8000, '/dev/video#\x00'}}, {{0x2, 0x3, 0x80000001, 0x16d, 0xfffffffa, 0x3, {0x0, 0x7, 0x4, 0x4, 0x81, 0x80000000, 0x20, 0x7f, 0x400, 0x6, 0x4, r9, r10, 0x2, 0xfffffff9}}, {0x3, 0x772, 0xc, 0x3ff, '/dev/video#\x00'}}]}, 0x208) fchownat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x0, r8, 0x1000) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x40, 0x0, 0xff, r6}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) [ 490.839059][T13218] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 490.999672][T13230] not chained 270000 origins [ 491.004312][T13230] CPU: 0 PID: 13230 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 491.013080][T13230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 491.023236][T13230] Call Trace: [ 491.026647][T13230] dump_stack+0x1df/0x240 [ 491.031001][T13230] kmsan_internal_chain_origin+0x6f/0x130 [ 491.036745][T13230] ? kmsan_get_metadata+0x4f/0x180 [ 491.041875][T13230] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 491.047872][T13230] ? __msan_poison_alloca+0xf0/0x120 [ 491.053171][T13230] ? kmsan_get_metadata+0x11d/0x180 [ 491.058393][T13230] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 491.064227][T13230] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 491.070318][T13230] ? kfree+0x61/0x30f0 [ 491.074412][T13230] ? kmsan_get_metadata+0x4f/0x180 [ 491.079695][T13230] ? kmsan_set_origin_checked+0x95/0xf0 [ 491.085381][T13230] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 491.091479][T13230] ? _copy_from_user+0x15b/0x260 [ 491.096441][T13230] ? kmsan_get_metadata+0x4f/0x180 [ 491.101574][T13230] __msan_chain_origin+0x50/0x90 [ 491.106529][T13230] do_recvmmsg+0x105a/0x1ee0 [ 491.111185][T13230] ? __msan_poison_alloca+0xf0/0x120 [ 491.116594][T13230] ? __se_sys_recvmmsg+0xac/0x350 [ 491.121645][T13230] ? __se_sys_recvmmsg+0xac/0x350 [ 491.126702][T13230] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 491.132642][T13230] __se_sys_recvmmsg+0x1d1/0x350 [ 491.138048][T13230] __x64_sys_recvmmsg+0x62/0x80 [ 491.142923][T13230] do_syscall_64+0xb0/0x150 05:27:13 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) [ 491.147448][T13230] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 491.153347][T13230] RIP: 0033:0x45c1d9 [ 491.157236][T13230] Code: Bad RIP value. [ 491.161302][T13230] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 491.169737][T13230] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 491.177777][T13230] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 491.185842][T13230] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 491.193811][T13230] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 491.201790][T13230] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 491.209773][T13230] Uninit was stored to memory at: [ 491.214829][T13230] kmsan_internal_chain_origin+0xad/0x130 [ 491.220542][T13230] __msan_chain_origin+0x50/0x90 [ 491.225505][T13230] do_recvmmsg+0x105a/0x1ee0 [ 491.230087][T13230] __se_sys_recvmmsg+0x1d1/0x350 [ 491.235019][T13230] __x64_sys_recvmmsg+0x62/0x80 [ 491.239860][T13230] do_syscall_64+0xb0/0x150 [ 491.244355][T13230] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 491.250225][T13230] [ 491.252558][T13230] Uninit was stored to memory at: [ 491.257672][T13230] kmsan_internal_chain_origin+0xad/0x130 [ 491.263464][T13230] __msan_chain_origin+0x50/0x90 [ 491.268386][T13230] do_recvmmsg+0x105a/0x1ee0 [ 491.272967][T13230] __se_sys_recvmmsg+0x1d1/0x350 [ 491.278062][T13230] __x64_sys_recvmmsg+0x62/0x80 [ 491.282919][T13230] do_syscall_64+0xb0/0x150 [ 491.287410][T13230] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 491.293541][T13230] [ 491.295851][T13230] Uninit was stored to memory at: [ 491.300948][T13230] kmsan_internal_chain_origin+0xad/0x130 [ 491.306738][T13230] __msan_chain_origin+0x50/0x90 [ 491.311686][T13230] do_recvmmsg+0x105a/0x1ee0 [ 491.316260][T13230] __se_sys_recvmmsg+0x1d1/0x350 [ 491.321197][T13230] __x64_sys_recvmmsg+0x62/0x80 [ 491.326155][T13230] do_syscall_64+0xb0/0x150 [ 491.330660][T13230] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 491.336543][T13230] [ 491.338860][T13230] Uninit was stored to memory at: [ 491.343904][T13230] kmsan_internal_chain_origin+0xad/0x130 [ 491.349616][T13230] __msan_chain_origin+0x50/0x90 [ 491.354546][T13230] do_recvmmsg+0x105a/0x1ee0 [ 491.359123][T13230] __se_sys_recvmmsg+0x1d1/0x350 [ 491.364047][T13230] __x64_sys_recvmmsg+0x62/0x80 [ 491.368971][T13230] do_syscall_64+0xb0/0x150 [ 491.373465][T13230] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 491.379337][T13230] [ 491.381667][T13230] Uninit was stored to memory at: [ 491.386683][T13230] kmsan_internal_chain_origin+0xad/0x130 [ 491.392392][T13230] __msan_chain_origin+0x50/0x90 [ 491.397403][T13230] do_recvmmsg+0x105a/0x1ee0 [ 491.401978][T13230] __se_sys_recvmmsg+0x1d1/0x350 [ 491.406901][T13230] __x64_sys_recvmmsg+0x62/0x80 [ 491.411739][T13230] do_syscall_64+0xb0/0x150 [ 491.416226][T13230] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 491.422095][T13230] [ 491.424406][T13230] Uninit was stored to memory at: [ 491.429417][T13230] kmsan_internal_chain_origin+0xad/0x130 [ 491.435122][T13230] __msan_chain_origin+0x50/0x90 [ 491.440133][T13230] do_recvmmsg+0x105a/0x1ee0 [ 491.444715][T13230] __se_sys_recvmmsg+0x1d1/0x350 [ 491.449643][T13230] __x64_sys_recvmmsg+0x62/0x80 [ 491.454481][T13230] do_syscall_64+0xb0/0x150 [ 491.459147][T13230] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 491.465015][T13230] [ 491.467325][T13230] Uninit was stored to memory at: [ 491.472339][T13230] kmsan_internal_chain_origin+0xad/0x130 [ 491.478045][T13230] __msan_chain_origin+0x50/0x90 [ 491.482968][T13230] do_recvmmsg+0x105a/0x1ee0 [ 491.487541][T13230] __se_sys_recvmmsg+0x1d1/0x350 [ 491.492464][T13230] __x64_sys_recvmmsg+0x62/0x80 [ 491.497406][T13230] do_syscall_64+0xb0/0x150 05:27:13 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:13 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) [ 491.502163][T13230] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 491.508033][T13230] [ 491.510352][T13230] Local variable ----msg_sys@do_recvmmsg created at: [ 491.517029][T13230] do_recvmmsg+0xc5/0x1ee0 [ 491.521438][T13230] do_recvmmsg+0xc5/0x1ee0 05:27:13 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video36\x00', 0x2, 0x0) fstatfs(r3, &(0x7f00000002c0)=""/240) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockname$packet(r5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x59) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r6}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) 05:27:13 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x10, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 492.357274][T13239] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:14 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) [ 493.172466][T13230] not chained 280000 origins [ 493.177118][T13230] CPU: 0 PID: 13230 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 493.186747][T13230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 493.196923][T13230] Call Trace: [ 493.200228][T13230] dump_stack+0x1df/0x240 [ 493.204573][T13230] kmsan_internal_chain_origin+0x6f/0x130 [ 493.210313][T13230] ? kmsan_get_metadata+0x4f/0x180 [ 493.215442][T13230] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 493.221352][T13230] ? __msan_poison_alloca+0xf0/0x120 [ 493.226649][T13230] ? kmsan_get_metadata+0x11d/0x180 [ 493.231860][T13230] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 493.237767][T13230] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 493.243865][T13230] ? kfree+0x61/0x30f0 [ 493.247993][T13230] ? kmsan_get_metadata+0x4f/0x180 [ 493.253122][T13230] ? kmsan_set_origin_checked+0x95/0xf0 [ 493.258860][T13230] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 493.264940][T13230] ? _copy_from_user+0x15b/0x260 [ 493.269908][T13230] ? kmsan_get_metadata+0x4f/0x180 [ 493.275027][T13230] __msan_chain_origin+0x50/0x90 [ 493.280061][T13230] do_recvmmsg+0x105a/0x1ee0 [ 493.284715][T13230] ? __msan_poison_alloca+0xf0/0x120 [ 493.290012][T13230] ? __se_sys_recvmmsg+0xac/0x350 [ 493.295049][T13230] ? __se_sys_recvmmsg+0xac/0x350 [ 493.300083][T13230] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 493.305997][T13230] __se_sys_recvmmsg+0x1d1/0x350 [ 493.310958][T13230] __x64_sys_recvmmsg+0x62/0x80 [ 493.315844][T13230] do_syscall_64+0xb0/0x150 [ 493.320362][T13230] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 493.326249][T13230] RIP: 0033:0x45c1d9 [ 493.330132][T13230] Code: Bad RIP value. [ 493.334293][T13230] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 493.342716][T13230] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 493.350775][T13230] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 493.359100][T13230] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 493.367076][T13230] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 493.375313][T13230] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 493.383301][T13230] Uninit was stored to memory at: [ 493.388329][T13230] kmsan_internal_chain_origin+0xad/0x130 [ 493.394049][T13230] __msan_chain_origin+0x50/0x90 [ 493.398996][T13230] do_recvmmsg+0x105a/0x1ee0 [ 493.403590][T13230] __se_sys_recvmmsg+0x1d1/0x350 [ 493.408532][T13230] __x64_sys_recvmmsg+0x62/0x80 [ 493.413387][T13230] do_syscall_64+0xb0/0x150 [ 493.417896][T13230] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 493.423814][T13230] [ 493.426136][T13230] Uninit was stored to memory at: [ 493.431163][T13230] kmsan_internal_chain_origin+0xad/0x130 [ 493.436901][T13230] __msan_chain_origin+0x50/0x90 [ 493.441849][T13230] do_recvmmsg+0x105a/0x1ee0 [ 493.446446][T13230] __se_sys_recvmmsg+0x1d1/0x350 [ 493.451391][T13230] __x64_sys_recvmmsg+0x62/0x80 [ 493.456261][T13230] do_syscall_64+0xb0/0x150 [ 493.460778][T13230] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 493.466663][T13230] [ 493.468983][T13230] Uninit was stored to memory at: [ 493.474067][T13230] kmsan_internal_chain_origin+0xad/0x130 [ 493.479791][T13230] __msan_chain_origin+0x50/0x90 [ 493.484837][T13230] do_recvmmsg+0x105a/0x1ee0 [ 493.489435][T13230] __se_sys_recvmmsg+0x1d1/0x350 [ 493.494383][T13230] __x64_sys_recvmmsg+0x62/0x80 [ 493.499263][T13230] do_syscall_64+0xb0/0x150 [ 493.503799][T13230] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 493.509681][T13230] [ 493.512032][T13230] Uninit was stored to memory at: [ 493.517065][T13230] kmsan_internal_chain_origin+0xad/0x130 [ 493.522784][T13230] __msan_chain_origin+0x50/0x90 [ 493.527720][T13230] do_recvmmsg+0x105a/0x1ee0 [ 493.532311][T13230] __se_sys_recvmmsg+0x1d1/0x350 [ 493.537245][T13230] __x64_sys_recvmmsg+0x62/0x80 [ 493.542099][T13230] do_syscall_64+0xb0/0x150 [ 493.546600][T13230] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 493.552479][T13230] [ 493.554796][T13230] Uninit was stored to memory at: [ 493.559814][T13230] kmsan_internal_chain_origin+0xad/0x130 [ 493.565528][T13230] __msan_chain_origin+0x50/0x90 [ 493.570465][T13230] do_recvmmsg+0x105a/0x1ee0 [ 493.575053][T13230] __se_sys_recvmmsg+0x1d1/0x350 [ 493.579985][T13230] __x64_sys_recvmmsg+0x62/0x80 [ 493.584843][T13230] do_syscall_64+0xb0/0x150 [ 493.589355][T13230] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 493.595234][T13230] [ 493.597552][T13230] Uninit was stored to memory at: [ 493.602573][T13230] kmsan_internal_chain_origin+0xad/0x130 [ 493.608286][T13230] __msan_chain_origin+0x50/0x90 [ 493.613221][T13230] do_recvmmsg+0x105a/0x1ee0 [ 493.617811][T13230] __se_sys_recvmmsg+0x1d1/0x350 [ 493.622746][T13230] __x64_sys_recvmmsg+0x62/0x80 [ 493.627595][T13230] do_syscall_64+0xb0/0x150 [ 493.632101][T13230] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 493.638149][T13230] [ 493.640464][T13230] Uninit was stored to memory at: [ 493.645514][T13230] kmsan_internal_chain_origin+0xad/0x130 [ 493.651236][T13230] __msan_chain_origin+0x50/0x90 [ 493.656180][T13230] do_recvmmsg+0x105a/0x1ee0 [ 493.660765][T13230] __se_sys_recvmmsg+0x1d1/0x350 [ 493.665698][T13230] __x64_sys_recvmmsg+0x62/0x80 [ 493.670637][T13230] do_syscall_64+0xb0/0x150 [ 493.675224][T13230] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 493.681100][T13230] [ 493.683421][T13230] Local variable ----msg_sys@do_recvmmsg created at: [ 493.690102][T13230] do_recvmmsg+0xc5/0x1ee0 [ 493.694518][T13230] do_recvmmsg+0xc5/0x1ee0 [ 493.902444][T13230] not chained 290000 origins [ 493.907078][T13230] CPU: 0 PID: 13230 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 493.915750][T13230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 493.925810][T13230] Call Trace: [ 493.929115][T13230] dump_stack+0x1df/0x240 [ 493.933462][T13230] kmsan_internal_chain_origin+0x6f/0x130 [ 493.939187][T13230] ? kmsan_get_metadata+0x4f/0x180 [ 493.944330][T13230] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 493.950243][T13230] ? __msan_poison_alloca+0xf0/0x120 [ 493.955628][T13230] ? kmsan_get_metadata+0x11d/0x180 [ 493.960843][T13230] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 493.966656][T13230] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 493.972731][T13230] ? kfree+0x61/0x30f0 [ 493.976931][T13230] ? kmsan_get_metadata+0x4f/0x180 [ 493.982049][T13230] ? kmsan_set_origin_checked+0x95/0xf0 [ 493.987600][T13230] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 493.993681][T13230] ? _copy_from_user+0x15b/0x260 [ 493.998661][T13230] ? kmsan_get_metadata+0x4f/0x180 [ 494.003779][T13230] __msan_chain_origin+0x50/0x90 [ 494.008721][T13230] do_recvmmsg+0x105a/0x1ee0 [ 494.013349][T13230] ? __msan_poison_alloca+0xf0/0x120 [ 494.018652][T13230] ? __se_sys_recvmmsg+0xac/0x350 [ 494.023683][T13230] ? __se_sys_recvmmsg+0xac/0x350 [ 494.028709][T13230] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 494.034614][T13230] __se_sys_recvmmsg+0x1d1/0x350 [ 494.039566][T13230] __x64_sys_recvmmsg+0x62/0x80 [ 494.044431][T13230] do_syscall_64+0xb0/0x150 [ 494.048983][T13230] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 494.055061][T13230] RIP: 0033:0x45c1d9 [ 494.058940][T13230] Code: Bad RIP value. [ 494.063093][T13230] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 494.071617][T13230] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 494.079854][T13230] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 494.087833][T13230] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 494.095809][T13230] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 494.103802][T13230] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 494.111812][T13230] Uninit was stored to memory at: [ 494.116843][T13230] kmsan_internal_chain_origin+0xad/0x130 [ 494.122563][T13230] __msan_chain_origin+0x50/0x90 [ 494.127503][T13230] do_recvmmsg+0x105a/0x1ee0 [ 494.132281][T13230] __se_sys_recvmmsg+0x1d1/0x350 [ 494.137226][T13230] __x64_sys_recvmmsg+0x62/0x80 [ 494.142078][T13230] do_syscall_64+0xb0/0x150 [ 494.146579][T13230] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 494.152476][T13230] [ 494.154792][T13230] Uninit was stored to memory at: [ 494.159813][T13230] kmsan_internal_chain_origin+0xad/0x130 [ 494.165528][T13230] __msan_chain_origin+0x50/0x90 [ 494.170462][T13230] do_recvmmsg+0x105a/0x1ee0 [ 494.175052][T13230] __se_sys_recvmmsg+0x1d1/0x350 [ 494.180168][T13230] __x64_sys_recvmmsg+0x62/0x80 [ 494.185013][T13230] do_syscall_64+0xb0/0x150 [ 494.189602][T13230] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 494.195480][T13230] [ 494.197796][T13230] Uninit was stored to memory at: [ 494.202819][T13230] kmsan_internal_chain_origin+0xad/0x130 [ 494.208537][T13230] __msan_chain_origin+0x50/0x90 [ 494.213476][T13230] do_recvmmsg+0x105a/0x1ee0 [ 494.218066][T13230] __se_sys_recvmmsg+0x1d1/0x350 [ 494.223003][T13230] __x64_sys_recvmmsg+0x62/0x80 [ 494.227855][T13230] do_syscall_64+0xb0/0x150 [ 494.232359][T13230] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 494.238236][T13230] [ 494.240553][T13230] Uninit was stored to memory at: [ 494.245574][T13230] kmsan_internal_chain_origin+0xad/0x130 [ 494.251286][T13230] __msan_chain_origin+0x50/0x90 [ 494.256230][T13230] do_recvmmsg+0x105a/0x1ee0 [ 494.260832][T13230] __se_sys_recvmmsg+0x1d1/0x350 [ 494.265769][T13230] __x64_sys_recvmmsg+0x62/0x80 [ 494.270617][T13230] do_syscall_64+0xb0/0x150 [ 494.275117][T13230] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 494.280994][T13230] [ 494.283317][T13230] Uninit was stored to memory at: [ 494.288472][T13230] kmsan_internal_chain_origin+0xad/0x130 [ 494.294191][T13230] __msan_chain_origin+0x50/0x90 [ 494.299127][T13230] do_recvmmsg+0x105a/0x1ee0 [ 494.303725][T13230] __se_sys_recvmmsg+0x1d1/0x350 [ 494.308747][T13230] __x64_sys_recvmmsg+0x62/0x80 [ 494.313600][T13230] do_syscall_64+0xb0/0x150 [ 494.318101][T13230] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 494.324066][T13230] [ 494.326383][T13230] Uninit was stored to memory at: [ 494.331409][T13230] kmsan_internal_chain_origin+0xad/0x130 [ 494.337127][T13230] __msan_chain_origin+0x50/0x90 [ 494.342059][T13230] do_recvmmsg+0x105a/0x1ee0 [ 494.346651][T13230] __se_sys_recvmmsg+0x1d1/0x350 [ 494.351592][T13230] __x64_sys_recvmmsg+0x62/0x80 [ 494.356450][T13230] do_syscall_64+0xb0/0x150 [ 494.361050][T13230] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 494.366928][T13230] [ 494.369260][T13230] Uninit was stored to memory at: [ 494.374289][T13230] kmsan_internal_chain_origin+0xad/0x130 [ 494.380021][T13230] __msan_chain_origin+0x50/0x90 [ 494.384955][T13230] do_recvmmsg+0x105a/0x1ee0 [ 494.389543][T13230] __se_sys_recvmmsg+0x1d1/0x350 [ 494.394481][T13230] __x64_sys_recvmmsg+0x62/0x80 [ 494.399332][T13230] do_syscall_64+0xb0/0x150 [ 494.403852][T13230] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 494.409742][T13230] [ 494.412062][T13230] Local variable ----msg_sys@do_recvmmsg created at: [ 494.418734][T13230] do_recvmmsg+0xc5/0x1ee0 [ 494.423144][T13230] do_recvmmsg+0xc5/0x1ee0 [ 494.549569][T13230] not chained 300000 origins [ 494.554209][T13230] CPU: 0 PID: 13230 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 494.562876][T13230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 494.573027][T13230] Call Trace: [ 494.576583][T13230] dump_stack+0x1df/0x240 [ 494.580918][T13230] kmsan_internal_chain_origin+0x6f/0x130 [ 494.587158][T13230] ? kmsan_get_metadata+0x4f/0x180 [ 494.592270][T13230] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 494.598182][T13230] ? __msan_poison_alloca+0xf0/0x120 [ 494.603468][T13230] ? kmsan_get_metadata+0x11d/0x180 [ 494.608784][T13230] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 494.614600][T13230] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 494.620666][T13230] ? kfree+0x61/0x30f0 [ 494.624733][T13230] ? kmsan_get_metadata+0x4f/0x180 [ 494.629845][T13230] ? kmsan_set_origin_checked+0x95/0xf0 [ 494.635392][T13230] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 494.641551][T13230] ? _copy_from_user+0x15b/0x260 [ 494.646486][T13230] ? kmsan_get_metadata+0x4f/0x180 [ 494.651602][T13230] __msan_chain_origin+0x50/0x90 [ 494.656554][T13230] do_recvmmsg+0x105a/0x1ee0 [ 494.661178][T13230] ? __msan_poison_alloca+0xf0/0x120 [ 494.666465][T13230] ? __se_sys_recvmmsg+0xac/0x350 [ 494.671490][T13230] ? __se_sys_recvmmsg+0xac/0x350 [ 494.676513][T13230] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 494.682413][T13230] __se_sys_recvmmsg+0x1d1/0x350 [ 494.687357][T13230] __x64_sys_recvmmsg+0x62/0x80 [ 494.692213][T13230] do_syscall_64+0xb0/0x150 [ 494.696719][T13230] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 494.702632][T13230] RIP: 0033:0x45c1d9 [ 494.706520][T13230] Code: Bad RIP value. [ 494.710579][T13230] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 494.719031][T13230] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 494.727178][T13230] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 494.735166][T13230] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 494.743139][T13230] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 494.751112][T13230] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 494.759090][T13230] Uninit was stored to memory at: [ 494.764125][T13230] kmsan_internal_chain_origin+0xad/0x130 [ 494.769853][T13230] __msan_chain_origin+0x50/0x90 [ 494.774790][T13230] do_recvmmsg+0x105a/0x1ee0 [ 494.779473][T13230] __se_sys_recvmmsg+0x1d1/0x350 [ 494.784426][T13230] __x64_sys_recvmmsg+0x62/0x80 [ 494.789277][T13230] do_syscall_64+0xb0/0x150 [ 494.793780][T13230] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 494.799658][T13230] [ 494.801989][T13230] Uninit was stored to memory at: [ 494.807010][T13230] kmsan_internal_chain_origin+0xad/0x130 [ 494.812732][T13230] __msan_chain_origin+0x50/0x90 [ 494.817674][T13230] do_recvmmsg+0x105a/0x1ee0 [ 494.822277][T13230] __se_sys_recvmmsg+0x1d1/0x350 [ 494.827217][T13230] __x64_sys_recvmmsg+0x62/0x80 [ 494.832073][T13230] do_syscall_64+0xb0/0x150 [ 494.836583][T13230] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 494.842471][T13230] [ 494.844910][T13230] Uninit was stored to memory at: [ 494.849933][T13230] kmsan_internal_chain_origin+0xad/0x130 [ 494.855845][T13230] __msan_chain_origin+0x50/0x90 [ 494.860792][T13230] do_recvmmsg+0x105a/0x1ee0 [ 494.865388][T13230] __se_sys_recvmmsg+0x1d1/0x350 [ 494.870332][T13230] __x64_sys_recvmmsg+0x62/0x80 [ 494.875180][T13230] do_syscall_64+0xb0/0x150 [ 494.879682][T13230] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 494.885558][T13230] [ 494.887875][T13230] Uninit was stored to memory at: [ 494.892915][T13230] kmsan_internal_chain_origin+0xad/0x130 [ 494.898635][T13230] __msan_chain_origin+0x50/0x90 [ 494.903672][T13230] do_recvmmsg+0x105a/0x1ee0 [ 494.908257][T13230] __se_sys_recvmmsg+0x1d1/0x350 [ 494.913811][T13230] __x64_sys_recvmmsg+0x62/0x80 [ 494.918665][T13230] do_syscall_64+0xb0/0x150 [ 494.923293][T13230] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 494.929352][T13230] [ 494.931673][T13230] Uninit was stored to memory at: [ 494.936708][T13230] kmsan_internal_chain_origin+0xad/0x130 [ 494.942591][T13230] __msan_chain_origin+0x50/0x90 [ 494.947538][T13230] do_recvmmsg+0x105a/0x1ee0 [ 494.952147][T13230] __se_sys_recvmmsg+0x1d1/0x350 [ 494.957085][T13230] __x64_sys_recvmmsg+0x62/0x80 [ 494.961937][T13230] do_syscall_64+0xb0/0x150 [ 494.968786][T13230] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 494.974675][T13230] [ 494.976995][T13230] Uninit was stored to memory at: [ 494.982023][T13230] kmsan_internal_chain_origin+0xad/0x130 [ 494.987825][T13230] __msan_chain_origin+0x50/0x90 [ 494.992762][T13230] do_recvmmsg+0x105a/0x1ee0 [ 494.997974][T13230] __se_sys_recvmmsg+0x1d1/0x350 [ 495.002978][T13230] __x64_sys_recvmmsg+0x62/0x80 [ 495.008014][T13230] do_syscall_64+0xb0/0x150 [ 495.012535][T13230] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 495.018416][T13230] [ 495.020733][T13230] Uninit was stored to memory at: [ 495.025773][T13230] kmsan_internal_chain_origin+0xad/0x130 [ 495.031502][T13230] __msan_chain_origin+0x50/0x90 [ 495.036442][T13230] do_recvmmsg+0x105a/0x1ee0 [ 495.041029][T13230] __se_sys_recvmmsg+0x1d1/0x350 [ 495.045963][T13230] __x64_sys_recvmmsg+0x62/0x80 [ 495.050813][T13230] do_syscall_64+0xb0/0x150 [ 495.055320][T13230] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 495.061204][T13230] [ 495.063525][T13230] Local variable ----msg_sys@do_recvmmsg created at: [ 495.070203][T13230] do_recvmmsg+0xc5/0x1ee0 [ 495.074623][T13230] do_recvmmsg+0xc5/0x1ee0 05:27:17 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r3}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:27:17 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) 05:27:17 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 05:27:17 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NL80211_CMD_DEL_INTERFACE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) getsockname$packet(r6, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r7}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r10 = dup(r9) getsockname$packet(r10, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r11}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) sendmsg$NL80211_CMD_GET_SCAN(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0x24, 0x0, 0x800, 0x70bd2a, 0x25dfdbfd, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r7}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r11}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000004}, 0x40000) r12 = dup(r3) getsockname$packet(r12, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r13}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) 05:27:17 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:17 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x10, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 495.317513][T13267] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:17 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 05:27:17 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:17 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, 0x0, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:27:17 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) msync(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) flock(r4, 0xc) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) getsockname$packet(r6, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=@ipv6_deladdr={0x2c, 0x15, 0x800, 0x70bd25, 0x0, {0xa, 0x78, 0x0, 0x0, r7}, [@IFA_CACHEINFO={0x14, 0x6, {0xf2, 0x101, 0x4c6, 0x80}}]}, 0x2c}}, 0x0) r8 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/userio\x00', 0x400, 0x0) r9 = creat(&(0x7f00000000c0)='./file0\x00', 0x51f) write$binfmt_script(r9, &(0x7f0000002300)={'#! ', './file0'}, 0xb) close(r9) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r10) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r8, &(0x7f0000000100)={r9, r10, 0x3}) [ 495.881254][T13282] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:18 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 05:27:18 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) [ 496.151563][T13272] not chained 310000 origins [ 496.156201][T13272] CPU: 1 PID: 13272 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 496.164961][T13272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 496.175033][T13272] Call Trace: [ 496.178337][T13272] dump_stack+0x1df/0x240 [ 496.187117][T13272] kmsan_internal_chain_origin+0x6f/0x130 [ 496.192851][T13272] ? kmsan_get_metadata+0x4f/0x180 [ 496.197972][T13272] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 496.203860][T13272] ? __msan_poison_alloca+0xf0/0x120 [ 496.209133][T13272] ? kmsan_get_metadata+0x11d/0x180 [ 496.214316][T13272] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 496.220106][T13272] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 496.226163][T13272] ? kfree+0x61/0x30f0 [ 496.230219][T13272] ? kmsan_get_metadata+0x4f/0x180 [ 496.235315][T13272] ? kmsan_set_origin_checked+0x95/0xf0 [ 496.241202][T13272] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 496.247348][T13272] ? _copy_from_user+0x15b/0x260 [ 496.252705][T13272] ? kmsan_get_metadata+0x4f/0x180 [ 496.257800][T13272] __msan_chain_origin+0x50/0x90 [ 496.262729][T13272] do_recvmmsg+0x105a/0x1ee0 [ 496.267331][T13272] ? __msan_poison_alloca+0xf0/0x120 [ 496.272602][T13272] ? __se_sys_recvmmsg+0xac/0x350 [ 496.277611][T13272] ? __se_sys_recvmmsg+0xac/0x350 [ 496.282620][T13272] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 496.288952][T13272] __se_sys_recvmmsg+0x1d1/0x350 [ 496.294008][T13272] __x64_sys_recvmmsg+0x62/0x80 [ 496.298853][T13272] do_syscall_64+0xb0/0x150 [ 496.303371][T13272] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 496.309248][T13272] RIP: 0033:0x45c1d9 [ 496.313121][T13272] Code: Bad RIP value. [ 496.320384][T13272] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 496.329235][T13272] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 496.337625][T13272] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 496.345842][T13272] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 496.353817][T13272] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 496.361996][T13272] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 496.370226][T13272] Uninit was stored to memory at: [ 496.375243][T13272] kmsan_internal_chain_origin+0xad/0x130 [ 496.381052][T13272] __msan_chain_origin+0x50/0x90 [ 496.385975][T13272] do_recvmmsg+0x105a/0x1ee0 [ 496.390548][T13272] __se_sys_recvmmsg+0x1d1/0x350 [ 496.395468][T13272] __x64_sys_recvmmsg+0x62/0x80 [ 496.400304][T13272] do_syscall_64+0xb0/0x150 [ 496.404792][T13272] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 496.410661][T13272] [ 496.412980][T13272] Uninit was stored to memory at: [ 496.418011][T13272] kmsan_internal_chain_origin+0xad/0x130 [ 496.423711][T13272] __msan_chain_origin+0x50/0x90 [ 496.428631][T13272] do_recvmmsg+0x105a/0x1ee0 [ 496.433301][T13272] __se_sys_recvmmsg+0x1d1/0x350 [ 496.438318][T13272] __x64_sys_recvmmsg+0x62/0x80 [ 496.443171][T13272] do_syscall_64+0xb0/0x150 [ 496.447671][T13272] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 496.453627][T13272] [ 496.455937][T13272] Uninit was stored to memory at: [ 496.460950][T13272] kmsan_internal_chain_origin+0xad/0x130 [ 496.466677][T13272] __msan_chain_origin+0x50/0x90 [ 496.471695][T13272] do_recvmmsg+0x105a/0x1ee0 [ 496.476361][T13272] __se_sys_recvmmsg+0x1d1/0x350 [ 496.481343][T13272] __x64_sys_recvmmsg+0x62/0x80 [ 496.486268][T13272] do_syscall_64+0xb0/0x150 [ 496.490758][T13272] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 496.496631][T13272] [ 496.499025][T13272] Uninit was stored to memory at: [ 496.504036][T13272] kmsan_internal_chain_origin+0xad/0x130 [ 496.509742][T13272] __msan_chain_origin+0x50/0x90 [ 496.516921][T13272] do_recvmmsg+0x105a/0x1ee0 [ 496.521497][T13272] __se_sys_recvmmsg+0x1d1/0x350 [ 496.526416][T13272] __x64_sys_recvmmsg+0x62/0x80 [ 496.531277][T13272] do_syscall_64+0xb0/0x150 [ 496.535765][T13272] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 496.541631][T13272] [ 496.543938][T13272] Uninit was stored to memory at: [ 496.548946][T13272] kmsan_internal_chain_origin+0xad/0x130 [ 496.554753][T13272] __msan_chain_origin+0x50/0x90 [ 496.559672][T13272] do_recvmmsg+0x105a/0x1ee0 [ 496.564257][T13272] __se_sys_recvmmsg+0x1d1/0x350 [ 496.569261][T13272] __x64_sys_recvmmsg+0x62/0x80 [ 496.574799][T13272] do_syscall_64+0xb0/0x150 [ 496.579285][T13272] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 496.585262][T13272] [ 496.587581][T13272] Uninit was stored to memory at: [ 496.592602][T13272] kmsan_internal_chain_origin+0xad/0x130 [ 496.598309][T13272] __msan_chain_origin+0x50/0x90 [ 496.603237][T13272] do_recvmmsg+0x105a/0x1ee0 [ 496.607867][T13272] __se_sys_recvmmsg+0x1d1/0x350 [ 496.612790][T13272] __x64_sys_recvmmsg+0x62/0x80 [ 496.617807][T13272] do_syscall_64+0xb0/0x150 [ 496.622366][T13272] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 496.628330][T13272] [ 496.630647][T13272] Uninit was stored to memory at: [ 496.635752][T13272] kmsan_internal_chain_origin+0xad/0x130 [ 496.641539][T13272] __msan_chain_origin+0x50/0x90 [ 496.646464][T13272] do_recvmmsg+0x105a/0x1ee0 [ 496.651038][T13272] __se_sys_recvmmsg+0x1d1/0x350 [ 496.655957][T13272] __x64_sys_recvmmsg+0x62/0x80 [ 496.660795][T13272] do_syscall_64+0xb0/0x150 [ 496.665309][T13272] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 496.671178][T13272] [ 496.673485][T13272] Local variable ----msg_sys@do_recvmmsg created at: [ 496.680140][T13272] do_recvmmsg+0xc5/0x1ee0 [ 496.684537][T13272] do_recvmmsg+0xc5/0x1ee0 [ 497.127659][T13272] not chained 320000 origins [ 497.132295][T13272] CPU: 1 PID: 13272 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 497.140972][T13272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 497.151034][T13272] Call Trace: [ 497.154344][T13272] dump_stack+0x1df/0x240 [ 497.158698][T13272] kmsan_internal_chain_origin+0x6f/0x130 [ 497.164427][T13272] ? kmsan_get_metadata+0x4f/0x180 [ 497.169562][T13272] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 497.175469][T13272] ? __msan_poison_alloca+0xf0/0x120 [ 497.180772][T13272] ? kmsan_get_metadata+0x11d/0x180 [ 497.186017][T13272] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 497.192269][T13272] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 497.198350][T13272] ? kfree+0x61/0x30f0 [ 497.202423][T13272] ? kmsan_get_metadata+0x4f/0x180 [ 497.207527][T13272] ? kmsan_set_origin_checked+0x95/0xf0 [ 497.213083][T13272] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 497.219147][T13272] ? _copy_from_user+0x15b/0x260 [ 497.224079][T13272] ? kmsan_get_metadata+0x4f/0x180 [ 497.229191][T13272] __msan_chain_origin+0x50/0x90 [ 497.234228][T13272] do_recvmmsg+0x105a/0x1ee0 [ 497.238857][T13272] ? __msan_poison_alloca+0xf0/0x120 [ 497.244396][T13272] ? __se_sys_recvmmsg+0xac/0x350 [ 497.249752][T13272] ? __se_sys_recvmmsg+0xac/0x350 [ 497.254809][T13272] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 497.260688][T13272] __se_sys_recvmmsg+0x1d1/0x350 [ 497.265621][T13272] __x64_sys_recvmmsg+0x62/0x80 [ 497.270461][T13272] do_syscall_64+0xb0/0x150 [ 497.274955][T13272] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 497.280829][T13272] RIP: 0033:0x45c1d9 [ 497.284700][T13272] Code: Bad RIP value. [ 497.288748][T13272] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 497.297142][T13272] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 497.305099][T13272] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 497.313053][T13272] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 497.321007][T13272] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 497.329482][T13272] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 497.337446][T13272] Uninit was stored to memory at: [ 497.342462][T13272] kmsan_internal_chain_origin+0xad/0x130 [ 497.348333][T13272] __msan_chain_origin+0x50/0x90 [ 497.353254][T13272] do_recvmmsg+0x105a/0x1ee0 [ 497.357827][T13272] __se_sys_recvmmsg+0x1d1/0x350 [ 497.362845][T13272] __x64_sys_recvmmsg+0x62/0x80 [ 497.367766][T13272] do_syscall_64+0xb0/0x150 [ 497.372253][T13272] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 497.378126][T13272] [ 497.380444][T13272] Uninit was stored to memory at: [ 497.385454][T13272] kmsan_internal_chain_origin+0xad/0x130 [ 497.391158][T13272] __msan_chain_origin+0x50/0x90 [ 497.396081][T13272] do_recvmmsg+0x105a/0x1ee0 [ 497.400668][T13272] __se_sys_recvmmsg+0x1d1/0x350 [ 497.405599][T13272] __x64_sys_recvmmsg+0x62/0x80 [ 497.410452][T13272] do_syscall_64+0xb0/0x150 [ 497.415038][T13272] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 497.420906][T13272] [ 497.423216][T13272] Uninit was stored to memory at: [ 497.428227][T13272] kmsan_internal_chain_origin+0xad/0x130 [ 497.433930][T13272] __msan_chain_origin+0x50/0x90 [ 497.438849][T13272] do_recvmmsg+0x105a/0x1ee0 [ 497.443423][T13272] __se_sys_recvmmsg+0x1d1/0x350 [ 497.448344][T13272] __x64_sys_recvmmsg+0x62/0x80 [ 497.453178][T13272] do_syscall_64+0xb0/0x150 [ 497.457668][T13272] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 497.463536][T13272] [ 497.465842][T13272] Uninit was stored to memory at: [ 497.470849][T13272] kmsan_internal_chain_origin+0xad/0x130 [ 497.476552][T13272] __msan_chain_origin+0x50/0x90 [ 497.481470][T13272] do_recvmmsg+0x105a/0x1ee0 [ 497.486042][T13272] __se_sys_recvmmsg+0x1d1/0x350 [ 497.490971][T13272] __x64_sys_recvmmsg+0x62/0x80 [ 497.495804][T13272] do_syscall_64+0xb0/0x150 [ 497.500293][T13272] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 497.506163][T13272] [ 497.508470][T13272] Uninit was stored to memory at: [ 497.513480][T13272] kmsan_internal_chain_origin+0xad/0x130 [ 497.519181][T13272] __msan_chain_origin+0x50/0x90 [ 497.524104][T13272] do_recvmmsg+0x105a/0x1ee0 [ 497.528677][T13272] __se_sys_recvmmsg+0x1d1/0x350 [ 497.533598][T13272] __x64_sys_recvmmsg+0x62/0x80 [ 497.538433][T13272] do_syscall_64+0xb0/0x150 [ 497.542923][T13272] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 497.548792][T13272] [ 497.551099][T13272] Uninit was stored to memory at: [ 497.556122][T13272] kmsan_internal_chain_origin+0xad/0x130 [ 497.561834][T13272] __msan_chain_origin+0x50/0x90 [ 497.566766][T13272] do_recvmmsg+0x105a/0x1ee0 [ 497.571344][T13272] __se_sys_recvmmsg+0x1d1/0x350 [ 497.576266][T13272] __x64_sys_recvmmsg+0x62/0x80 [ 497.581102][T13272] do_syscall_64+0xb0/0x150 [ 497.585590][T13272] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 497.591457][T13272] [ 497.593767][T13272] Uninit was stored to memory at: [ 497.598776][T13272] kmsan_internal_chain_origin+0xad/0x130 [ 497.604480][T13272] __msan_chain_origin+0x50/0x90 [ 497.609397][T13272] do_recvmmsg+0x105a/0x1ee0 [ 497.613970][T13272] __se_sys_recvmmsg+0x1d1/0x350 [ 497.618911][T13272] __x64_sys_recvmmsg+0x62/0x80 [ 497.623762][T13272] do_syscall_64+0xb0/0x150 [ 497.628253][T13272] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 497.634125][T13272] [ 497.636436][T13272] Local variable ----msg_sys@do_recvmmsg created at: [ 497.643094][T13272] do_recvmmsg+0xc5/0x1ee0 [ 497.647495][T13272] do_recvmmsg+0xc5/0x1ee0 [ 498.413791][T13272] not chained 330000 origins [ 498.418418][T13272] CPU: 0 PID: 13272 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 498.427086][T13272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 498.437143][T13272] Call Trace: [ 498.440446][T13272] dump_stack+0x1df/0x240 [ 498.444789][T13272] kmsan_internal_chain_origin+0x6f/0x130 [ 498.450506][T13272] ? kmsan_get_metadata+0x4f/0x180 [ 498.455620][T13272] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 498.461522][T13272] ? __msan_poison_alloca+0xf0/0x120 [ 498.466811][T13272] ? kmsan_get_metadata+0x11d/0x180 [ 498.472012][T13272] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 498.477822][T13272] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 498.483917][T13272] ? kfree+0x61/0x30f0 [ 498.488071][T13272] ? kmsan_get_metadata+0x4f/0x180 [ 498.493182][T13272] ? kmsan_set_origin_checked+0x95/0xf0 [ 498.498732][T13272] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 498.504998][T13272] ? _copy_from_user+0x15b/0x260 [ 498.509931][T13272] ? kmsan_get_metadata+0x4f/0x180 [ 498.515131][T13272] __msan_chain_origin+0x50/0x90 [ 498.520173][T13272] do_recvmmsg+0x105a/0x1ee0 [ 498.524800][T13272] ? __msan_poison_alloca+0xf0/0x120 [ 498.530087][T13272] ? __se_sys_recvmmsg+0xac/0x350 [ 498.535201][T13272] ? __se_sys_recvmmsg+0xac/0x350 [ 498.540322][T13272] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 498.546218][T13272] __se_sys_recvmmsg+0x1d1/0x350 [ 498.551167][T13272] __x64_sys_recvmmsg+0x62/0x80 [ 498.556019][T13272] do_syscall_64+0xb0/0x150 [ 498.560616][T13272] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 498.566516][T13272] RIP: 0033:0x45c1d9 [ 498.570408][T13272] Code: Bad RIP value. [ 498.574469][T13272] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 498.582877][T13272] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 498.590843][T13272] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 498.598834][T13272] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 498.606806][T13272] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 498.614827][T13272] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 498.622803][T13272] Uninit was stored to memory at: [ 498.627847][T13272] kmsan_internal_chain_origin+0xad/0x130 [ 498.633563][T13272] __msan_chain_origin+0x50/0x90 [ 498.638586][T13272] do_recvmmsg+0x105a/0x1ee0 [ 498.643192][T13272] __se_sys_recvmmsg+0x1d1/0x350 [ 498.648125][T13272] __x64_sys_recvmmsg+0x62/0x80 [ 498.652979][T13272] do_syscall_64+0xb0/0x150 [ 498.657479][T13272] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 498.663359][T13272] [ 498.665674][T13272] Uninit was stored to memory at: [ 498.670701][T13272] kmsan_internal_chain_origin+0xad/0x130 [ 498.676422][T13272] __msan_chain_origin+0x50/0x90 [ 498.681369][T13272] do_recvmmsg+0x105a/0x1ee0 [ 498.685958][T13272] __se_sys_recvmmsg+0x1d1/0x350 [ 498.690893][T13272] __x64_sys_recvmmsg+0x62/0x80 [ 498.695748][T13272] do_syscall_64+0xb0/0x150 [ 498.700259][T13272] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 498.706220][T13272] [ 498.708561][T13272] Uninit was stored to memory at: [ 498.713584][T13272] kmsan_internal_chain_origin+0xad/0x130 [ 498.719300][T13272] __msan_chain_origin+0x50/0x90 [ 498.724235][T13272] do_recvmmsg+0x105a/0x1ee0 [ 498.728837][T13272] __se_sys_recvmmsg+0x1d1/0x350 [ 498.733787][T13272] __x64_sys_recvmmsg+0x62/0x80 [ 498.738643][T13272] do_syscall_64+0xb0/0x150 [ 498.743152][T13272] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 498.749030][T13272] [ 498.751349][T13272] Uninit was stored to memory at: [ 498.756398][T13272] kmsan_internal_chain_origin+0xad/0x130 [ 498.762114][T13272] __msan_chain_origin+0x50/0x90 [ 498.767050][T13272] do_recvmmsg+0x105a/0x1ee0 [ 498.771639][T13272] __se_sys_recvmmsg+0x1d1/0x350 [ 498.776576][T13272] __x64_sys_recvmmsg+0x62/0x80 [ 498.781425][T13272] do_syscall_64+0xb0/0x150 [ 498.785927][T13272] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 498.791807][T13272] [ 498.794130][T13272] Uninit was stored to memory at: [ 498.799514][T13272] kmsan_internal_chain_origin+0xad/0x130 [ 498.805232][T13272] __msan_chain_origin+0x50/0x90 [ 498.810165][T13272] do_recvmmsg+0x105a/0x1ee0 [ 498.814758][T13272] __se_sys_recvmmsg+0x1d1/0x350 [ 498.819698][T13272] __x64_sys_recvmmsg+0x62/0x80 [ 498.824551][T13272] do_syscall_64+0xb0/0x150 [ 498.829138][T13272] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 498.835021][T13272] [ 498.837346][T13272] Uninit was stored to memory at: [ 498.842416][T13272] kmsan_internal_chain_origin+0xad/0x130 [ 498.848339][T13272] __msan_chain_origin+0x50/0x90 [ 498.853285][T13272] do_recvmmsg+0x105a/0x1ee0 [ 498.858144][T13272] __se_sys_recvmmsg+0x1d1/0x350 [ 498.863086][T13272] __x64_sys_recvmmsg+0x62/0x80 [ 498.867945][T13272] do_syscall_64+0xb0/0x150 [ 498.872451][T13272] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 498.878345][T13272] [ 498.880670][T13272] Uninit was stored to memory at: [ 498.886566][T13272] kmsan_internal_chain_origin+0xad/0x130 [ 498.892288][T13272] __msan_chain_origin+0x50/0x90 [ 498.897226][T13272] do_recvmmsg+0x105a/0x1ee0 [ 498.901845][T13272] __se_sys_recvmmsg+0x1d1/0x350 [ 498.907573][T13272] __x64_sys_recvmmsg+0x62/0x80 [ 498.912439][T13272] do_syscall_64+0xb0/0x150 [ 498.917380][T13272] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 498.923349][T13272] [ 498.925766][T13272] Local variable ----msg_sys@do_recvmmsg created at: [ 498.932529][T13272] do_recvmmsg+0xc5/0x1ee0 [ 498.936950][T13272] do_recvmmsg+0xc5/0x1ee0 05:27:21 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r3}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:27:21 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x10, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 05:27:21 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, 0x0, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:27:21 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 05:27:21 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r5}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) r6 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000100)='NLBL_MGMT\x00') sendmsg$NLBL_MGMT_C_PROTOCOLS(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x2c, r6, 0x200, 0x70bd25, 0x25dfdbff, {}, [@NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x8}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @rand_addr=0x64010100}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40004}, 0x20010040) sendmsg$NLBL_MGMT_C_REMOVE(r4, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x120000}, 0xc, &(0x7f0000000080)={&(0x7f0000000180)={0x44, r6, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @private2={0xfc, 0x2, [], 0x1}}, @NLBL_MGMT_A_DOMAIN={0xc, 0x1, 'F.[%@\xf8:\x00'}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @rand_addr=0x64010101}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x8004}, 0x8000) 05:27:21 executing program 5: socket$can_raw(0x1d, 0x3, 0x1) r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) [ 499.257369][T13313] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:21 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x20, 0x0, 0xab9535e9a6578fc1, 0x0, 0x0, {0x5}, [@NL80211_ATTR_WDEV={0xc}]}, 0x20}}, 0x0) 05:27:21 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:21 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, 0x0, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:27:21 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = semget$private(0x0, 0x1, 0x0) r2 = semget$private(0x0, 0x1, 0x0) semop(r2, &(0x7f0000000080)=[{0x0, 0xfffb}], 0x1) semctl$SETALL(r2, 0x0, 0x11, &(0x7f0000000040)=[0x0]) semctl$SETALL(r2, 0x0, 0x11, &(0x7f0000000040)=[0x6, 0x81]) getresuid(&(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)) semop(r1, &(0x7f0000000080)=[{0x5, 0xfffb}], 0x1) semctl$SETALL(r1, 0x0, 0x11, &(0x7f0000000040)=[0x0]) semctl$SETALL(r1, 0x0, 0x11, &(0x7f0000000040)=[0x6, 0x81]) getresuid(&(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)=0x0) semctl$IPC_SET(r1, 0x0, 0x1, &(0x7f00000001c0)={{0x2, r3, 0x0, 0x0, 0xffffffffffffffff}, 0x9, 0x9, 0x0, 0x0, 0x0, 0x0, 0xfff}) semop(r1, &(0x7f0000000040)=[{0x3, 0x1, 0x1800}, {0x1, 0x20, 0x800}, {0xb592ef9f85c2b072}, {0x2, 0x5}, {0x1, 0x7}, {0x4, 0x9, 0x1000}, {0x0, 0x5, 0x1800}, {0x0, 0xfff6}], 0x8) r4 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) getsockname$packet(r7, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r8}, [@IFA_ADDRESS={0x14, 0x1, @loopback}]}, 0x2c}}, 0x0) [ 499.765070][T13314] not chained 340000 origins [ 499.769822][T13314] CPU: 0 PID: 13314 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 499.778496][T13314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 499.788641][T13314] Call Trace: [ 499.791952][T13314] dump_stack+0x1df/0x240 [ 499.796298][T13314] kmsan_internal_chain_origin+0x6f/0x130 [ 499.802032][T13314] ? kmsan_get_metadata+0x4f/0x180 [ 499.807154][T13314] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 499.813241][T13314] ? __msan_poison_alloca+0xf0/0x120 [ 499.818552][T13314] ? kmsan_get_metadata+0x11d/0x180 [ 499.823765][T13314] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 499.829598][T13314] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 499.835688][T13314] ? kfree+0x61/0x30f0 [ 499.839770][T13314] ? kmsan_get_metadata+0x4f/0x180 [ 499.844891][T13314] ? kmsan_set_origin_checked+0x95/0xf0 [ 499.850436][T13314] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 499.856501][T13314] ? _copy_from_user+0x15b/0x260 [ 499.861427][T13314] ? kmsan_get_metadata+0x4f/0x180 [ 499.866526][T13314] __msan_chain_origin+0x50/0x90 [ 499.871456][T13314] do_recvmmsg+0x105a/0x1ee0 [ 499.876060][T13314] ? __msan_poison_alloca+0xf0/0x120 [ 499.881349][T13314] ? __se_sys_recvmmsg+0xac/0x350 [ 499.886358][T13314] ? __se_sys_recvmmsg+0xac/0x350 [ 499.891370][T13314] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 499.897692][T13314] __se_sys_recvmmsg+0x1d1/0x350 [ 499.903146][T13314] __x64_sys_recvmmsg+0x62/0x80 [ 499.908072][T13314] do_syscall_64+0xb0/0x150 [ 499.912699][T13314] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 499.918581][T13314] RIP: 0033:0x45c1d9 [ 499.922544][T13314] Code: Bad RIP value. [ 499.926595][T13314] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 499.934990][T13314] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 499.943121][T13314] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 499.951083][T13314] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 499.959125][T13314] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 499.967257][T13314] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 499.975224][T13314] Uninit was stored to memory at: [ 499.980241][T13314] kmsan_internal_chain_origin+0xad/0x130 [ 499.985959][T13314] __msan_chain_origin+0x50/0x90 [ 499.990887][T13314] do_recvmmsg+0x105a/0x1ee0 [ 499.995475][T13314] __se_sys_recvmmsg+0x1d1/0x350 [ 500.000415][T13314] __x64_sys_recvmmsg+0x62/0x80 [ 500.005261][T13314] do_syscall_64+0xb0/0x150 [ 500.009767][T13314] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 500.015806][T13314] [ 500.018117][T13314] Uninit was stored to memory at: [ 500.023421][T13314] kmsan_internal_chain_origin+0xad/0x130 [ 500.029354][T13314] __msan_chain_origin+0x50/0x90 [ 500.035614][T13314] do_recvmmsg+0x105a/0x1ee0 [ 500.040284][T13314] __se_sys_recvmmsg+0x1d1/0x350 [ 500.045500][T13314] __x64_sys_recvmmsg+0x62/0x80 [ 500.050438][T13314] do_syscall_64+0xb0/0x150 [ 500.054950][T13314] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 500.061000][T13314] [ 500.063321][T13314] Uninit was stored to memory at: [ 500.068339][T13314] kmsan_internal_chain_origin+0xad/0x130 [ 500.074045][T13314] __msan_chain_origin+0x50/0x90 [ 500.078969][T13314] do_recvmmsg+0x105a/0x1ee0 [ 500.085477][T13314] __se_sys_recvmmsg+0x1d1/0x350 [ 500.090408][T13314] __x64_sys_recvmmsg+0x62/0x80 [ 500.095251][T13314] do_syscall_64+0xb0/0x150 [ 500.099901][T13314] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 500.105778][T13314] [ 500.108095][T13314] Uninit was stored to memory at: [ 500.113114][T13314] kmsan_internal_chain_origin+0xad/0x130 [ 500.118817][T13314] __msan_chain_origin+0x50/0x90 [ 500.123742][T13314] do_recvmmsg+0x105a/0x1ee0 [ 500.128315][T13314] __se_sys_recvmmsg+0x1d1/0x350 [ 500.133235][T13314] __x64_sys_recvmmsg+0x62/0x80 [ 500.138088][T13314] do_syscall_64+0xb0/0x150 [ 500.142678][T13314] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 500.148550][T13314] [ 500.150863][T13314] Uninit was stored to memory at: [ 500.155892][T13314] kmsan_internal_chain_origin+0xad/0x130 [ 500.161719][T13314] __msan_chain_origin+0x50/0x90 [ 500.166657][T13314] do_recvmmsg+0x105a/0x1ee0 [ 500.171246][T13314] __se_sys_recvmmsg+0x1d1/0x350 [ 500.176177][T13314] __x64_sys_recvmmsg+0x62/0x80 [ 500.181017][T13314] do_syscall_64+0xb0/0x150 [ 500.185515][T13314] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 500.191385][T13314] [ 500.193704][T13314] Uninit was stored to memory at: [ 500.198713][T13314] kmsan_internal_chain_origin+0xad/0x130 [ 500.204418][T13314] __msan_chain_origin+0x50/0x90 [ 500.209344][T13314] do_recvmmsg+0x105a/0x1ee0 [ 500.213918][T13314] __se_sys_recvmmsg+0x1d1/0x350 [ 500.218838][T13314] __x64_sys_recvmmsg+0x62/0x80 [ 500.223675][T13314] do_syscall_64+0xb0/0x150 [ 500.228160][T13314] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 500.236631][T13314] [ 500.238941][T13314] Uninit was stored to memory at: [ 500.243960][T13314] kmsan_internal_chain_origin+0xad/0x130 [ 500.249670][T13314] __msan_chain_origin+0x50/0x90 [ 500.254686][T13314] do_recvmmsg+0x105a/0x1ee0 [ 500.259270][T13314] __se_sys_recvmmsg+0x1d1/0x350 05:27:22 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x20, 0x0, 0xab9535e9a6578fc1, 0x0, 0x0, {0x5}, [@NL80211_ATTR_WDEV={0xc}]}, 0x20}}, 0x0) [ 500.264457][T13314] __x64_sys_recvmmsg+0x62/0x80 [ 500.269377][T13314] do_syscall_64+0xb0/0x150 [ 500.273866][T13314] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 500.279734][T13314] [ 500.282072][T13314] Local variable ----msg_sys@do_recvmmsg created at: [ 500.288992][T13314] do_recvmmsg+0xc5/0x1ee0 [ 500.293483][T13314] do_recvmmsg+0xc5/0x1ee0 05:27:22 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x10, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 500.417795][T13326] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 500.984839][T13314] not chained 350000 origins [ 500.989464][T13314] CPU: 1 PID: 13314 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 500.998153][T13314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 501.008305][T13314] Call Trace: [ 501.011874][T13314] dump_stack+0x1df/0x240 [ 501.016586][T13314] kmsan_internal_chain_origin+0x6f/0x130 [ 501.022329][T13314] ? kmsan_get_metadata+0x4f/0x180 [ 501.027447][T13314] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 501.033449][T13314] ? __msan_poison_alloca+0xf0/0x120 [ 501.038747][T13314] ? kmsan_get_metadata+0x11d/0x180 [ 501.043971][T13314] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 501.049797][T13314] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 501.055961][T13314] ? kfree+0x61/0x30f0 [ 501.060044][T13314] ? kmsan_get_metadata+0x4f/0x180 [ 501.065290][T13314] ? kmsan_set_origin_checked+0x95/0xf0 [ 501.070859][T13314] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 501.076943][T13314] ? _copy_from_user+0x15b/0x260 [ 501.081894][T13314] ? kmsan_get_metadata+0x4f/0x180 [ 501.087022][T13314] __msan_chain_origin+0x50/0x90 [ 501.092144][T13314] do_recvmmsg+0x105a/0x1ee0 [ 501.096795][T13314] ? __msan_poison_alloca+0xf0/0x120 [ 501.102105][T13314] ? __se_sys_recvmmsg+0xac/0x350 [ 501.107140][T13314] ? __se_sys_recvmmsg+0xac/0x350 [ 501.112178][T13314] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 501.118225][T13314] __se_sys_recvmmsg+0x1d1/0x350 [ 501.123198][T13314] __x64_sys_recvmmsg+0x62/0x80 [ 501.128071][T13314] do_syscall_64+0xb0/0x150 [ 501.132596][T13314] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 501.138498][T13314] RIP: 0033:0x45c1d9 [ 501.142385][T13314] Code: Bad RIP value. [ 501.146448][T13314] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 501.154873][T13314] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 501.162850][T13314] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 501.170827][T13314] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 501.178830][T13314] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 501.186951][T13314] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 501.194949][T13314] Uninit was stored to memory at: [ 501.199994][T13314] kmsan_internal_chain_origin+0xad/0x130 [ 501.205721][T13314] __msan_chain_origin+0x50/0x90 [ 501.210667][T13314] do_recvmmsg+0x105a/0x1ee0 [ 501.215264][T13314] __se_sys_recvmmsg+0x1d1/0x350 [ 501.220215][T13314] __x64_sys_recvmmsg+0x62/0x80 [ 501.225088][T13314] do_syscall_64+0xb0/0x150 [ 501.229623][T13314] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 501.235509][T13314] [ 501.237841][T13314] Uninit was stored to memory at: [ 501.242873][T13314] kmsan_internal_chain_origin+0xad/0x130 [ 501.248594][T13314] __msan_chain_origin+0x50/0x90 [ 501.253549][T13314] do_recvmmsg+0x105a/0x1ee0 [ 501.258148][T13314] __se_sys_recvmmsg+0x1d1/0x350 [ 501.263093][T13314] __x64_sys_recvmmsg+0x62/0x80 [ 501.267946][T13314] do_syscall_64+0xb0/0x150 [ 501.272456][T13314] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 501.278369][T13314] [ 501.280692][T13314] Uninit was stored to memory at: [ 501.285724][T13314] kmsan_internal_chain_origin+0xad/0x130 [ 501.291453][T13314] __msan_chain_origin+0x50/0x90 [ 501.296757][T13314] do_recvmmsg+0x105a/0x1ee0 [ 501.301352][T13314] __se_sys_recvmmsg+0x1d1/0x350 [ 501.307299][T13314] __x64_sys_recvmmsg+0x62/0x80 [ 501.312157][T13314] do_syscall_64+0xb0/0x150 [ 501.316666][T13314] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 501.322644][T13314] [ 501.324970][T13314] Uninit was stored to memory at: [ 501.330001][T13314] kmsan_internal_chain_origin+0xad/0x130 [ 501.335724][T13314] __msan_chain_origin+0x50/0x90 [ 501.340665][T13314] do_recvmmsg+0x105a/0x1ee0 [ 501.345283][T13314] __se_sys_recvmmsg+0x1d1/0x350 [ 501.350236][T13314] __x64_sys_recvmmsg+0x62/0x80 [ 501.355216][T13314] do_syscall_64+0xb0/0x150 [ 501.359952][T13314] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 501.366017][T13314] [ 501.368343][T13314] Uninit was stored to memory at: [ 501.373379][T13314] kmsan_internal_chain_origin+0xad/0x130 [ 501.379108][T13314] __msan_chain_origin+0x50/0x90 [ 501.384076][T13314] do_recvmmsg+0x105a/0x1ee0 [ 501.388759][T13314] __se_sys_recvmmsg+0x1d1/0x350 [ 501.393705][T13314] __x64_sys_recvmmsg+0x62/0x80 [ 501.398570][T13314] do_syscall_64+0xb0/0x150 [ 501.403085][T13314] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 501.408972][T13314] [ 501.411298][T13314] Uninit was stored to memory at: [ 501.416341][T13314] kmsan_internal_chain_origin+0xad/0x130 [ 501.422164][T13314] __msan_chain_origin+0x50/0x90 [ 501.427112][T13314] do_recvmmsg+0x105a/0x1ee0 [ 501.431711][T13314] __se_sys_recvmmsg+0x1d1/0x350 [ 501.436656][T13314] __x64_sys_recvmmsg+0x62/0x80 [ 501.441530][T13314] do_syscall_64+0xb0/0x150 [ 501.446041][T13314] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 501.452244][T13314] [ 501.454567][T13314] Uninit was stored to memory at: [ 501.459722][T13314] kmsan_internal_chain_origin+0xad/0x130 [ 501.465454][T13314] __msan_chain_origin+0x50/0x90 [ 501.470411][T13314] do_recvmmsg+0x105a/0x1ee0 [ 501.475014][T13314] __se_sys_recvmmsg+0x1d1/0x350 [ 501.480064][T13314] __x64_sys_recvmmsg+0x62/0x80 [ 501.484930][T13314] do_syscall_64+0xb0/0x150 [ 501.489453][T13314] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 501.495341][T13314] [ 501.497789][T13314] Local variable ----msg_sys@do_recvmmsg created at: [ 501.504482][T13314] do_recvmmsg+0xc5/0x1ee0 [ 501.508915][T13314] do_recvmmsg+0xc5/0x1ee0 [ 502.421351][T13314] not chained 360000 origins [ 502.425998][T13314] CPU: 1 PID: 13314 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 502.434678][T13314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 502.444737][T13314] Call Trace: [ 502.448043][T13314] dump_stack+0x1df/0x240 [ 502.452473][T13314] kmsan_internal_chain_origin+0x6f/0x130 [ 502.458197][T13314] ? kmsan_get_metadata+0x4f/0x180 [ 502.463328][T13314] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 502.469355][T13314] ? __msan_poison_alloca+0xf0/0x120 [ 502.474657][T13314] ? kmsan_get_metadata+0x11d/0x180 [ 502.479858][T13314] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 502.485669][T13314] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 502.491740][T13314] ? kfree+0x61/0x30f0 [ 502.495860][T13314] ? kmsan_get_metadata+0x4f/0x180 [ 502.500972][T13314] ? kmsan_set_origin_checked+0x95/0xf0 [ 502.506526][T13314] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 502.512599][T13314] ? _copy_from_user+0x15b/0x260 [ 502.517537][T13314] ? kmsan_get_metadata+0x4f/0x180 [ 502.522656][T13314] __msan_chain_origin+0x50/0x90 [ 502.527601][T13314] do_recvmmsg+0x105a/0x1ee0 [ 502.532228][T13314] ? __msan_poison_alloca+0xf0/0x120 [ 502.537523][T13314] ? __se_sys_recvmmsg+0xac/0x350 [ 502.542641][T13314] ? __se_sys_recvmmsg+0xac/0x350 [ 502.547752][T13314] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 502.553655][T13314] __se_sys_recvmmsg+0x1d1/0x350 [ 502.558723][T13314] __x64_sys_recvmmsg+0x62/0x80 [ 502.564531][T13314] do_syscall_64+0xb0/0x150 [ 502.569756][T13314] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 502.575655][T13314] RIP: 0033:0x45c1d9 [ 502.579806][T13314] Code: Bad RIP value. [ 502.583952][T13314] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 502.592366][T13314] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 502.600334][T13314] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 502.608305][T13314] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 502.616273][T13314] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 502.624240][T13314] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 502.632220][T13314] Uninit was stored to memory at: [ 502.637259][T13314] kmsan_internal_chain_origin+0xad/0x130 [ 502.642991][T13314] __msan_chain_origin+0x50/0x90 [ 502.647962][T13314] do_recvmmsg+0x105a/0x1ee0 [ 502.652563][T13314] __se_sys_recvmmsg+0x1d1/0x350 [ 502.657501][T13314] __x64_sys_recvmmsg+0x62/0x80 [ 502.662960][T13314] do_syscall_64+0xb0/0x150 [ 502.667491][T13314] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 502.673465][T13314] [ 502.675785][T13314] Uninit was stored to memory at: [ 502.680813][T13314] kmsan_internal_chain_origin+0xad/0x130 [ 502.686543][T13314] __msan_chain_origin+0x50/0x90 [ 502.691497][T13314] do_recvmmsg+0x105a/0x1ee0 [ 502.696177][T13314] __se_sys_recvmmsg+0x1d1/0x350 [ 502.701113][T13314] __x64_sys_recvmmsg+0x62/0x80 [ 502.705963][T13314] do_syscall_64+0xb0/0x150 [ 502.710469][T13314] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 502.716352][T13314] [ 502.718670][T13314] Uninit was stored to memory at: [ 502.723713][T13314] kmsan_internal_chain_origin+0xad/0x130 [ 502.729442][T13314] __msan_chain_origin+0x50/0x90 [ 502.734393][T13314] do_recvmmsg+0x105a/0x1ee0 [ 502.738988][T13314] __se_sys_recvmmsg+0x1d1/0x350 [ 502.744113][T13314] __x64_sys_recvmmsg+0x62/0x80 [ 502.748971][T13314] do_syscall_64+0xb0/0x150 [ 502.753606][T13314] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 502.760014][T13314] [ 502.762750][T13314] Uninit was stored to memory at: [ 502.767797][T13314] kmsan_internal_chain_origin+0xad/0x130 [ 502.773527][T13314] __msan_chain_origin+0x50/0x90 [ 502.778494][T13314] do_recvmmsg+0x105a/0x1ee0 [ 502.783094][T13314] __se_sys_recvmmsg+0x1d1/0x350 [ 502.788031][T13314] __x64_sys_recvmmsg+0x62/0x80 [ 502.792897][T13314] do_syscall_64+0xb0/0x150 [ 502.797408][T13314] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 502.803323][T13314] [ 502.805675][T13314] Uninit was stored to memory at: [ 502.810703][T13314] kmsan_internal_chain_origin+0xad/0x130 [ 502.816420][T13314] __msan_chain_origin+0x50/0x90 [ 502.821356][T13314] do_recvmmsg+0x105a/0x1ee0 [ 502.825947][T13314] __se_sys_recvmmsg+0x1d1/0x350 [ 502.830889][T13314] __x64_sys_recvmmsg+0x62/0x80 [ 502.835741][T13314] do_syscall_64+0xb0/0x150 [ 502.840247][T13314] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 502.846133][T13314] [ 502.848453][T13314] Uninit was stored to memory at: [ 502.853526][T13314] kmsan_internal_chain_origin+0xad/0x130 [ 502.859248][T13314] __msan_chain_origin+0x50/0x90 [ 502.864198][T13314] do_recvmmsg+0x105a/0x1ee0 [ 502.868792][T13314] __se_sys_recvmmsg+0x1d1/0x350 [ 502.873739][T13314] __x64_sys_recvmmsg+0x62/0x80 [ 502.878591][T13314] do_syscall_64+0xb0/0x150 [ 502.883097][T13314] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 502.890971][T13314] [ 502.893289][T13314] Uninit was stored to memory at: [ 502.898313][T13314] kmsan_internal_chain_origin+0xad/0x130 [ 502.904030][T13314] __msan_chain_origin+0x50/0x90 [ 502.908965][T13314] do_recvmmsg+0x105a/0x1ee0 [ 502.913564][T13314] __se_sys_recvmmsg+0x1d1/0x350 [ 502.918497][T13314] __x64_sys_recvmmsg+0x62/0x80 [ 502.923347][T13314] do_syscall_64+0xb0/0x150 [ 502.927863][T13314] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 502.933752][T13314] [ 502.936077][T13314] Local variable ----msg_sys@do_recvmmsg created at: [ 502.942752][T13314] do_recvmmsg+0xc5/0x1ee0 [ 502.947172][T13314] do_recvmmsg+0xc5/0x1ee0 05:27:25 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r3}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:27:25 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:25 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x20, 0x0, 0xab9535e9a6578fc1, 0x0, 0x0, {0x5}, [@NL80211_ATTR_WDEV={0xc}]}, 0x20}}, 0x0) 05:27:25 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:27:25 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r5) dup2(0xffffffffffffffff, r5) r6 = creat(&(0x7f00000000c0)='./file0\x00', 0x51f) write$binfmt_script(r6, &(0x7f0000002300)={'#! ', './file0'}, 0xb) close(r6) r7 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r9 = dup(r8) getsockname$packet(r9, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r10}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r6, 0x89f8, &(0x7f0000000180)={'ip6gre0\x00', &(0x7f0000000040)={'syztnl1\x00', r10, 0x4, 0x80, 0x0, 0xff80000, 0x40, @local, @loopback, 0x10, 0x7800, 0x4, 0xf302}}) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r11}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) 05:27:25 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x10, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 503.239856][T13354] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:25 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x20, r1, 0x0, 0x0, 0x0, {0x5}, [@NL80211_ATTR_WDEV={0xc}]}, 0x20}}, 0x0) 05:27:25 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) [ 503.677378][T13363] not chained 370000 origins [ 503.682007][T13363] CPU: 1 PID: 13363 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 503.690661][T13363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 503.700705][T13363] Call Trace: [ 503.703990][T13363] dump_stack+0x1df/0x240 [ 503.708315][T13363] kmsan_internal_chain_origin+0x6f/0x130 [ 503.714043][T13363] ? kmsan_get_metadata+0x4f/0x180 [ 503.719148][T13363] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 503.725030][T13363] ? __msan_poison_alloca+0xf0/0x120 [ 503.730306][T13363] ? kmsan_get_metadata+0x11d/0x180 [ 503.735495][T13363] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 503.741373][T13363] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 503.748325][T13363] ? kfree+0x61/0x30f0 [ 503.752396][T13363] ? kmsan_get_metadata+0x4f/0x180 [ 503.757496][T13363] ? kmsan_set_origin_checked+0x95/0xf0 [ 503.763029][T13363] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 503.769086][T13363] ? _copy_from_user+0x15b/0x260 [ 503.774034][T13363] ? kmsan_get_metadata+0x4f/0x180 [ 503.779317][T13363] __msan_chain_origin+0x50/0x90 [ 503.784261][T13363] do_recvmmsg+0x105a/0x1ee0 [ 503.788878][T13363] ? __msan_poison_alloca+0xf0/0x120 [ 503.794178][T13363] ? __se_sys_recvmmsg+0xac/0x350 [ 503.799231][T13363] ? __se_sys_recvmmsg+0xac/0x350 [ 503.804251][T13363] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 503.810147][T13363] __se_sys_recvmmsg+0x1d1/0x350 [ 503.815085][T13363] __x64_sys_recvmmsg+0x62/0x80 [ 503.819928][T13363] do_syscall_64+0xb0/0x150 [ 503.824444][T13363] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 503.830320][T13363] RIP: 0033:0x45c1d9 [ 503.834199][T13363] Code: Bad RIP value. [ 503.838249][T13363] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 503.846648][T13363] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 503.854622][T13363] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 503.862599][T13363] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 503.870564][T13363] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 503.878528][T13363] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 503.886493][T13363] Uninit was stored to memory at: [ 503.891511][T13363] kmsan_internal_chain_origin+0xad/0x130 [ 503.897231][T13363] __msan_chain_origin+0x50/0x90 [ 503.902160][T13363] do_recvmmsg+0x105a/0x1ee0 [ 503.906736][T13363] __se_sys_recvmmsg+0x1d1/0x350 [ 503.911659][T13363] __x64_sys_recvmmsg+0x62/0x80 [ 503.916501][T13363] do_syscall_64+0xb0/0x150 [ 503.920991][T13363] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 503.926859][T13363] [ 503.929203][T13363] Uninit was stored to memory at: [ 503.934214][T13363] kmsan_internal_chain_origin+0xad/0x130 [ 503.939914][T13363] __msan_chain_origin+0x50/0x90 [ 503.944840][T13363] do_recvmmsg+0x105a/0x1ee0 [ 503.949421][T13363] __se_sys_recvmmsg+0x1d1/0x350 [ 503.954348][T13363] __x64_sys_recvmmsg+0x62/0x80 [ 503.959203][T13363] do_syscall_64+0xb0/0x150 [ 503.963692][T13363] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 503.969560][T13363] [ 503.971870][T13363] Uninit was stored to memory at: [ 503.976880][T13363] kmsan_internal_chain_origin+0xad/0x130 [ 503.982582][T13363] __msan_chain_origin+0x50/0x90 [ 503.987615][T13363] do_recvmmsg+0x105a/0x1ee0 [ 503.992204][T13363] __se_sys_recvmmsg+0x1d1/0x350 [ 503.997131][T13363] __x64_sys_recvmmsg+0x62/0x80 [ 504.001985][T13363] do_syscall_64+0xb0/0x150 [ 504.006487][T13363] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 504.012362][T13363] [ 504.014697][T13363] Uninit was stored to memory at: [ 504.019742][T13363] kmsan_internal_chain_origin+0xad/0x130 [ 504.025471][T13363] __msan_chain_origin+0x50/0x90 [ 504.030398][T13363] do_recvmmsg+0x105a/0x1ee0 [ 504.035343][T13363] __se_sys_recvmmsg+0x1d1/0x350 [ 504.040284][T13363] __x64_sys_recvmmsg+0x62/0x80 [ 504.045141][T13363] do_syscall_64+0xb0/0x150 [ 504.049682][T13363] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 504.055702][T13363] [ 504.058021][T13363] Uninit was stored to memory at: [ 504.063038][T13363] kmsan_internal_chain_origin+0xad/0x130 [ 504.068742][T13363] __msan_chain_origin+0x50/0x90 [ 504.073666][T13363] do_recvmmsg+0x105a/0x1ee0 [ 504.078242][T13363] __se_sys_recvmmsg+0x1d1/0x350 [ 504.083167][T13363] __x64_sys_recvmmsg+0x62/0x80 [ 504.088114][T13363] do_syscall_64+0xb0/0x150 [ 504.092606][T13363] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 504.098506][T13363] [ 504.100826][T13363] Uninit was stored to memory at: [ 504.105854][T13363] kmsan_internal_chain_origin+0xad/0x130 [ 504.111804][T13363] __msan_chain_origin+0x50/0x90 [ 504.116743][T13363] do_recvmmsg+0x105a/0x1ee0 [ 504.121327][T13363] __se_sys_recvmmsg+0x1d1/0x350 [ 504.126254][T13363] __x64_sys_recvmmsg+0x62/0x80 [ 504.131116][T13363] do_syscall_64+0xb0/0x150 [ 504.135617][T13363] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 504.141499][T13363] [ 504.143817][T13363] Uninit was stored to memory at: [ 504.148836][T13363] kmsan_internal_chain_origin+0xad/0x130 [ 504.154544][T13363] __msan_chain_origin+0x50/0x90 [ 504.159478][T13363] do_recvmmsg+0x105a/0x1ee0 [ 504.164055][T13363] __se_sys_recvmmsg+0x1d1/0x350 [ 504.169003][T13363] __x64_sys_recvmmsg+0x62/0x80 [ 504.173841][T13363] do_syscall_64+0xb0/0x150 [ 504.178335][T13363] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 504.184202][T13363] [ 504.186600][T13363] Local variable ----msg_sys@do_recvmmsg created at: [ 504.193276][T13363] do_recvmmsg+0xc5/0x1ee0 [ 504.197682][T13363] do_recvmmsg+0xc5/0x1ee0 05:27:26 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:27:26 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="2c0000001500010000000000000000000a780000", @ANYRES32=r5, @ANYBLOB="14000100fc020000000000000000000000000000597493e1da2b9d49d59fc046dd39b60af657b9b325ae89"], 0x2c}}, 0x0) 05:27:26 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x10, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 05:27:26 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x20, r1, 0x0, 0x0, 0x0, {0x5}, [@NL80211_ATTR_WDEV={0xc}]}, 0x20}}, 0x0) [ 505.019388][T13363] not chained 380000 origins [ 505.024110][T13363] CPU: 0 PID: 13363 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 505.032786][T13363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 505.042839][T13363] Call Trace: [ 505.046133][T13363] dump_stack+0x1df/0x240 [ 505.050467][T13363] kmsan_internal_chain_origin+0x6f/0x130 [ 505.056190][T13363] ? kmsan_get_metadata+0x4f/0x180 [ 505.061307][T13363] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 505.067225][T13363] ? __msan_poison_alloca+0xf0/0x120 [ 505.072525][T13363] ? kmsan_get_metadata+0x11d/0x180 [ 505.077821][T13363] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 505.083645][T13363] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 505.089899][T13363] ? kfree+0x61/0x30f0 [ 505.093986][T13363] ? kmsan_get_metadata+0x4f/0x180 [ 505.099105][T13363] ? kmsan_set_origin_checked+0x95/0xf0 [ 505.104674][T13363] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 505.110774][T13363] ? _copy_from_user+0x15b/0x260 [ 505.115809][T13363] ? kmsan_get_metadata+0x4f/0x180 [ 505.120930][T13363] __msan_chain_origin+0x50/0x90 [ 505.125910][T13363] do_recvmmsg+0x105a/0x1ee0 [ 505.130539][T13363] ? __msan_poison_alloca+0xf0/0x120 [ 505.135829][T13363] ? __se_sys_recvmmsg+0xac/0x350 [ 505.140895][T13363] ? __se_sys_recvmmsg+0xac/0x350 [ 505.145924][T13363] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 505.151824][T13363] __se_sys_recvmmsg+0x1d1/0x350 [ 505.156874][T13363] __x64_sys_recvmmsg+0x62/0x80 [ 505.161730][T13363] do_syscall_64+0xb0/0x150 [ 505.166240][T13363] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 505.172214][T13363] RIP: 0033:0x45c1d9 [ 505.176095][T13363] Code: Bad RIP value. [ 505.180878][T13363] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 505.189295][T13363] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 505.197617][T13363] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 505.205590][T13363] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 505.213565][T13363] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 505.221657][T13363] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 505.229642][T13363] Uninit was stored to memory at: [ 505.234690][T13363] kmsan_internal_chain_origin+0xad/0x130 [ 505.240412][T13363] __msan_chain_origin+0x50/0x90 [ 505.245456][T13363] do_recvmmsg+0x105a/0x1ee0 [ 505.250044][T13363] __se_sys_recvmmsg+0x1d1/0x350 [ 505.254974][T13363] __x64_sys_recvmmsg+0x62/0x80 [ 505.259842][T13363] do_syscall_64+0xb0/0x150 [ 505.264340][T13363] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 505.270219][T13363] [ 505.272537][T13363] Uninit was stored to memory at: [ 505.277563][T13363] kmsan_internal_chain_origin+0xad/0x130 [ 505.283363][T13363] __msan_chain_origin+0x50/0x90 [ 505.288319][T13363] do_recvmmsg+0x105a/0x1ee0 [ 505.293251][T13363] __se_sys_recvmmsg+0x1d1/0x350 [ 505.298183][T13363] __x64_sys_recvmmsg+0x62/0x80 [ 505.303038][T13363] do_syscall_64+0xb0/0x150 [ 505.307539][T13363] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 505.313415][T13363] [ 505.315915][T13363] Uninit was stored to memory at: [ 505.320945][T13363] kmsan_internal_chain_origin+0xad/0x130 [ 505.326658][T13363] __msan_chain_origin+0x50/0x90 [ 505.331589][T13363] do_recvmmsg+0x105a/0x1ee0 [ 505.336167][T13363] __se_sys_recvmmsg+0x1d1/0x350 [ 505.341093][T13363] __x64_sys_recvmmsg+0x62/0x80 [ 505.345933][T13363] do_syscall_64+0xb0/0x150 [ 505.350425][T13363] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 505.356294][T13363] [ 505.358613][T13363] Uninit was stored to memory at: [ 505.363640][T13363] kmsan_internal_chain_origin+0xad/0x130 [ 505.369369][T13363] __msan_chain_origin+0x50/0x90 [ 505.374303][T13363] do_recvmmsg+0x105a/0x1ee0 [ 505.378892][T13363] __se_sys_recvmmsg+0x1d1/0x350 [ 505.383816][T13363] __x64_sys_recvmmsg+0x62/0x80 [ 505.389435][T13363] do_syscall_64+0xb0/0x150 [ 505.393930][T13363] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 505.399973][T13363] [ 505.402285][T13363] Uninit was stored to memory at: [ 505.407328][T13363] kmsan_internal_chain_origin+0xad/0x130 [ 505.413214][T13363] __msan_chain_origin+0x50/0x90 [ 505.418315][T13363] do_recvmmsg+0x105a/0x1ee0 [ 505.422893][T13363] __se_sys_recvmmsg+0x1d1/0x350 [ 505.427819][T13363] __x64_sys_recvmmsg+0x62/0x80 [ 505.432662][T13363] do_syscall_64+0xb0/0x150 [ 505.437158][T13363] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 505.443215][T13363] [ 505.445544][T13363] Uninit was stored to memory at: [ 505.450584][T13363] kmsan_internal_chain_origin+0xad/0x130 [ 505.456295][T13363] __msan_chain_origin+0x50/0x90 [ 505.461239][T13363] do_recvmmsg+0x105a/0x1ee0 [ 505.465816][T13363] __se_sys_recvmmsg+0x1d1/0x350 [ 505.470743][T13363] __x64_sys_recvmmsg+0x62/0x80 [ 505.475579][T13363] do_syscall_64+0xb0/0x150 [ 505.480070][T13363] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 505.486041][T13363] [ 505.488351][T13363] Uninit was stored to memory at: [ 505.493361][T13363] kmsan_internal_chain_origin+0xad/0x130 [ 505.499063][T13363] __msan_chain_origin+0x50/0x90 [ 505.503987][T13363] do_recvmmsg+0x105a/0x1ee0 [ 505.508564][T13363] __se_sys_recvmmsg+0x1d1/0x350 [ 505.513485][T13363] __x64_sys_recvmmsg+0x62/0x80 [ 505.518340][T13363] do_syscall_64+0xb0/0x150 [ 505.522841][T13363] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 505.528710][T13363] [ 505.531023][T13363] Local variable ----msg_sys@do_recvmmsg created at: [ 505.537696][T13363] do_recvmmsg+0xc5/0x1ee0 [ 505.542102][T13363] do_recvmmsg+0xc5/0x1ee0 [ 505.834637][T13383] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 506.884450][T13363] not chained 390000 origins [ 506.889166][T13363] CPU: 0 PID: 13363 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 506.897881][T13363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 506.907936][T13363] Call Trace: [ 506.911232][T13363] dump_stack+0x1df/0x240 [ 506.915571][T13363] kmsan_internal_chain_origin+0x6f/0x130 [ 506.921293][T13363] ? kmsan_get_metadata+0x4f/0x180 [ 506.926408][T13363] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 506.932306][T13363] ? __msan_poison_alloca+0xf0/0x120 [ 506.937596][T13363] ? kmsan_get_metadata+0x11d/0x180 [ 506.942853][T13363] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 506.948710][T13363] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 506.954798][T13363] ? kfree+0x61/0x30f0 [ 506.958907][T13363] ? kmsan_get_metadata+0x4f/0x180 [ 506.964024][T13363] ? kmsan_set_origin_checked+0x95/0xf0 [ 506.969759][T13363] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 506.975839][T13363] ? _copy_from_user+0x15b/0x260 [ 506.980779][T13363] ? kmsan_get_metadata+0x4f/0x180 [ 506.985897][T13363] __msan_chain_origin+0x50/0x90 [ 506.990841][T13363] do_recvmmsg+0x105a/0x1ee0 [ 506.995463][T13363] ? __msan_poison_alloca+0xf0/0x120 [ 507.000756][T13363] ? __se_sys_recvmmsg+0xac/0x350 [ 507.005857][T13363] ? __se_sys_recvmmsg+0xac/0x350 [ 507.010889][T13363] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 507.016799][T13363] __se_sys_recvmmsg+0x1d1/0x350 [ 507.021749][T13363] __x64_sys_recvmmsg+0x62/0x80 [ 507.026608][T13363] do_syscall_64+0xb0/0x150 [ 507.031123][T13363] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 507.037014][T13363] RIP: 0033:0x45c1d9 [ 507.040896][T13363] Code: Bad RIP value. [ 507.044989][T13363] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 507.053400][T13363] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 507.061373][T13363] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 507.069342][T13363] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 507.077331][T13363] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 507.085308][T13363] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 507.093292][T13363] Uninit was stored to memory at: [ 507.098323][T13363] kmsan_internal_chain_origin+0xad/0x130 [ 507.104039][T13363] __msan_chain_origin+0x50/0x90 [ 507.108979][T13363] do_recvmmsg+0x105a/0x1ee0 [ 507.113576][T13363] __se_sys_recvmmsg+0x1d1/0x350 [ 507.118524][T13363] __x64_sys_recvmmsg+0x62/0x80 [ 507.123380][T13363] do_syscall_64+0xb0/0x150 [ 507.127889][T13363] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 507.133770][T13363] [ 507.136089][T13363] Uninit was stored to memory at: [ 507.141119][T13363] kmsan_internal_chain_origin+0xad/0x130 [ 507.146833][T13363] __msan_chain_origin+0x50/0x90 [ 507.151872][T13363] do_recvmmsg+0x105a/0x1ee0 [ 507.156461][T13363] __se_sys_recvmmsg+0x1d1/0x350 [ 507.161395][T13363] __x64_sys_recvmmsg+0x62/0x80 [ 507.166245][T13363] do_syscall_64+0xb0/0x150 [ 507.170757][T13363] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 507.176641][T13363] [ 507.178964][T13363] Uninit was stored to memory at: [ 507.183995][T13363] kmsan_internal_chain_origin+0xad/0x130 [ 507.189714][T13363] __msan_chain_origin+0x50/0x90 [ 507.194683][T13363] do_recvmmsg+0x105a/0x1ee0 [ 507.199280][T13363] __se_sys_recvmmsg+0x1d1/0x350 [ 507.204222][T13363] __x64_sys_recvmmsg+0x62/0x80 [ 507.210045][T13363] do_syscall_64+0xb0/0x150 [ 507.214560][T13363] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 507.220443][T13363] [ 507.222765][T13363] Uninit was stored to memory at: [ 507.227794][T13363] kmsan_internal_chain_origin+0xad/0x130 [ 507.233517][T13363] __msan_chain_origin+0x50/0x90 [ 507.238478][T13363] do_recvmmsg+0x105a/0x1ee0 [ 507.243068][T13363] __se_sys_recvmmsg+0x1d1/0x350 [ 507.248004][T13363] __x64_sys_recvmmsg+0x62/0x80 [ 507.252878][T13363] do_syscall_64+0xb0/0x150 [ 507.257411][T13363] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 507.263290][T13363] [ 507.265608][T13363] Uninit was stored to memory at: [ 507.270634][T13363] kmsan_internal_chain_origin+0xad/0x130 [ 507.276353][T13363] __msan_chain_origin+0x50/0x90 [ 507.281297][T13363] do_recvmmsg+0x105a/0x1ee0 [ 507.285889][T13363] __se_sys_recvmmsg+0x1d1/0x350 [ 507.290828][T13363] __x64_sys_recvmmsg+0x62/0x80 [ 507.295689][T13363] do_syscall_64+0xb0/0x150 [ 507.300728][T13363] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 507.306615][T13363] [ 507.308938][T13363] Uninit was stored to memory at: [ 507.313971][T13363] kmsan_internal_chain_origin+0xad/0x130 [ 507.319691][T13363] __msan_chain_origin+0x50/0x90 [ 507.324632][T13363] do_recvmmsg+0x105a/0x1ee0 [ 507.329220][T13363] __se_sys_recvmmsg+0x1d1/0x350 [ 507.334161][T13363] __x64_sys_recvmmsg+0x62/0x80 [ 507.339012][T13363] do_syscall_64+0xb0/0x150 [ 507.343521][T13363] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 507.349502][T13363] [ 507.351825][T13363] Uninit was stored to memory at: [ 507.356871][T13363] kmsan_internal_chain_origin+0xad/0x130 [ 507.362591][T13363] __msan_chain_origin+0x50/0x90 [ 507.367531][T13363] do_recvmmsg+0x105a/0x1ee0 [ 507.372295][T13363] __se_sys_recvmmsg+0x1d1/0x350 [ 507.377232][T13363] __x64_sys_recvmmsg+0x62/0x80 [ 507.382081][T13363] do_syscall_64+0xb0/0x150 [ 507.386584][T13363] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 507.392463][T13363] [ 507.394784][T13363] Local variable ----msg_sys@do_recvmmsg created at: [ 507.401526][T13363] do_recvmmsg+0xc5/0x1ee0 [ 507.406049][T13363] do_recvmmsg+0xc5/0x1ee0 [ 507.563773][T13363] not chained 400000 origins [ 507.568404][T13363] CPU: 0 PID: 13363 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 507.577072][T13363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 507.587128][T13363] Call Trace: [ 507.590421][T13363] dump_stack+0x1df/0x240 [ 507.594759][T13363] kmsan_internal_chain_origin+0x6f/0x130 [ 507.600485][T13363] ? kmsan_get_metadata+0x4f/0x180 [ 507.605601][T13363] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 507.611498][T13363] ? __msan_poison_alloca+0xf0/0x120 [ 507.617398][T13363] ? kmsan_get_metadata+0x11d/0x180 [ 507.622600][T13363] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 507.628416][T13363] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 507.634487][T13363] ? kfree+0x61/0x30f0 [ 507.638563][T13363] ? kmsan_get_metadata+0x4f/0x180 [ 507.643687][T13363] ? kmsan_set_origin_checked+0x95/0xf0 [ 507.649245][T13363] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 507.655328][T13363] ? _copy_from_user+0x15b/0x260 [ 507.660272][T13363] ? kmsan_get_metadata+0x4f/0x180 [ 507.665389][T13363] __msan_chain_origin+0x50/0x90 [ 507.670473][T13363] do_recvmmsg+0x105a/0x1ee0 [ 507.675111][T13363] ? __msan_poison_alloca+0xf0/0x120 [ 507.680404][T13363] ? __se_sys_recvmmsg+0xac/0x350 [ 507.685434][T13363] ? __se_sys_recvmmsg+0xac/0x350 [ 507.690461][T13363] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 507.696359][T13363] __se_sys_recvmmsg+0x1d1/0x350 [ 507.701310][T13363] __x64_sys_recvmmsg+0x62/0x80 [ 507.706161][T13363] do_syscall_64+0xb0/0x150 [ 507.710680][T13363] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 507.716565][T13363] RIP: 0033:0x45c1d9 [ 507.720445][T13363] Code: Bad RIP value. [ 507.724508][T13363] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 507.732924][T13363] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 507.740893][T13363] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 507.748865][T13363] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 507.756834][T13363] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 507.764802][T13363] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 507.772783][T13363] Uninit was stored to memory at: [ 507.777986][T13363] kmsan_internal_chain_origin+0xad/0x130 [ 507.784156][T13363] __msan_chain_origin+0x50/0x90 [ 507.789129][T13363] do_recvmmsg+0x105a/0x1ee0 [ 507.793807][T13363] __se_sys_recvmmsg+0x1d1/0x350 [ 507.798744][T13363] __x64_sys_recvmmsg+0x62/0x80 [ 507.803694][T13363] do_syscall_64+0xb0/0x150 [ 507.808287][T13363] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 507.814167][T13363] [ 507.816486][T13363] Uninit was stored to memory at: [ 507.821599][T13363] kmsan_internal_chain_origin+0xad/0x130 [ 507.827316][T13363] __msan_chain_origin+0x50/0x90 [ 507.832253][T13363] do_recvmmsg+0x105a/0x1ee0 [ 507.836850][T13363] __se_sys_recvmmsg+0x1d1/0x350 [ 507.841832][T13363] __x64_sys_recvmmsg+0x62/0x80 [ 507.846677][T13363] do_syscall_64+0xb0/0x150 [ 507.851272][T13363] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 507.857269][T13363] [ 507.859592][T13363] Uninit was stored to memory at: [ 507.864883][T13363] kmsan_internal_chain_origin+0xad/0x130 [ 507.871310][T13363] __msan_chain_origin+0x50/0x90 [ 507.876246][T13363] do_recvmmsg+0x105a/0x1ee0 [ 507.881007][T13363] __se_sys_recvmmsg+0x1d1/0x350 [ 507.885943][T13363] __x64_sys_recvmmsg+0x62/0x80 [ 507.890794][T13363] do_syscall_64+0xb0/0x150 [ 507.895307][T13363] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 507.901185][T13363] [ 507.903499][T13363] Uninit was stored to memory at: [ 507.908521][T13363] kmsan_internal_chain_origin+0xad/0x130 [ 507.914240][T13363] __msan_chain_origin+0x50/0x90 [ 507.919176][T13363] do_recvmmsg+0x105a/0x1ee0 [ 507.923765][T13363] __se_sys_recvmmsg+0x1d1/0x350 [ 507.928722][T13363] __x64_sys_recvmmsg+0x62/0x80 [ 507.933584][T13363] do_syscall_64+0xb0/0x150 [ 507.938093][T13363] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 507.943997][T13363] [ 507.946323][T13363] Uninit was stored to memory at: [ 507.951793][T13363] kmsan_internal_chain_origin+0xad/0x130 [ 507.957519][T13363] __msan_chain_origin+0x50/0x90 [ 507.962469][T13363] do_recvmmsg+0x105a/0x1ee0 [ 507.967065][T13363] __se_sys_recvmmsg+0x1d1/0x350 [ 507.972125][T13363] __x64_sys_recvmmsg+0x62/0x80 [ 507.977065][T13363] do_syscall_64+0xb0/0x150 [ 507.981582][T13363] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 507.987459][T13363] [ 507.989868][T13363] Uninit was stored to memory at: [ 507.994986][T13363] kmsan_internal_chain_origin+0xad/0x130 [ 508.000704][T13363] __msan_chain_origin+0x50/0x90 [ 508.005641][T13363] do_recvmmsg+0x105a/0x1ee0 [ 508.010228][T13363] __se_sys_recvmmsg+0x1d1/0x350 [ 508.015174][T13363] __x64_sys_recvmmsg+0x62/0x80 [ 508.020025][T13363] do_syscall_64+0xb0/0x150 [ 508.024537][T13363] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 508.030418][T13363] [ 508.032743][T13363] Uninit was stored to memory at: [ 508.037774][T13363] kmsan_internal_chain_origin+0xad/0x130 [ 508.043662][T13363] __msan_chain_origin+0x50/0x90 [ 508.048595][T13363] do_recvmmsg+0x105a/0x1ee0 [ 508.053194][T13363] __se_sys_recvmmsg+0x1d1/0x350 [ 508.058136][T13363] __x64_sys_recvmmsg+0x62/0x80 [ 508.062995][T13363] do_syscall_64+0xb0/0x150 [ 508.067502][T13363] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 508.073383][T13363] [ 508.075706][T13363] Local variable ----msg_sys@do_recvmmsg created at: [ 508.082386][T13363] do_recvmmsg+0xc5/0x1ee0 [ 508.086803][T13363] do_recvmmsg+0xc5/0x1ee0 05:27:30 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:27:30 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x20, r1, 0x0, 0x0, 0x0, {0x5}, [@NL80211_ATTR_WDEV={0xc}]}, 0x20}}, 0x0) 05:27:30 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:30 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:27:30 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x51f) write$binfmt_script(r3, &(0x7f0000002300)={'#! ', './file0'}, 0xb) close(r3) bind$isdn_base(r3, &(0x7f0000000240)={0x22, 0x2, 0x1f, 0x20}, 0x6) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = creat(&(0x7f00000000c0)='./file0\x00', 0x51f) write$binfmt_script(r5, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f66696c65300a0f5d24e136d7b3d1f3fd6aee99a6b026fdc9427ab7e63dffa820865b629e856d57b9ec702c7276de0fbbd5d250fdb58f797d61ece0b1def6b030b5b98330ecb7b804f7617f1b29335430f6dd9ea78152a2891f"], 0xb) close(r5) ioctl$sock_inet_SIOCGIFDSTADDR(r5, 0x8917, &(0x7f0000000080)={'veth1_macvtap\x00', {0x2, 0x4e22, @broadcast}}) r6 = dup(r4) socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000040)) getsockname$packet(r6, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@getrule={0x14, 0x22, 0x8, 0x70bd27, 0x25dfdbfc, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x44088}, 0x0) 05:27:30 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x10, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 508.299558][T13399] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:30 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:30 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x10, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 05:27:30 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:27:30 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x14, r1, 0xab9535e9a6578fc1, 0x0, 0x0, {0x5}}, 0x14}}, 0x0) [ 508.825963][T13418] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:31 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:31 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x14, r1, 0xab9535e9a6578fc1, 0x0, 0x0, {0x5}}, 0x14}}, 0x0) [ 509.223654][T13409] not chained 410000 origins [ 509.228310][T13409] CPU: 1 PID: 13409 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 509.237241][T13409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 509.247400][T13409] Call Trace: [ 509.250806][T13409] dump_stack+0x1df/0x240 [ 509.255151][T13409] kmsan_internal_chain_origin+0x6f/0x130 [ 509.260886][T13409] ? kmsan_get_metadata+0x4f/0x180 [ 509.266051][T13409] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 509.271958][T13409] ? __msan_poison_alloca+0xf0/0x120 [ 509.277259][T13409] ? kmsan_get_metadata+0x11d/0x180 [ 509.282474][T13409] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 509.288288][T13409] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 509.294352][T13409] ? kfree+0x61/0x30f0 [ 509.298414][T13409] ? kmsan_get_metadata+0x4f/0x180 [ 509.303514][T13409] ? kmsan_set_origin_checked+0x95/0xf0 [ 509.309050][T13409] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 509.315199][T13409] ? _copy_from_user+0x15b/0x260 [ 509.320223][T13409] ? kmsan_get_metadata+0x4f/0x180 [ 509.325321][T13409] __msan_chain_origin+0x50/0x90 [ 509.330259][T13409] do_recvmmsg+0x105a/0x1ee0 [ 509.334865][T13409] ? __msan_poison_alloca+0xf0/0x120 [ 509.340217][T13409] ? __se_sys_recvmmsg+0xac/0x350 [ 509.345242][T13409] ? __se_sys_recvmmsg+0xac/0x350 [ 509.350344][T13409] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 509.356244][T13409] __se_sys_recvmmsg+0x1d1/0x350 [ 509.361353][T13409] __x64_sys_recvmmsg+0x62/0x80 [ 509.366197][T13409] do_syscall_64+0xb0/0x150 [ 509.370693][T13409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 509.376571][T13409] RIP: 0033:0x45c1d9 [ 509.380445][T13409] Code: Bad RIP value. [ 509.384501][T13409] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 509.392899][T13409] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 509.401033][T13409] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 509.409096][T13409] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 509.417065][T13409] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 509.425111][T13409] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 509.433078][T13409] Uninit was stored to memory at: [ 509.438092][T13409] kmsan_internal_chain_origin+0xad/0x130 [ 509.443800][T13409] __msan_chain_origin+0x50/0x90 [ 509.448725][T13409] do_recvmmsg+0x105a/0x1ee0 [ 509.453319][T13409] __se_sys_recvmmsg+0x1d1/0x350 [ 509.458251][T13409] __x64_sys_recvmmsg+0x62/0x80 [ 509.463088][T13409] do_syscall_64+0xb0/0x150 [ 509.467576][T13409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 509.473444][T13409] [ 509.475755][T13409] Uninit was stored to memory at: [ 509.480787][T13409] kmsan_internal_chain_origin+0xad/0x130 [ 509.486495][T13409] __msan_chain_origin+0x50/0x90 [ 509.491419][T13409] do_recvmmsg+0x105a/0x1ee0 [ 509.495993][T13409] __se_sys_recvmmsg+0x1d1/0x350 [ 509.500921][T13409] __x64_sys_recvmmsg+0x62/0x80 [ 509.505759][T13409] do_syscall_64+0xb0/0x150 [ 509.510248][T13409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 509.516121][T13409] [ 509.518430][T13409] Uninit was stored to memory at: [ 509.523442][T13409] kmsan_internal_chain_origin+0xad/0x130 [ 509.529146][T13409] __msan_chain_origin+0x50/0x90 [ 509.534072][T13409] do_recvmmsg+0x105a/0x1ee0 [ 509.538649][T13409] __se_sys_recvmmsg+0x1d1/0x350 [ 509.543573][T13409] __x64_sys_recvmmsg+0x62/0x80 [ 509.548426][T13409] do_syscall_64+0xb0/0x150 [ 509.552934][T13409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 509.558815][T13409] [ 509.561132][T13409] Uninit was stored to memory at: [ 509.566155][T13409] kmsan_internal_chain_origin+0xad/0x130 [ 509.571863][T13409] __msan_chain_origin+0x50/0x90 [ 509.576801][T13409] do_recvmmsg+0x105a/0x1ee0 [ 509.581376][T13409] __se_sys_recvmmsg+0x1d1/0x350 [ 509.586299][T13409] __x64_sys_recvmmsg+0x62/0x80 [ 509.591137][T13409] do_syscall_64+0xb0/0x150 [ 509.595627][T13409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 509.601497][T13409] [ 509.603806][T13409] Uninit was stored to memory at: [ 509.608843][T13409] kmsan_internal_chain_origin+0xad/0x130 [ 509.614604][T13409] __msan_chain_origin+0x50/0x90 [ 509.619623][T13409] do_recvmmsg+0x105a/0x1ee0 [ 509.624208][T13409] __se_sys_recvmmsg+0x1d1/0x350 [ 509.629131][T13409] __x64_sys_recvmmsg+0x62/0x80 [ 509.633980][T13409] do_syscall_64+0xb0/0x150 [ 509.638567][T13409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 509.644784][T13409] [ 509.647096][T13409] Uninit was stored to memory at: [ 509.652108][T13409] kmsan_internal_chain_origin+0xad/0x130 [ 509.657821][T13409] __msan_chain_origin+0x50/0x90 [ 509.662742][T13409] do_recvmmsg+0x105a/0x1ee0 [ 509.667321][T13409] __se_sys_recvmmsg+0x1d1/0x350 [ 509.672247][T13409] __x64_sys_recvmmsg+0x62/0x80 [ 509.677094][T13409] do_syscall_64+0xb0/0x150 [ 509.681583][T13409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 509.687453][T13409] [ 509.689763][T13409] Uninit was stored to memory at: [ 509.694774][T13409] kmsan_internal_chain_origin+0xad/0x130 [ 509.700479][T13409] __msan_chain_origin+0x50/0x90 [ 509.705402][T13409] do_recvmmsg+0x105a/0x1ee0 [ 509.709978][T13409] __se_sys_recvmmsg+0x1d1/0x350 [ 509.714900][T13409] __x64_sys_recvmmsg+0x62/0x80 [ 509.719755][T13409] do_syscall_64+0xb0/0x150 [ 509.724245][T13409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 509.730113][T13409] [ 509.732427][T13409] Local variable ----msg_sys@do_recvmmsg created at: [ 509.739088][T13409] do_recvmmsg+0xc5/0x1ee0 [ 509.743489][T13409] do_recvmmsg+0xc5/0x1ee0 [ 511.229959][T13409] not chained 420000 origins [ 511.234590][T13409] CPU: 0 PID: 13409 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 511.243259][T13409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 511.253321][T13409] Call Trace: [ 511.256628][T13409] dump_stack+0x1df/0x240 [ 511.260982][T13409] kmsan_internal_chain_origin+0x6f/0x130 [ 511.266727][T13409] ? __msan_get_context_state+0x9/0x20 [ 511.272200][T13409] ? idtentry_exit_cond_rcu+0x12/0x50 [ 511.277579][T13409] ? __exc_page_fault+0xf6/0x390 [ 511.282524][T13409] ? exc_page_fault+0x45/0x50 [ 511.287216][T13409] ? kmsan_get_metadata+0x4f/0x180 [ 511.292340][T13409] ? kmsan_set_origin_checked+0x95/0xf0 [ 511.297898][T13409] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 511.303977][T13409] ? _copy_from_user+0x15b/0x260 [ 511.308932][T13409] ? kmsan_get_metadata+0x4f/0x180 [ 511.314061][T13409] __msan_chain_origin+0x50/0x90 [ 511.319014][T13409] do_recvmmsg+0x105a/0x1ee0 [ 511.323651][T13409] ? __msan_poison_alloca+0xf0/0x120 [ 511.329915][T13409] ? __se_sys_recvmmsg+0xac/0x350 [ 511.334950][T13409] ? __se_sys_recvmmsg+0xac/0x350 [ 511.340073][T13409] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 511.346009][T13409] __se_sys_recvmmsg+0x1d1/0x350 [ 511.350990][T13409] __x64_sys_recvmmsg+0x62/0x80 [ 511.355859][T13409] do_syscall_64+0xb0/0x150 [ 511.360735][T13409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 511.366639][T13409] RIP: 0033:0x45c1d9 [ 511.370531][T13409] Code: Bad RIP value. [ 511.374600][T13409] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 511.383194][T13409] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 511.391305][T13409] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 511.399337][T13409] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 511.407317][T13409] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 511.415314][T13409] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 511.423308][T13409] Uninit was stored to memory at: [ 511.428349][T13409] kmsan_internal_chain_origin+0xad/0x130 [ 511.434079][T13409] __msan_chain_origin+0x50/0x90 [ 511.439030][T13409] do_recvmmsg+0x105a/0x1ee0 [ 511.443632][T13409] __se_sys_recvmmsg+0x1d1/0x350 [ 511.448589][T13409] __x64_sys_recvmmsg+0x62/0x80 [ 511.453452][T13409] do_syscall_64+0xb0/0x150 [ 511.458065][T13409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 511.463955][T13409] [ 511.466893][T13409] Uninit was stored to memory at: [ 511.471934][T13409] kmsan_internal_chain_origin+0xad/0x130 [ 511.477669][T13409] __msan_chain_origin+0x50/0x90 [ 511.482616][T13409] do_recvmmsg+0x105a/0x1ee0 [ 511.487220][T13409] __se_sys_recvmmsg+0x1d1/0x350 [ 511.492170][T13409] __x64_sys_recvmmsg+0x62/0x80 [ 511.497037][T13409] do_syscall_64+0xb0/0x150 [ 511.502072][T13409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 511.507963][T13409] [ 511.510294][T13409] Uninit was stored to memory at: [ 511.516023][T13409] kmsan_internal_chain_origin+0xad/0x130 [ 511.521765][T13409] __msan_chain_origin+0x50/0x90 [ 511.526706][T13409] do_recvmmsg+0x105a/0x1ee0 [ 511.531306][T13409] __se_sys_recvmmsg+0x1d1/0x350 [ 511.536250][T13409] __x64_sys_recvmmsg+0x62/0x80 [ 511.541115][T13409] do_syscall_64+0xb0/0x150 [ 511.545629][T13409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 511.551603][T13409] [ 511.554025][T13409] Uninit was stored to memory at: [ 511.559068][T13409] kmsan_internal_chain_origin+0xad/0x130 [ 511.564793][T13409] __msan_chain_origin+0x50/0x90 [ 511.569757][T13409] do_recvmmsg+0x105a/0x1ee0 [ 511.574443][T13409] __se_sys_recvmmsg+0x1d1/0x350 [ 511.579392][T13409] __x64_sys_recvmmsg+0x62/0x80 [ 511.584252][T13409] do_syscall_64+0xb0/0x150 [ 511.588763][T13409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 511.594651][T13409] [ 511.596984][T13409] Uninit was stored to memory at: [ 511.602105][T13409] kmsan_internal_chain_origin+0xad/0x130 [ 511.607922][T13409] __msan_chain_origin+0x50/0x90 [ 511.612878][T13409] do_recvmmsg+0x105a/0x1ee0 [ 511.617483][T13409] __se_sys_recvmmsg+0x1d1/0x350 [ 511.622430][T13409] __x64_sys_recvmmsg+0x62/0x80 [ 511.627285][T13409] do_syscall_64+0xb0/0x150 [ 511.631798][T13409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 511.637685][T13409] [ 511.640008][T13409] Uninit was stored to memory at: [ 511.645044][T13409] kmsan_internal_chain_origin+0xad/0x130 [ 511.650766][T13409] __msan_chain_origin+0x50/0x90 [ 511.655811][T13409] do_recvmmsg+0x105a/0x1ee0 [ 511.660405][T13409] __se_sys_recvmmsg+0x1d1/0x350 [ 511.665352][T13409] __x64_sys_recvmmsg+0x62/0x80 [ 511.670216][T13409] do_syscall_64+0xb0/0x150 [ 511.674734][T13409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 511.680614][T13409] [ 511.684155][T13409] Uninit was stored to memory at: [ 511.689191][T13409] kmsan_internal_chain_origin+0xad/0x130 [ 511.694921][T13409] __msan_chain_origin+0x50/0x90 [ 511.699871][T13409] do_recvmmsg+0x105a/0x1ee0 [ 511.704471][T13409] __se_sys_recvmmsg+0x1d1/0x350 [ 511.709507][T13409] __x64_sys_recvmmsg+0x62/0x80 [ 511.714363][T13409] do_syscall_64+0xb0/0x150 [ 511.718882][T13409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 511.724860][T13409] [ 511.727185][T13409] Local variable ----msg_sys@do_recvmmsg created at: [ 511.733962][T13409] do_recvmmsg+0xc5/0x1ee0 [ 511.738377][T13409] do_recvmmsg+0xc5/0x1ee0 [ 512.350637][T13409] not chained 430000 origins [ 512.355354][T13409] CPU: 0 PID: 13409 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 512.364077][T13409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 512.374252][T13409] Call Trace: [ 512.377550][T13409] dump_stack+0x1df/0x240 [ 512.382420][T13409] kmsan_internal_chain_origin+0x6f/0x130 [ 512.388157][T13409] ? kmsan_get_metadata+0x4f/0x180 [ 512.393303][T13409] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 512.399207][T13409] ? __msan_poison_alloca+0xf0/0x120 [ 512.404505][T13409] ? kmsan_get_metadata+0x11d/0x180 [ 512.409707][T13409] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 512.415535][T13409] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 512.421604][T13409] ? kfree+0x61/0x30f0 [ 512.425681][T13409] ? kmsan_get_metadata+0x4f/0x180 [ 512.430798][T13409] ? kmsan_set_origin_checked+0x95/0xf0 [ 512.436348][T13409] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 512.442423][T13409] ? _copy_from_user+0x15b/0x260 [ 512.447460][T13409] ? kmsan_get_metadata+0x4f/0x180 [ 512.453528][T13409] __msan_chain_origin+0x50/0x90 [ 512.458477][T13409] do_recvmmsg+0x105a/0x1ee0 [ 512.463103][T13409] ? __msan_poison_alloca+0xf0/0x120 [ 512.468395][T13409] ? __se_sys_recvmmsg+0xac/0x350 [ 512.473422][T13409] ? __se_sys_recvmmsg+0xac/0x350 [ 512.478450][T13409] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 512.484354][T13409] __se_sys_recvmmsg+0x1d1/0x350 [ 512.489306][T13409] __x64_sys_recvmmsg+0x62/0x80 [ 512.494161][T13409] do_syscall_64+0xb0/0x150 [ 512.498673][T13409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 512.504651][T13409] RIP: 0033:0x45c1d9 [ 512.508534][T13409] Code: Bad RIP value. [ 512.512598][T13409] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 512.521025][T13409] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 512.528996][T13409] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 512.536966][T13409] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 512.544936][T13409] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 512.552907][T13409] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 512.560885][T13409] Uninit was stored to memory at: [ 512.565922][T13409] kmsan_internal_chain_origin+0xad/0x130 [ 512.571727][T13409] __msan_chain_origin+0x50/0x90 [ 512.576757][T13409] do_recvmmsg+0x105a/0x1ee0 [ 512.581354][T13409] __se_sys_recvmmsg+0x1d1/0x350 [ 512.586386][T13409] __x64_sys_recvmmsg+0x62/0x80 [ 512.591244][T13409] do_syscall_64+0xb0/0x150 [ 512.596009][T13409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 512.601892][T13409] [ 512.604213][T13409] Uninit was stored to memory at: [ 512.609240][T13409] kmsan_internal_chain_origin+0xad/0x130 [ 512.614964][T13409] __msan_chain_origin+0x50/0x90 [ 512.619998][T13409] do_recvmmsg+0x105a/0x1ee0 [ 512.624598][T13409] __se_sys_recvmmsg+0x1d1/0x350 [ 512.629544][T13409] __x64_sys_recvmmsg+0x62/0x80 [ 512.634400][T13409] do_syscall_64+0xb0/0x150 [ 512.638906][T13409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 512.644787][T13409] [ 512.647117][T13409] Uninit was stored to memory at: [ 512.652152][T13409] kmsan_internal_chain_origin+0xad/0x130 [ 512.657875][T13409] __msan_chain_origin+0x50/0x90 [ 512.662822][T13409] do_recvmmsg+0x105a/0x1ee0 [ 512.667420][T13409] __se_sys_recvmmsg+0x1d1/0x350 [ 512.672555][T13409] __x64_sys_recvmmsg+0x62/0x80 [ 512.677413][T13409] do_syscall_64+0xb0/0x150 [ 512.682443][T13409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 512.688331][T13409] [ 512.690652][T13409] Uninit was stored to memory at: [ 512.695680][T13409] kmsan_internal_chain_origin+0xad/0x130 [ 512.701406][T13409] __msan_chain_origin+0x50/0x90 [ 512.706344][T13409] do_recvmmsg+0x105a/0x1ee0 [ 512.710939][T13409] __se_sys_recvmmsg+0x1d1/0x350 [ 512.715874][T13409] __x64_sys_recvmmsg+0x62/0x80 [ 512.720721][T13409] do_syscall_64+0xb0/0x150 [ 512.725226][T13409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 512.731105][T13409] [ 512.733454][T13409] Uninit was stored to memory at: [ 512.738498][T13409] kmsan_internal_chain_origin+0xad/0x130 [ 512.744217][T13409] __msan_chain_origin+0x50/0x90 [ 512.749155][T13409] do_recvmmsg+0x105a/0x1ee0 [ 512.753745][T13409] __se_sys_recvmmsg+0x1d1/0x350 [ 512.758681][T13409] __x64_sys_recvmmsg+0x62/0x80 [ 512.763542][T13409] do_syscall_64+0xb0/0x150 [ 512.768048][T13409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 512.773928][T13409] [ 512.776247][T13409] Uninit was stored to memory at: [ 512.781273][T13409] kmsan_internal_chain_origin+0xad/0x130 [ 512.786994][T13409] __msan_chain_origin+0x50/0x90 [ 512.791934][T13409] do_recvmmsg+0x105a/0x1ee0 [ 512.796528][T13409] __se_sys_recvmmsg+0x1d1/0x350 [ 512.801464][T13409] __x64_sys_recvmmsg+0x62/0x80 [ 512.806593][T13409] do_syscall_64+0xb0/0x150 [ 512.811185][T13409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 512.817061][T13409] [ 512.819396][T13409] Uninit was stored to memory at: [ 512.824427][T13409] kmsan_internal_chain_origin+0xad/0x130 [ 512.830144][T13409] __msan_chain_origin+0x50/0x90 [ 512.835085][T13409] do_recvmmsg+0x105a/0x1ee0 [ 512.839679][T13409] __se_sys_recvmmsg+0x1d1/0x350 [ 512.844704][T13409] __x64_sys_recvmmsg+0x62/0x80 [ 512.849556][T13409] do_syscall_64+0xb0/0x150 [ 512.854497][T13409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 512.860549][T13409] [ 512.862872][T13409] Local variable ----msg_sys@do_recvmmsg created at: [ 512.869549][T13409] do_recvmmsg+0xc5/0x1ee0 [ 512.873968][T13409] do_recvmmsg+0xc5/0x1ee0 05:27:35 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:27:35 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x10, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 05:27:35 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:27:35 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:35 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x14, r1, 0xab9535e9a6578fc1, 0x0, 0x0, {0x5}}, 0x14}}, 0x0) 05:27:35 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x80000, 0x0) r4 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) dup2(r4, r5) ftruncate(r4, 0x10004) sendfile(r4, r4, 0x0, 0x18000) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000080)={0x3, &(0x7f0000000040)=[{0x0}, {}, {}]}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r4, 0x4010641c, &(0x7f00000001c0)={r6, &(0x7f00000000c0)=""/232}) ioctl$DRM_IOCTL_LOCK(r3, 0x4008642a, &(0x7f0000000180)={r6, 0x4}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = dup(r7) modify_ldt$write(0x1, &(0x7f0000000040)={0x6b2, 0x8000000020001800, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1}, 0x10) getsockname$packet(r8, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="2c0000081500010000be8a81000000000000", @ANYRES32=r9, @ANYBLOB="14000100fc0200"/20], 0x2c}}, 0x0) [ 513.104529][T13448] QAT: Invalid ioctl [ 513.127333][T13452] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 513.168484][T13455] QAT: Invalid ioctl 05:27:35 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r3}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:35 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x10, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 05:27:35 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:27:35 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socket$isdn(0x22, 0x3, 0x25) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) r8 = creat(&(0x7f00000000c0)='./file0\x00', 0x51f) write$binfmt_script(r8, &(0x7f0000002300)={'#! ', './file0'}, 0xb) close(r8) ioctl$TIOCGPGRP(r8, 0x540f, &(0x7f0000000040)=0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r7, 0xc1105517, &(0x7f00000002c0)={{0x0, 0x3, 0x7, 0x200, 'syz1\x00', 0x66}, 0x3, 0x1, 0x68, r9, 0x3, 0x400, 'syz0\x00', &(0x7f0000000080)=['!\x00', '.$[#@\x00', '[(^^!\x00'], 0xe, [], [0xc000, 0x2, 0x3, 0x80]}) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r5}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8020}, 0x20004004) 05:27:35 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffff7, 0x11, r2, 0x0) ioctl$KVM_GET_XSAVE(r2, 0x9000aea4, &(0x7f0000001680)) [ 513.677449][T13466] debugfs: Directory '13466-4' with parent 'kvm' already present! [ 513.708535][T13467] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:35 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r3}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) [ 513.874821][T13456] not chained 440000 origins [ 513.879463][T13456] CPU: 0 PID: 13456 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 513.888776][T13456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 513.898842][T13456] Call Trace: [ 513.902152][T13456] dump_stack+0x1df/0x240 [ 513.906529][T13456] kmsan_internal_chain_origin+0x6f/0x130 [ 513.912262][T13456] ? kmsan_get_metadata+0x4f/0x180 [ 513.917395][T13456] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 513.923306][T13456] ? __msan_poison_alloca+0xf0/0x120 [ 513.928610][T13456] ? kmsan_get_metadata+0x11d/0x180 [ 513.933825][T13456] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 513.939760][T13456] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 513.946053][T13456] ? kfree+0x61/0x30f0 [ 513.950142][T13456] ? kmsan_get_metadata+0x4f/0x180 [ 513.955286][T13456] ? kmsan_set_origin_checked+0x95/0xf0 [ 513.961086][T13456] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 513.967178][T13456] ? _copy_from_user+0x15b/0x260 [ 513.972220][T13456] ? kmsan_get_metadata+0x4f/0x180 [ 513.977349][T13456] __msan_chain_origin+0x50/0x90 [ 513.982307][T13456] do_recvmmsg+0x105a/0x1ee0 [ 513.986946][T13456] ? __msan_poison_alloca+0xf0/0x120 [ 513.992254][T13456] ? __se_sys_recvmmsg+0xac/0x350 [ 513.997296][T13456] ? __se_sys_recvmmsg+0xac/0x350 [ 514.002364][T13456] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 514.008284][T13456] __se_sys_recvmmsg+0x1d1/0x350 [ 514.013256][T13456] __x64_sys_recvmmsg+0x62/0x80 [ 514.018225][T13456] do_syscall_64+0xb0/0x150 [ 514.022854][T13456] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 514.028756][T13456] RIP: 0033:0x45c1d9 [ 514.032647][T13456] Code: Bad RIP value. [ 514.036714][T13456] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 514.045135][T13456] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 514.053115][T13456] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 514.061096][T13456] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 514.069079][T13456] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 514.077048][T13456] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 514.085032][T13456] Uninit was stored to memory at: [ 514.090065][T13456] kmsan_internal_chain_origin+0xad/0x130 [ 514.095805][T13456] __msan_chain_origin+0x50/0x90 [ 514.100887][T13456] do_recvmmsg+0x105a/0x1ee0 [ 514.105483][T13456] __se_sys_recvmmsg+0x1d1/0x350 [ 514.110417][T13456] __x64_sys_recvmmsg+0x62/0x80 [ 514.115270][T13456] do_syscall_64+0xb0/0x150 [ 514.119773][T13456] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 514.125649][T13456] [ 514.127960][T13456] Uninit was stored to memory at: [ 514.132974][T13456] kmsan_internal_chain_origin+0xad/0x130 [ 514.138687][T13456] __msan_chain_origin+0x50/0x90 [ 514.143612][T13456] do_recvmmsg+0x105a/0x1ee0 [ 514.148276][T13456] __se_sys_recvmmsg+0x1d1/0x350 [ 514.153225][T13456] __x64_sys_recvmmsg+0x62/0x80 [ 514.158065][T13456] do_syscall_64+0xb0/0x150 [ 514.162556][T13456] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 514.168427][T13456] [ 514.170761][T13456] Uninit was stored to memory at: [ 514.175777][T13456] kmsan_internal_chain_origin+0xad/0x130 [ 514.181489][T13456] __msan_chain_origin+0x50/0x90 [ 514.186414][T13456] do_recvmmsg+0x105a/0x1ee0 [ 514.190999][T13456] __se_sys_recvmmsg+0x1d1/0x350 [ 514.195924][T13456] __x64_sys_recvmmsg+0x62/0x80 [ 514.200832][T13456] do_syscall_64+0xb0/0x150 [ 514.205321][T13456] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 514.211195][T13456] [ 514.213515][T13456] Uninit was stored to memory at: [ 514.218527][T13456] kmsan_internal_chain_origin+0xad/0x130 [ 514.224230][T13456] __msan_chain_origin+0x50/0x90 [ 514.229273][T13456] do_recvmmsg+0x105a/0x1ee0 [ 514.233852][T13456] __se_sys_recvmmsg+0x1d1/0x350 [ 514.238778][T13456] __x64_sys_recvmmsg+0x62/0x80 [ 514.243618][T13456] do_syscall_64+0xb0/0x150 [ 514.248148][T13456] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 514.254021][T13456] [ 514.256337][T13456] Uninit was stored to memory at: [ 514.261398][T13456] kmsan_internal_chain_origin+0xad/0x130 [ 514.267276][T13456] __msan_chain_origin+0x50/0x90 [ 514.272202][T13456] do_recvmmsg+0x105a/0x1ee0 [ 514.276789][T13456] __se_sys_recvmmsg+0x1d1/0x350 [ 514.281712][T13456] __x64_sys_recvmmsg+0x62/0x80 [ 514.286573][T13456] do_syscall_64+0xb0/0x150 [ 514.291181][T13456] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 514.297073][T13456] [ 514.299384][T13456] Uninit was stored to memory at: [ 514.304411][T13456] kmsan_internal_chain_origin+0xad/0x130 [ 514.310129][T13456] __msan_chain_origin+0x50/0x90 [ 514.315062][T13456] do_recvmmsg+0x105a/0x1ee0 [ 514.319826][T13456] __se_sys_recvmmsg+0x1d1/0x350 [ 514.324755][T13456] __x64_sys_recvmmsg+0x62/0x80 [ 514.329595][T13456] do_syscall_64+0xb0/0x150 [ 514.334092][T13456] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 514.339959][T13456] [ 514.342267][T13456] Uninit was stored to memory at: [ 514.347300][T13456] kmsan_internal_chain_origin+0xad/0x130 [ 514.353004][T13456] __msan_chain_origin+0x50/0x90 [ 514.357927][T13456] do_recvmmsg+0x105a/0x1ee0 [ 514.362504][T13456] __se_sys_recvmmsg+0x1d1/0x350 [ 514.367443][T13456] __x64_sys_recvmmsg+0x62/0x80 [ 514.372285][T13456] do_syscall_64+0xb0/0x150 [ 514.376778][T13456] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 514.382654][T13456] [ 514.384990][T13456] Local variable ----msg_sys@do_recvmmsg created at: [ 514.391650][T13456] do_recvmmsg+0xc5/0x1ee0 [ 514.396051][T13456] do_recvmmsg+0xc5/0x1ee0 [ 514.878255][T13456] not chained 450000 origins [ 514.882889][T13456] CPU: 1 PID: 13456 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 514.891588][T13456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 514.901997][T13456] Call Trace: [ 514.905305][T13456] dump_stack+0x1df/0x240 [ 514.909652][T13456] kmsan_internal_chain_origin+0x6f/0x130 [ 514.915383][T13456] ? kmsan_get_metadata+0x4f/0x180 [ 514.920504][T13456] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 514.926405][T13456] ? __msan_poison_alloca+0xf0/0x120 [ 514.931702][T13456] ? kmsan_get_metadata+0x11d/0x180 [ 514.936909][T13456] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 514.942726][T13456] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 514.948799][T13456] ? kfree+0x61/0x30f0 [ 514.952879][T13456] ? kmsan_get_metadata+0x4f/0x180 [ 514.958002][T13456] ? kmsan_set_origin_checked+0x95/0xf0 [ 514.963743][T13456] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 514.970101][T13456] ? _copy_from_user+0x15b/0x260 [ 514.975070][T13456] ? kmsan_get_metadata+0x4f/0x180 [ 514.980189][T13456] __msan_chain_origin+0x50/0x90 [ 514.985160][T13456] do_recvmmsg+0x105a/0x1ee0 [ 514.989803][T13456] ? __msan_poison_alloca+0xf0/0x120 [ 514.995102][T13456] ? __se_sys_recvmmsg+0xac/0x350 [ 515.000235][T13456] ? __se_sys_recvmmsg+0xac/0x350 [ 515.005268][T13456] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 515.011167][T13456] __se_sys_recvmmsg+0x1d1/0x350 [ 515.016117][T13456] __x64_sys_recvmmsg+0x62/0x80 [ 515.020971][T13456] do_syscall_64+0xb0/0x150 [ 515.025481][T13456] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 515.031371][T13456] RIP: 0033:0x45c1d9 [ 515.035257][T13456] Code: Bad RIP value. [ 515.039316][T13456] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 515.047729][T13456] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 515.055704][T13456] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 515.063683][T13456] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 515.071833][T13456] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 515.079815][T13456] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 515.087810][T13456] Uninit was stored to memory at: [ 515.092950][T13456] kmsan_internal_chain_origin+0xad/0x130 [ 515.098685][T13456] __msan_chain_origin+0x50/0x90 [ 515.103628][T13456] do_recvmmsg+0x105a/0x1ee0 [ 515.108223][T13456] __se_sys_recvmmsg+0x1d1/0x350 [ 515.113161][T13456] __x64_sys_recvmmsg+0x62/0x80 [ 515.118018][T13456] do_syscall_64+0xb0/0x150 [ 515.122531][T13456] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 515.128420][T13456] [ 515.130742][T13456] Uninit was stored to memory at: [ 515.135772][T13456] kmsan_internal_chain_origin+0xad/0x130 [ 515.141494][T13456] __msan_chain_origin+0x50/0x90 [ 515.146436][T13456] do_recvmmsg+0x105a/0x1ee0 [ 515.151030][T13456] __se_sys_recvmmsg+0x1d1/0x350 [ 515.155967][T13456] __x64_sys_recvmmsg+0x62/0x80 [ 515.160941][T13456] do_syscall_64+0xb0/0x150 [ 515.165450][T13456] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 515.171332][T13456] [ 515.173655][T13456] Uninit was stored to memory at: [ 515.178690][T13456] kmsan_internal_chain_origin+0xad/0x130 [ 515.185019][T13456] __msan_chain_origin+0x50/0x90 [ 515.189958][T13456] do_recvmmsg+0x105a/0x1ee0 [ 515.194550][T13456] __se_sys_recvmmsg+0x1d1/0x350 [ 515.199488][T13456] __x64_sys_recvmmsg+0x62/0x80 [ 515.204347][T13456] do_syscall_64+0xb0/0x150 [ 515.208854][T13456] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 515.214738][T13456] [ 515.217066][T13456] Uninit was stored to memory at: [ 515.222093][T13456] kmsan_internal_chain_origin+0xad/0x130 [ 515.227856][T13456] __msan_chain_origin+0x50/0x90 [ 515.232916][T13456] do_recvmmsg+0x105a/0x1ee0 [ 515.237507][T13456] __se_sys_recvmmsg+0x1d1/0x350 [ 515.242444][T13456] __x64_sys_recvmmsg+0x62/0x80 [ 515.247292][T13456] do_syscall_64+0xb0/0x150 [ 515.251803][T13456] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 515.257681][T13456] [ 515.259998][T13456] Uninit was stored to memory at: [ 515.265155][T13456] kmsan_internal_chain_origin+0xad/0x130 [ 515.270882][T13456] __msan_chain_origin+0x50/0x90 [ 515.275830][T13456] do_recvmmsg+0x105a/0x1ee0 [ 515.280407][T13456] __se_sys_recvmmsg+0x1d1/0x350 [ 515.285330][T13456] __x64_sys_recvmmsg+0x62/0x80 [ 515.290166][T13456] do_syscall_64+0xb0/0x150 [ 515.294655][T13456] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 515.300524][T13456] [ 515.302842][T13456] Uninit was stored to memory at: [ 515.307869][T13456] kmsan_internal_chain_origin+0xad/0x130 [ 515.313592][T13456] __msan_chain_origin+0x50/0x90 [ 515.318527][T13456] do_recvmmsg+0x105a/0x1ee0 [ 515.323472][T13456] __se_sys_recvmmsg+0x1d1/0x350 [ 515.329278][T13456] __x64_sys_recvmmsg+0x62/0x80 [ 515.334144][T13456] do_syscall_64+0xb0/0x150 [ 515.338643][T13456] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 515.344521][T13456] [ 515.346848][T13456] Uninit was stored to memory at: [ 515.351933][T13456] kmsan_internal_chain_origin+0xad/0x130 [ 515.357646][T13456] __msan_chain_origin+0x50/0x90 [ 515.362577][T13456] do_recvmmsg+0x105a/0x1ee0 [ 515.367320][T13456] __se_sys_recvmmsg+0x1d1/0x350 [ 515.372283][T13456] __x64_sys_recvmmsg+0x62/0x80 [ 515.377474][T13456] do_syscall_64+0xb0/0x150 [ 515.381969][T13456] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 515.387852][T13456] [ 515.390171][T13456] Local variable ----msg_sys@do_recvmmsg created at: [ 515.396940][T13456] do_recvmmsg+0xc5/0x1ee0 [ 515.401377][T13456] do_recvmmsg+0xc5/0x1ee0 [ 516.365776][T13456] not chained 460000 origins [ 516.370773][T13456] CPU: 0 PID: 13456 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 516.379445][T13456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 516.389502][T13456] Call Trace: [ 516.392805][T13456] dump_stack+0x1df/0x240 [ 516.398278][T13456] kmsan_internal_chain_origin+0x6f/0x130 [ 516.404004][T13456] ? kmsan_get_metadata+0x4f/0x180 [ 516.409116][T13456] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 516.415022][T13456] ? __msan_poison_alloca+0xf0/0x120 [ 516.420321][T13456] ? kmsan_get_metadata+0x11d/0x180 [ 516.425532][T13456] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 516.431352][T13456] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 516.437605][T13456] ? kfree+0x61/0x30f0 [ 516.441684][T13456] ? kmsan_get_metadata+0x4f/0x180 [ 516.446809][T13456] ? kmsan_set_origin_checked+0x95/0xf0 [ 516.452370][T13456] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 516.458582][T13456] ? _copy_from_user+0x15b/0x260 [ 516.463536][T13456] ? kmsan_get_metadata+0x4f/0x180 [ 516.468637][T13456] __msan_chain_origin+0x50/0x90 [ 516.473573][T13456] do_recvmmsg+0x105a/0x1ee0 [ 516.478188][T13456] ? __msan_poison_alloca+0xf0/0x120 [ 516.483593][T13456] ? __se_sys_recvmmsg+0xac/0x350 [ 516.488613][T13456] ? __se_sys_recvmmsg+0xac/0x350 [ 516.493635][T13456] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 516.499521][T13456] __se_sys_recvmmsg+0x1d1/0x350 [ 516.504463][T13456] __x64_sys_recvmmsg+0x62/0x80 [ 516.509307][T13456] do_syscall_64+0xb0/0x150 [ 516.513803][T13456] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 516.519679][T13456] RIP: 0033:0x45c1d9 [ 516.523553][T13456] Code: Bad RIP value. [ 516.527689][T13456] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 516.536200][T13456] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 516.544166][T13456] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 516.552278][T13456] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 516.560414][T13456] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 516.568915][T13456] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 516.576884][T13456] Uninit was stored to memory at: [ 516.582336][T13456] kmsan_internal_chain_origin+0xad/0x130 [ 516.588040][T13456] __msan_chain_origin+0x50/0x90 [ 516.592965][T13456] do_recvmmsg+0x105a/0x1ee0 [ 516.597548][T13456] __se_sys_recvmmsg+0x1d1/0x350 [ 516.602568][T13456] __x64_sys_recvmmsg+0x62/0x80 [ 516.607406][T13456] do_syscall_64+0xb0/0x150 [ 516.611897][T13456] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 516.617766][T13456] [ 516.620074][T13456] Uninit was stored to memory at: [ 516.625086][T13456] kmsan_internal_chain_origin+0xad/0x130 [ 516.630905][T13456] __msan_chain_origin+0x50/0x90 [ 516.635829][T13456] do_recvmmsg+0x105a/0x1ee0 [ 516.640407][T13456] __se_sys_recvmmsg+0x1d1/0x350 [ 516.645332][T13456] __x64_sys_recvmmsg+0x62/0x80 [ 516.650293][T13456] do_syscall_64+0xb0/0x150 [ 516.654791][T13456] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 516.660749][T13456] [ 516.663077][T13456] Uninit was stored to memory at: [ 516.668106][T13456] kmsan_internal_chain_origin+0xad/0x130 [ 516.673822][T13456] __msan_chain_origin+0x50/0x90 [ 516.678785][T13456] do_recvmmsg+0x105a/0x1ee0 [ 516.683424][T13456] __se_sys_recvmmsg+0x1d1/0x350 [ 516.688371][T13456] __x64_sys_recvmmsg+0x62/0x80 [ 516.693220][T13456] do_syscall_64+0xb0/0x150 [ 516.697712][T13456] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 516.703582][T13456] [ 516.705894][T13456] Uninit was stored to memory at: [ 516.710909][T13456] kmsan_internal_chain_origin+0xad/0x130 [ 516.716616][T13456] __msan_chain_origin+0x50/0x90 [ 516.721557][T13456] do_recvmmsg+0x105a/0x1ee0 [ 516.726140][T13456] __se_sys_recvmmsg+0x1d1/0x350 [ 516.731081][T13456] __x64_sys_recvmmsg+0x62/0x80 [ 516.735938][T13456] do_syscall_64+0xb0/0x150 [ 516.740436][T13456] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 516.746315][T13456] [ 516.748633][T13456] Uninit was stored to memory at: [ 516.753787][T13456] kmsan_internal_chain_origin+0xad/0x130 [ 516.759503][T13456] __msan_chain_origin+0x50/0x90 [ 516.764449][T13456] do_recvmmsg+0x105a/0x1ee0 [ 516.769181][T13456] __se_sys_recvmmsg+0x1d1/0x350 [ 516.774223][T13456] __x64_sys_recvmmsg+0x62/0x80 [ 516.779066][T13456] do_syscall_64+0xb0/0x150 [ 516.783619][T13456] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 516.789497][T13456] [ 516.791816][T13456] Uninit was stored to memory at: [ 516.796843][T13456] kmsan_internal_chain_origin+0xad/0x130 [ 516.802661][T13456] __msan_chain_origin+0x50/0x90 [ 516.807588][T13456] do_recvmmsg+0x105a/0x1ee0 [ 516.812168][T13456] __se_sys_recvmmsg+0x1d1/0x350 [ 516.817091][T13456] __x64_sys_recvmmsg+0x62/0x80 [ 516.821964][T13456] do_syscall_64+0xb0/0x150 [ 516.826470][T13456] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 516.832428][T13456] [ 516.834738][T13456] Uninit was stored to memory at: [ 516.839749][T13456] kmsan_internal_chain_origin+0xad/0x130 [ 516.845455][T13456] __msan_chain_origin+0x50/0x90 [ 516.850574][T13456] do_recvmmsg+0x105a/0x1ee0 [ 516.855159][T13456] __se_sys_recvmmsg+0x1d1/0x350 [ 516.860118][T13456] __x64_sys_recvmmsg+0x62/0x80 [ 516.864984][T13456] do_syscall_64+0xb0/0x150 [ 516.869481][T13456] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 516.875364][T13456] [ 516.877687][T13456] Local variable ----msg_sys@do_recvmmsg created at: [ 516.884479][T13456] do_recvmmsg+0xc5/0x1ee0 [ 516.888887][T13456] do_recvmmsg+0xc5/0x1ee0 05:27:39 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:27:39 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7}, 0x20) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000040)={r7, 0x270c}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r6, 0x84, 0x73, &(0x7f0000000040)={r7, 0x401, 0x10, 0xfffffffffffffff9}, &(0x7f0000000080)=0x18) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2c00000015000a6d0000", @ANYRES32=r8, @ANYBLOB="14000100fc0200000000000000000000000a000032b78a8455d5678283e7f91ecd404ecb8858e229868fbddb869a4f73878fcd52b461d207de7d02170dfe4c6071f557267614e0b8b2fc5b87e1063e6a84e037cb126f510dd01c1d40a0fe5cd9a0dc798773139a0c47ed8df24d35b97e1894b9989f80644ff65da9ce3e00f22feb1a8bfcbdf2fe5340102004d8f4c4bf13eed460aab35c998ee43b0b0d50f3bd719c1ee40f590dcce8fa4eb511a464554976227685394bf21311b6b6a5dd4835f80fc8e5656ff801f05e8865c6e59c25720a0a4be460c78a4f81a5e5d975343560255efba6832108"], 0x2c}}, 0x0) 05:27:39 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:27:39 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x10, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 05:27:39 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r3}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:39 executing program 1: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="9feb010018000000bcbf3b08610803cc6b"], &(0x7f0000000340)=""/128, 0x2e, 0x80, 0x8}, 0x20) 05:27:39 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x0, 0x0) [ 517.205748][T13509] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'. [ 517.293650][T13509] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:39 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname$packet(r6, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r7}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) 05:27:39 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) [ 517.646444][T13513] not chained 470000 origins [ 517.651092][T13513] CPU: 1 PID: 13513 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 517.659768][T13513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 517.669838][T13513] Call Trace: [ 517.673160][T13513] dump_stack+0x1df/0x240 [ 517.677513][T13513] kmsan_internal_chain_origin+0x6f/0x130 [ 517.683254][T13513] ? kmsan_get_metadata+0x4f/0x180 [ 517.688388][T13513] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 517.694321][T13513] ? __msan_poison_alloca+0xf0/0x120 [ 517.699631][T13513] ? kmsan_get_metadata+0x11d/0x180 [ 517.704853][T13513] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 517.710687][T13513] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 517.716769][T13513] ? kfree+0x61/0x30f0 [ 517.720850][T13513] ? kmsan_get_metadata+0x4f/0x180 [ 517.725987][T13513] ? kmsan_set_origin_checked+0x95/0xf0 [ 517.732940][T13513] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 517.739028][T13513] ? _copy_from_user+0x15b/0x260 [ 517.743982][T13513] ? kmsan_get_metadata+0x4f/0x180 [ 517.749110][T13513] __msan_chain_origin+0x50/0x90 [ 517.754054][T13513] do_recvmmsg+0x105a/0x1ee0 [ 517.758662][T13513] ? __msan_poison_alloca+0xf0/0x120 [ 517.763942][T13513] ? __se_sys_recvmmsg+0xac/0x350 [ 517.768957][T13513] ? __se_sys_recvmmsg+0xac/0x350 [ 517.773972][T13513] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 517.779874][T13513] __se_sys_recvmmsg+0x1d1/0x350 [ 517.784828][T13513] __x64_sys_recvmmsg+0x62/0x80 [ 517.789676][T13513] do_syscall_64+0xb0/0x150 [ 517.794176][T13513] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 517.800051][T13513] RIP: 0033:0x45c1d9 [ 517.803933][T13513] Code: Bad RIP value. [ 517.807982][T13513] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 517.816610][T13513] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 517.824576][T13513] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 517.832537][T13513] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 517.840617][T13513] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 517.848581][T13513] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 517.856560][T13513] Uninit was stored to memory at: [ 517.861592][T13513] kmsan_internal_chain_origin+0xad/0x130 [ 517.867316][T13513] __msan_chain_origin+0x50/0x90 [ 517.872286][T13513] do_recvmmsg+0x105a/0x1ee0 [ 517.876867][T13513] __se_sys_recvmmsg+0x1d1/0x350 [ 517.881794][T13513] __x64_sys_recvmmsg+0x62/0x80 [ 517.886642][T13513] do_syscall_64+0xb0/0x150 [ 517.891340][T13513] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 517.897296][T13513] [ 517.899632][T13513] Uninit was stored to memory at: [ 517.904646][T13513] kmsan_internal_chain_origin+0xad/0x130 [ 517.910352][T13513] __msan_chain_origin+0x50/0x90 [ 517.915275][T13513] do_recvmmsg+0x105a/0x1ee0 [ 517.919850][T13513] __se_sys_recvmmsg+0x1d1/0x350 [ 517.924774][T13513] __x64_sys_recvmmsg+0x62/0x80 [ 517.929614][T13513] do_syscall_64+0xb0/0x150 [ 517.934106][T13513] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 517.939985][T13513] [ 517.942318][T13513] Uninit was stored to memory at: [ 517.947338][T13513] kmsan_internal_chain_origin+0xad/0x130 [ 517.953064][T13513] __msan_chain_origin+0x50/0x90 [ 517.958014][T13513] do_recvmmsg+0x105a/0x1ee0 [ 517.962599][T13513] __se_sys_recvmmsg+0x1d1/0x350 [ 517.967550][T13513] __x64_sys_recvmmsg+0x62/0x80 [ 517.972395][T13513] do_syscall_64+0xb0/0x150 [ 517.976889][T13513] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 517.982760][T13513] [ 517.985071][T13513] Uninit was stored to memory at: [ 517.990082][T13513] kmsan_internal_chain_origin+0xad/0x130 [ 517.995899][T13513] __msan_chain_origin+0x50/0x90 [ 518.000827][T13513] do_recvmmsg+0x105a/0x1ee0 [ 518.005406][T13513] __se_sys_recvmmsg+0x1d1/0x350 [ 518.010328][T13513] __x64_sys_recvmmsg+0x62/0x80 [ 518.015263][T13513] do_syscall_64+0xb0/0x150 [ 518.019846][T13513] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 518.025715][T13513] [ 518.028026][T13513] Uninit was stored to memory at: [ 518.033038][T13513] kmsan_internal_chain_origin+0xad/0x130 [ 518.038742][T13513] __msan_chain_origin+0x50/0x90 [ 518.043665][T13513] do_recvmmsg+0x105a/0x1ee0 [ 518.048239][T13513] __se_sys_recvmmsg+0x1d1/0x350 [ 518.053161][T13513] __x64_sys_recvmmsg+0x62/0x80 [ 518.057999][T13513] do_syscall_64+0xb0/0x150 [ 518.062489][T13513] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 518.068621][T13513] [ 518.070952][T13513] Uninit was stored to memory at: [ 518.075964][T13513] kmsan_internal_chain_origin+0xad/0x130 [ 518.081674][T13513] __msan_chain_origin+0x50/0x90 [ 518.086596][T13513] do_recvmmsg+0x105a/0x1ee0 [ 518.091173][T13513] __se_sys_recvmmsg+0x1d1/0x350 [ 518.096270][T13513] __x64_sys_recvmmsg+0x62/0x80 [ 518.101117][T13513] do_syscall_64+0xb0/0x150 [ 518.105610][T13513] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 518.111476][T13513] [ 518.113802][T13513] Uninit was stored to memory at: [ 518.118940][T13513] kmsan_internal_chain_origin+0xad/0x130 [ 518.124657][T13513] __msan_chain_origin+0x50/0x90 [ 518.129589][T13513] do_recvmmsg+0x105a/0x1ee0 [ 518.134176][T13513] __se_sys_recvmmsg+0x1d1/0x350 [ 518.139243][T13513] __x64_sys_recvmmsg+0x62/0x80 [ 518.144089][T13513] do_syscall_64+0xb0/0x150 05:27:40 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 518.148599][T13513] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 518.154472][T13513] [ 518.156788][T13513] Local variable ----msg_sys@do_recvmmsg created at: [ 518.163451][T13513] do_recvmmsg+0xc5/0x1ee0 [ 518.167858][T13513] do_recvmmsg+0xc5/0x1ee0 05:27:40 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap$perf(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x8, 0x10, r1, 0x8) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r5}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) 05:27:40 executing program 1: r0 = socket$inet6(0xa, 0x80003, 0xf) connect$inet6(r0, &(0x7f0000000040), 0x1c) sendmmsg(r0, &(0x7f0000004500)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002580)=ANY=[@ANYBLOB="48000000000000000c010000ffff000067da00f551d8352ed6ad3db52c08ee7442f2236501b6bb2839353488583d0f7e116099fde48bc929d4b5b11588729bb4a47a9b4750870d00180000000000000019010000310000005e00000000000000500000000000000001"], 0x1a0}}], 0x1, 0x0) [ 518.400501][T13531] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'. [ 518.480276][T13531] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 518.978070][T13513] not chained 480000 origins [ 518.982734][T13513] CPU: 0 PID: 13513 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 518.991408][T13513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 519.001472][T13513] Call Trace: [ 519.004778][T13513] dump_stack+0x1df/0x240 [ 519.009120][T13513] kmsan_internal_chain_origin+0x6f/0x130 [ 519.014849][T13513] ? kmsan_get_metadata+0x4f/0x180 [ 519.019979][T13513] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 519.025897][T13513] ? __msan_poison_alloca+0xf0/0x120 [ 519.031201][T13513] ? kmsan_get_metadata+0x11d/0x180 [ 519.036428][T13513] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 519.042252][T13513] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 519.048343][T13513] ? kfree+0x61/0x30f0 [ 519.052454][T13513] ? kmsan_get_metadata+0x4f/0x180 [ 519.057597][T13513] ? kmsan_set_origin_checked+0x95/0xf0 [ 519.063515][T13513] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 519.069601][T13513] ? _copy_from_user+0x15b/0x260 [ 519.074673][T13513] ? kmsan_get_metadata+0x4f/0x180 [ 519.079800][T13513] __msan_chain_origin+0x50/0x90 [ 519.084756][T13513] do_recvmmsg+0x105a/0x1ee0 [ 519.089396][T13513] ? __msan_poison_alloca+0xf0/0x120 [ 519.094707][T13513] ? __se_sys_recvmmsg+0xac/0x350 [ 519.099742][T13513] ? __se_sys_recvmmsg+0xac/0x350 [ 519.104786][T13513] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 519.110696][T13513] __se_sys_recvmmsg+0x1d1/0x350 [ 519.115925][T13513] __x64_sys_recvmmsg+0x62/0x80 [ 519.120788][T13513] do_syscall_64+0xb0/0x150 [ 519.125479][T13513] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 519.131387][T13513] RIP: 0033:0x45c1d9 [ 519.135275][T13513] Code: Bad RIP value. [ 519.139337][T13513] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 519.147900][T13513] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 519.155881][T13513] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 519.163944][T13513] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 519.171923][T13513] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 519.179899][T13513] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 519.187884][T13513] Uninit was stored to memory at: [ 519.192925][T13513] kmsan_internal_chain_origin+0xad/0x130 [ 519.198658][T13513] __msan_chain_origin+0x50/0x90 [ 519.203607][T13513] do_recvmmsg+0x105a/0x1ee0 [ 519.208203][T13513] __se_sys_recvmmsg+0x1d1/0x350 [ 519.213214][T13513] __x64_sys_recvmmsg+0x62/0x80 [ 519.218075][T13513] do_syscall_64+0xb0/0x150 [ 519.222722][T13513] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 519.228610][T13513] [ 519.230936][T13513] Uninit was stored to memory at: [ 519.235971][T13513] kmsan_internal_chain_origin+0xad/0x130 [ 519.241704][T13513] __msan_chain_origin+0x50/0x90 [ 519.246738][T13513] do_recvmmsg+0x105a/0x1ee0 [ 519.251335][T13513] __se_sys_recvmmsg+0x1d1/0x350 [ 519.256283][T13513] __x64_sys_recvmmsg+0x62/0x80 [ 519.261146][T13513] do_syscall_64+0xb0/0x150 [ 519.265658][T13513] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 519.271545][T13513] [ 519.273873][T13513] Uninit was stored to memory at: [ 519.278911][T13513] kmsan_internal_chain_origin+0xad/0x130 [ 519.284640][T13513] __msan_chain_origin+0x50/0x90 [ 519.289586][T13513] do_recvmmsg+0x105a/0x1ee0 [ 519.294361][T13513] __se_sys_recvmmsg+0x1d1/0x350 [ 519.299309][T13513] __x64_sys_recvmmsg+0x62/0x80 [ 519.304271][T13513] do_syscall_64+0xb0/0x150 [ 519.308787][T13513] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 519.314676][T13513] [ 519.317003][T13513] Uninit was stored to memory at: [ 519.322037][T13513] kmsan_internal_chain_origin+0xad/0x130 [ 519.327761][T13513] __msan_chain_origin+0x50/0x90 [ 519.332707][T13513] do_recvmmsg+0x105a/0x1ee0 [ 519.338175][T13513] __se_sys_recvmmsg+0x1d1/0x350 [ 519.343122][T13513] __x64_sys_recvmmsg+0x62/0x80 [ 519.348169][T13513] do_syscall_64+0xb0/0x150 [ 519.354505][T13513] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 519.360400][T13513] [ 519.362728][T13513] Uninit was stored to memory at: [ 519.367760][T13513] kmsan_internal_chain_origin+0xad/0x130 [ 519.373486][T13513] __msan_chain_origin+0x50/0x90 [ 519.378435][T13513] do_recvmmsg+0x105a/0x1ee0 [ 519.383033][T13513] __se_sys_recvmmsg+0x1d1/0x350 [ 519.387995][T13513] __x64_sys_recvmmsg+0x62/0x80 [ 519.392853][T13513] do_syscall_64+0xb0/0x150 [ 519.397373][T13513] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 519.403269][T13513] [ 519.405599][T13513] Uninit was stored to memory at: [ 519.410637][T13513] kmsan_internal_chain_origin+0xad/0x130 [ 519.416372][T13513] __msan_chain_origin+0x50/0x90 [ 519.421503][T13513] do_recvmmsg+0x105a/0x1ee0 [ 519.426107][T13513] __se_sys_recvmmsg+0x1d1/0x350 [ 519.431070][T13513] __x64_sys_recvmmsg+0x62/0x80 [ 519.435945][T13513] do_syscall_64+0xb0/0x150 [ 519.440464][T13513] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 519.446368][T13513] [ 519.448696][T13513] Uninit was stored to memory at: [ 519.453737][T13513] kmsan_internal_chain_origin+0xad/0x130 [ 519.459466][T13513] __msan_chain_origin+0x50/0x90 [ 519.464414][T13513] do_recvmmsg+0x105a/0x1ee0 [ 519.469073][T13513] __se_sys_recvmmsg+0x1d1/0x350 [ 519.474029][T13513] __x64_sys_recvmmsg+0x62/0x80 [ 519.479211][T13513] do_syscall_64+0xb0/0x150 [ 519.483727][T13513] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 519.489610][T13513] [ 519.491939][T13513] Local variable ----msg_sys@do_recvmmsg created at: [ 519.498625][T13513] do_recvmmsg+0xc5/0x1ee0 [ 519.503048][T13513] do_recvmmsg+0xc5/0x1ee0 [ 519.805331][T13513] not chained 490000 origins [ 519.810156][T13513] CPU: 0 PID: 13513 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 519.818919][T13513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 519.828985][T13513] Call Trace: [ 519.832294][T13513] dump_stack+0x1df/0x240 [ 519.836668][T13513] kmsan_internal_chain_origin+0x6f/0x130 [ 519.842399][T13513] ? kmsan_get_metadata+0x4f/0x180 [ 519.847518][T13513] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 519.853434][T13513] ? __msan_poison_alloca+0xf0/0x120 [ 519.858735][T13513] ? kmsan_get_metadata+0x11d/0x180 [ 519.863961][T13513] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 519.869797][T13513] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 519.875890][T13513] ? kfree+0x61/0x30f0 [ 519.879973][T13513] ? kmsan_get_metadata+0x4f/0x180 [ 519.885101][T13513] ? kmsan_set_origin_checked+0x95/0xf0 [ 519.890659][T13513] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 519.896795][T13513] ? _copy_from_user+0x15b/0x260 [ 519.901743][T13513] ? kmsan_get_metadata+0x4f/0x180 [ 519.906863][T13513] __msan_chain_origin+0x50/0x90 [ 519.911815][T13513] do_recvmmsg+0x105a/0x1ee0 [ 519.916441][T13513] ? __msan_poison_alloca+0xf0/0x120 [ 519.921775][T13513] ? __se_sys_recvmmsg+0xac/0x350 [ 519.926805][T13513] ? __se_sys_recvmmsg+0xac/0x350 [ 519.931838][T13513] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 519.937918][T13513] __se_sys_recvmmsg+0x1d1/0x350 [ 519.942874][T13513] __x64_sys_recvmmsg+0x62/0x80 [ 519.948170][T13513] do_syscall_64+0xb0/0x150 [ 519.952687][T13513] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 519.958587][T13513] RIP: 0033:0x45c1d9 [ 519.962656][T13513] Code: Bad RIP value. [ 519.966726][T13513] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 519.975144][T13513] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 519.983123][T13513] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 519.991098][T13513] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 519.999253][T13513] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 520.007233][T13513] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 520.015223][T13513] Uninit was stored to memory at: [ 520.020265][T13513] kmsan_internal_chain_origin+0xad/0x130 [ 520.026007][T13513] __msan_chain_origin+0x50/0x90 [ 520.030968][T13513] do_recvmmsg+0x105a/0x1ee0 [ 520.035572][T13513] __se_sys_recvmmsg+0x1d1/0x350 [ 520.040526][T13513] __x64_sys_recvmmsg+0x62/0x80 [ 520.045396][T13513] do_syscall_64+0xb0/0x150 [ 520.049929][T13513] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 520.055818][T13513] [ 520.058149][T13513] Uninit was stored to memory at: [ 520.063290][T13513] kmsan_internal_chain_origin+0xad/0x130 [ 520.069021][T13513] __msan_chain_origin+0x50/0x90 [ 520.074117][T13513] do_recvmmsg+0x105a/0x1ee0 [ 520.078718][T13513] __se_sys_recvmmsg+0x1d1/0x350 [ 520.083682][T13513] __x64_sys_recvmmsg+0x62/0x80 [ 520.088554][T13513] do_syscall_64+0xb0/0x150 [ 520.093410][T13513] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 520.099296][T13513] [ 520.101622][T13513] Uninit was stored to memory at: [ 520.106665][T13513] kmsan_internal_chain_origin+0xad/0x130 [ 520.112398][T13513] __msan_chain_origin+0x50/0x90 [ 520.117344][T13513] do_recvmmsg+0x105a/0x1ee0 [ 520.121941][T13513] __se_sys_recvmmsg+0x1d1/0x350 [ 520.126886][T13513] __x64_sys_recvmmsg+0x62/0x80 [ 520.131740][T13513] do_syscall_64+0xb0/0x150 [ 520.136249][T13513] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 520.142130][T13513] [ 520.144458][T13513] Uninit was stored to memory at: [ 520.149500][T13513] kmsan_internal_chain_origin+0xad/0x130 [ 520.155229][T13513] __msan_chain_origin+0x50/0x90 [ 520.160181][T13513] do_recvmmsg+0x105a/0x1ee0 [ 520.165349][T13513] __se_sys_recvmmsg+0x1d1/0x350 [ 520.170296][T13513] __x64_sys_recvmmsg+0x62/0x80 [ 520.175157][T13513] do_syscall_64+0xb0/0x150 [ 520.179670][T13513] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 520.185566][T13513] [ 520.187899][T13513] Uninit was stored to memory at: [ 520.192932][T13513] kmsan_internal_chain_origin+0xad/0x130 [ 520.198681][T13513] __msan_chain_origin+0x50/0x90 [ 520.203807][T13513] do_recvmmsg+0x105a/0x1ee0 [ 520.208409][T13513] __se_sys_recvmmsg+0x1d1/0x350 [ 520.213443][T13513] __x64_sys_recvmmsg+0x62/0x80 [ 520.218300][T13513] do_syscall_64+0xb0/0x150 [ 520.222809][T13513] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 520.228691][T13513] [ 520.231012][T13513] Uninit was stored to memory at: [ 520.236131][T13513] kmsan_internal_chain_origin+0xad/0x130 [ 520.241860][T13513] __msan_chain_origin+0x50/0x90 [ 520.246801][T13513] do_recvmmsg+0x105a/0x1ee0 [ 520.251404][T13513] __se_sys_recvmmsg+0x1d1/0x350 [ 520.256347][T13513] __x64_sys_recvmmsg+0x62/0x80 [ 520.261204][T13513] do_syscall_64+0xb0/0x150 [ 520.265715][T13513] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 520.271598][T13513] [ 520.274085][T13513] Uninit was stored to memory at: [ 520.279115][T13513] kmsan_internal_chain_origin+0xad/0x130 [ 520.284840][T13513] __msan_chain_origin+0x50/0x90 [ 520.289798][T13513] do_recvmmsg+0x105a/0x1ee0 [ 520.294397][T13513] __se_sys_recvmmsg+0x1d1/0x350 [ 520.299340][T13513] __x64_sys_recvmmsg+0x62/0x80 [ 520.304226][T13513] do_syscall_64+0xb0/0x150 [ 520.308782][T13513] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 520.314842][T13513] [ 520.317173][T13513] Local variable ----msg_sys@do_recvmmsg created at: [ 520.323864][T13513] do_recvmmsg+0xc5/0x1ee0 [ 520.328379][T13513] do_recvmmsg+0xc5/0x1ee0 05:27:42 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:27:42 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:42 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="2c0000001500e2010000000000000000000a7800", @ANYRES32=r5, @ANYBLOB="14000100fc0200"/20], 0x2c}}, 0x0) ioctl$TIOCL_SCROLLCONSOLE(r1, 0x541c, &(0x7f0000000040)={0xd, 0xce2}) 05:27:42 executing program 1: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}, {0x0, [], 0x2}}, &(0x7f0000000340)=""/142, 0x1a, 0x8e, 0x8}, 0x20) 05:27:42 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x10, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 05:27:42 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 520.643006][T13556] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'. [ 520.724965][T13556] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:42 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:43 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) ioctl$SNDCTL_DSP_SETDUPLEX(r1, 0x5016, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c0000001500010000000000000000000a780000", @ANYRES32=r5, @ANYBLOB="15000100fc0200000000002f00008dc7a9000000000000"], 0x2c}}, 0x0) 05:27:43 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:27:43 executing program 1: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x8, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000000340)=""/128, 0x1a, 0x80, 0x8}, 0x20) 05:27:43 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:27:43 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea79b717bc42ac3a565d019abadd5a3d871dbb918bcc1518839ca88193da410d75165f0b7b52661c355c44fe7c9b54d75cec5971fba9", 0x43}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) [ 521.058997][T13568] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. 05:27:43 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0x0, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) [ 521.179037][T13575] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 521.234939][T13577] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:43 executing program 1: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet(0x2, 0x6, 0x2) r0 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100070c100000000000224e0000", 0x58}], 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 521.291754][T13582] ptrace attach of "/root/syz-executor.1"[13581] was attempted by "/root/syz-executor.1"[13582] [ 521.320635][T13577] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:43 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:27:43 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="2c000000150001ffffff7f00000000000a780000", @ANYRES32=r5, @ANYBLOB="14000100fc0200"/20], 0x2c}}, 0x0) r6 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vim2m\x00', 0x2, 0x0) fgetxattr(r6, &(0x7f0000000080)=@random={'osx.', '\xfc\\\\)\x00'}, &(0x7f00000002c0)=""/193, 0xc1) 05:27:43 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x10, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 05:27:43 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:27:43 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0x0, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) [ 521.902301][T13605] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:44 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) [ 521.983863][T13610] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:44 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e20, 0xf58, @loopback, 0x80000000}, 0x1c) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r5}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) 05:27:44 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0x74, 0x41) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0x8108551b, 0x0) 05:27:44 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x10, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 05:27:44 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0x0, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:44 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:27:44 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:27:44 executing program 1: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x14, 0x16, 0x2, [@func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{}]}]}}, &(0x7f0000000340)=""/128, 0x2e, 0x80, 0x8}, 0x20) 05:27:44 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r3}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:44 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00'], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:27:44 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000100)='NLBL_MGMT\x00') sendmsg$NLBL_MGMT_C_PROTOCOLS(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000300)={0x14, r2, 0x200, 0x70bd25, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40004}, 0x20010040) sendmsg$NLBL_MGMT_C_VERSION(r1, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000080)={&(0x7f0000000180)={0x68, r2, 0x400, 0x70bd2c, 0x25dfdbff, {}, [@NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @rand_addr=' \x01\x00'}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x2}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @private1={0xfc, 0x1, [], 0x1}}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @rand_addr=0x64010100}, @NLBL_MGMT_A_DOMAIN={0x9, 0x1, '(+(,\x00'}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x10}]}, 0x68}, 0x1, 0x0, 0x0, 0x1ff574d2b4a5cca8}, 0x40804) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$VIDIOC_SUBDEV_S_SELECTION(r1, 0xc040563e, &(0x7f00000002c0)={0x1, 0x0, 0x100, 0x6, {0x8001, 0x0, 0x2, 0x1}}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockname$packet(r5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r6}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) 05:27:44 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x14) sendmsg$netlink(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000140)=ANY=[@ANYBLOB="14010000051405"], 0x114}], 0x1}, 0x0) 05:27:45 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:27:45 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r3}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:45 executing program 1: sched_setattr(0x0, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x3d, 0x0) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000140)) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, "3abc50afd968c13400"}) r1 = syz_open_pts(r0, 0x0) dup3(r1, r0, 0x0) read(r0, &(0x7f00000000c0)=""/19, 0xfffffd28) 05:27:45 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x10, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 05:27:45 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00'], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:27:45 executing program 4: bind$can_raw(0xffffffffffffffff, &(0x7f00000016c0), 0x10) r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) [ 523.445919][T13655] __nla_validate_parse: 4 callbacks suppressed [ 523.445950][T13655] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:45 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r3}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:45 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00'], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:27:46 executing program 4: bind$can_raw(0xffffffffffffffff, &(0x7f00000016c0), 0x10) r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:27:46 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, 0x0) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080), 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) [ 524.051583][T13669] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:46 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x10, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 05:27:46 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="000000000000000028001200090001"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:27:46 executing program 4: bind$can_raw(0xffffffffffffffff, &(0x7f00000016c0), 0x10) r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) [ 524.427884][T13683] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 524.498347][T13686] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:46 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, 0x0) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080), 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:46 executing program 1: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="9feb010018"], &(0x7f0000000340)=""/128, 0x2e, 0x80, 0x8}, 0x20) 05:27:46 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x10, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 05:27:46 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="000000000000000028001200090001"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:27:46 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(0xffffffffffffffff, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:27:47 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc008ae88, &(0x7f00000000c0)={0x3, 0x0, [0x175, 0x0, 0x3, 0x8, 0xda0]}) [ 524.883899][T13695] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:47 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, 0x0) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080), 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) [ 524.965877][T13695] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:47 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x10, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 05:27:47 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="000000000000000028001200090001"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:27:47 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(0xffffffffffffffff, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:27:47 executing program 1: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x16, 0x14, 0x2, [@func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{}]}]}}, &(0x7f0000000340)=""/128, 0x2e, 0x80, 0x8}, 0x20) 05:27:47 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$F2FS_IOC_GET_PIN_FILE(r0, 0x8004f50e, &(0x7f00000002c0)) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) r5 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000000c0)='NLBL_UNLBL\x00') sendmsg$NLBL_UNLABEL_C_STATICLIST(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="9eec004688", @ANYRES16=r5, @ANYBLOB="000426bd7000fbdbdf25050000002f00070073797374656d5f753a6f626a6563745f723a7379736c6f67645f696e697472635f657865635f743a73300000080005000a01010108000500ffffffff14000200fe8000000000000000000000000000301400020000000000000000000000ffff0a01010214000200fe88000000000000000000000000010108000500e000000214000300fe80000000000000000000000000000d"], 0xac}, 0x1, 0x0, 0x0, 0x20004000}, 0x80) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000080)={&(0x7f0000000180)={0x80, r5, 0x10, 0x70bd28, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_SECCTX={0x27, 0x7, 'system_u:object_r:kmsg_device_t:s0\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'vlan0\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'macsec0\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x1c}}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'gretap0\x00'}]}, 0x80}, 0x1, 0x0, 0x0, 0x40000}, 0x24004014) timerfd_create(0x0, 0x40000) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r6}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) 05:27:47 executing program 5: socket$can_raw(0x1d, 0x3, 0x1) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r3}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) [ 525.508857][T13723] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:47 executing program 1: r0 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00') r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x34, r0, 0x1, 0x0, 0x0, {{}, {0x0, 0x4102}, {0x18, 0x17, {0x0, 0x0, @l2={'ib', 0xa, 'ipvlan1\x00'}}}}}, 0x34}}, 0x0) [ 525.565249][T13723] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:47 executing program 2: pipe(&(0x7f0000000500)) pipe(&(0x7f0000000040)) syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) 05:27:47 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(0xffffffffffffffff, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:27:48 executing program 5: socket$can_raw(0x1d, 0x3, 0x1) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r3}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:48 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x3) r4 = dup(r3) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000015000100000000000000000002780000", @ANYRES32=r5, @ANYBLOB="14000100fc0200"/20], 0x2c}}, 0x0) 05:27:48 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="000000000000000028001200090001007665"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:27:48 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea79b717bc", 0x12}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:27:48 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) [ 526.087752][T13749] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 526.127603][T13748] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 526.179695][T13753] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 526.236486][T13760] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 05:27:48 executing program 5: socket$can_raw(0x1d, 0x3, 0x1) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r3}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:48 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, 0x0, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:27:48 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="000000000000000028001200090001007665"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:27:48 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) getsockname$packet(r3, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYRES16=r4, @ANYRES64=0x0, @ANYBLOB="14000100fc02000000000210ea00009aa808e3aca2c37f016dcf08c8df2600"/45], 0x2c}}, 0x4081) 05:27:48 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00'}) sendmsg$can_raw(r0, 0x0, 0x0) 05:27:48 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, 0x0, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:27:48 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r5}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) 05:27:48 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="000000000000000028001200090001007665"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:27:49 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00'}) sendmsg$can_raw(r0, 0x0, 0x0) 05:27:49 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) getsockname$packet(r3, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="2c0000000500010000000000000000000a780000", @ANYRES32=r4, @ANYBLOB="14000100fc0200"/20], 0x2c}}, 0x0) 05:27:51 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x0, 0x0, @ipv4}}, 0x0, 0x2, 0x30, 0x0, "000000400000040000000001000200000000000000020000000000000000000089506108ec5d366a0000002300000000000000ff0f00080000002000eaffff000000000000000100"}, 0xd8) sendto$inet6(r0, 0x0, 0x0, 0x20000004, &(0x7f0000b63fe4), 0x1c) 05:27:51 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:27:51 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, 0x0, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:27:51 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:27:51 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00'}) sendmsg$can_raw(r0, 0x0, 0x0) 05:27:51 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYRESDEC=r7, @ANYRES32=r5, @ANYBLOB="14000100fc0200"/20], 0x2c}}, 0x0) r8 = openat$random(0xffffffffffffff9c, &(0x7f0000000040)='/dev/urandom\x00', 0x100, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$smc(&(0x7f00000009c0)='SMC_PNETID\x00') sendmsg$SMC_PNETID_GET(r9, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000a00)={0x14, r10, 0x721}, 0x14}}, 0x0) sendmsg$SMC_PNETID_ADD(r7, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)={0x60, r10, 0x10, 0x70bd29, 0x25dfdbfc, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'ipvlan0\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'veth0_to_bridge\x00'}]}, 0x60}, 0x1, 0x0, 0x0, 0x1}, 0x24000010) ioctl$RNDZAPENTCNT(r8, 0x5204, &(0x7f0000000080)=0x401) 05:27:51 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea79b717bc42ac3a565d019abadd5a3d871dbb918bcc1518839ca88193da410d75165f0b7b52661c355c44fe7c9b54d75cec5971fba94f4d35647a79", 0x49}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) [ 529.447722][T13824] __nla_validate_parse: 4 callbacks suppressed [ 529.447753][T13824] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 529.544222][T13828] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:51 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:27:51 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00'}) sendmsg$can_raw(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:52 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 529.886741][T13838] not chained 500000 origins [ 529.891399][T13838] CPU: 0 PID: 13838 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 529.900076][T13838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 529.910138][T13838] Call Trace: [ 529.913450][T13838] dump_stack+0x1df/0x240 [ 529.917816][T13838] kmsan_internal_chain_origin+0x6f/0x130 [ 529.923559][T13838] ? kmsan_get_metadata+0x4f/0x180 [ 529.928687][T13838] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 529.934598][T13838] ? __msan_poison_alloca+0xf0/0x120 [ 529.939918][T13838] ? kmsan_get_metadata+0x11d/0x180 [ 529.945152][T13838] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 529.950962][T13838] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 529.957019][T13838] ? kfree+0x61/0x30f0 [ 529.961862][T13838] ? kmsan_get_metadata+0x4f/0x180 [ 529.966965][T13838] ? kmsan_set_origin_checked+0x95/0xf0 [ 529.972687][T13838] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 529.979002][T13838] ? _copy_from_user+0x15b/0x260 [ 529.983927][T13838] ? kmsan_get_metadata+0x4f/0x180 [ 529.989378][T13838] __msan_chain_origin+0x50/0x90 [ 529.994311][T13838] do_recvmmsg+0x105a/0x1ee0 [ 529.998932][T13838] ? __msan_poison_alloca+0xf0/0x120 [ 530.004299][T13838] ? __se_sys_recvmmsg+0xac/0x350 [ 530.009339][T13838] ? __se_sys_recvmmsg+0xac/0x350 [ 530.014446][T13838] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 530.020622][T13838] __se_sys_recvmmsg+0x1d1/0x350 [ 530.025682][T13838] __x64_sys_recvmmsg+0x62/0x80 [ 530.031052][T13838] do_syscall_64+0xb0/0x150 [ 530.035734][T13838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 530.041708][T13838] RIP: 0033:0x45c1d9 [ 530.046284][T13838] Code: Bad RIP value. [ 530.050345][T13838] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 530.058882][T13838] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 530.066864][T13838] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 530.074843][T13838] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 530.082824][T13838] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 530.090798][T13838] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 530.098893][T13838] Uninit was stored to memory at: [ 530.103929][T13838] kmsan_internal_chain_origin+0xad/0x130 [ 530.109668][T13838] __msan_chain_origin+0x50/0x90 [ 530.114596][T13838] do_recvmmsg+0x105a/0x1ee0 [ 530.119262][T13838] __se_sys_recvmmsg+0x1d1/0x350 [ 530.124189][T13838] __x64_sys_recvmmsg+0x62/0x80 [ 530.129407][T13838] do_syscall_64+0xb0/0x150 [ 530.133911][T13838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 530.139789][T13838] [ 530.142109][T13838] Uninit was stored to memory at: [ 530.147136][T13838] kmsan_internal_chain_origin+0xad/0x130 [ 530.152847][T13838] __msan_chain_origin+0x50/0x90 [ 530.157799][T13838] do_recvmmsg+0x105a/0x1ee0 [ 530.162402][T13838] __se_sys_recvmmsg+0x1d1/0x350 [ 530.167331][T13838] __x64_sys_recvmmsg+0x62/0x80 [ 530.172170][T13838] do_syscall_64+0xb0/0x150 [ 530.176660][T13838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 530.182530][T13838] [ 530.184843][T13838] Uninit was stored to memory at: [ 530.189853][T13838] kmsan_internal_chain_origin+0xad/0x130 [ 530.195558][T13838] __msan_chain_origin+0x50/0x90 [ 530.200480][T13838] do_recvmmsg+0x105a/0x1ee0 [ 530.205057][T13838] __se_sys_recvmmsg+0x1d1/0x350 [ 530.209995][T13838] __x64_sys_recvmmsg+0x62/0x80 [ 530.215368][T13838] do_syscall_64+0xb0/0x150 [ 530.219861][T13838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 530.225730][T13838] [ 530.228043][T13838] Uninit was stored to memory at: [ 530.233142][T13838] kmsan_internal_chain_origin+0xad/0x130 [ 530.239183][T13838] __msan_chain_origin+0x50/0x90 [ 530.244283][T13838] do_recvmmsg+0x105a/0x1ee0 [ 530.248858][T13838] __se_sys_recvmmsg+0x1d1/0x350 [ 530.253800][T13838] __x64_sys_recvmmsg+0x62/0x80 [ 530.258654][T13838] do_syscall_64+0xb0/0x150 [ 530.263144][T13838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 530.269487][T13838] [ 530.271799][T13838] Uninit was stored to memory at: [ 530.276816][T13838] kmsan_internal_chain_origin+0xad/0x130 [ 530.282780][T13838] __msan_chain_origin+0x50/0x90 [ 530.287776][T13838] do_recvmmsg+0x105a/0x1ee0 [ 530.292709][T13838] __se_sys_recvmmsg+0x1d1/0x350 [ 530.297635][T13838] __x64_sys_recvmmsg+0x62/0x80 [ 530.302491][T13838] do_syscall_64+0xb0/0x150 [ 530.306980][T13838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 530.312848][T13838] [ 530.315162][T13838] Uninit was stored to memory at: [ 530.320173][T13838] kmsan_internal_chain_origin+0xad/0x130 [ 530.325882][T13838] __msan_chain_origin+0x50/0x90 [ 530.330816][T13838] do_recvmmsg+0x105a/0x1ee0 [ 530.335390][T13838] __se_sys_recvmmsg+0x1d1/0x350 [ 530.340315][T13838] __x64_sys_recvmmsg+0x62/0x80 [ 530.345170][T13838] do_syscall_64+0xb0/0x150 [ 530.349660][T13838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 530.356050][T13838] [ 530.358366][T13838] Uninit was stored to memory at: [ 530.363375][T13838] kmsan_internal_chain_origin+0xad/0x130 [ 530.369092][T13838] __msan_chain_origin+0x50/0x90 [ 530.374032][T13838] do_recvmmsg+0x105a/0x1ee0 [ 530.378615][T13838] __se_sys_recvmmsg+0x1d1/0x350 [ 530.383542][T13838] __x64_sys_recvmmsg+0x62/0x80 [ 530.388383][T13838] do_syscall_64+0xb0/0x150 [ 530.392879][T13838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 530.398749][T13838] [ 530.401061][T13838] Local variable ----msg_sys@do_recvmmsg created at: [ 530.407727][T13838] do_recvmmsg+0xc5/0x1ee0 [ 530.412132][T13838] do_recvmmsg+0xc5/0x1ee0 [ 530.487863][T13843] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:52 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$smc(&(0x7f00000009c0)='SMC_PNETID\x00') sendmsg$SMC_PNETID_GET(r5, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000480)=ANY=[@ANYBLOB="7800a838", @ANYRES16=r6, @ANYBLOB="210700000000fbdbdf2501000000140002007767320000000000000000000000000014000200776730000000000000000000000000000900030073797a30000000000900010073797a32000000000900010073797a30000000000900010073797a31000000000900030073797a3200000000"], 0xfdc7}}, 0x0) sendmsg$SMC_PNETID_FLUSH(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="1f00003fa6c36b319300", @ANYRES16=r6, @ANYBLOB="000127bd7000fcdbdf2504000000140002006e6574706369300000000000000000000900010073797a32000000001400020076657468305f6d616376746170000000"], 0x48}, 0x1, 0x0, 0x0, 0xc810}, 0x4009840) r7 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$VIDIOC_S_FBUF(r7, 0x4030560b, &(0x7f0000000240)={0xd, 0x0, &(0x7f0000000180)="371cf2685b041fd17fb085aa1e1af763e0f557d0c9296abe85958d534b7f9a30d06ad3563ffff3da355fc7a3ed7c42a9368bd61a906544d86868df8e770f8e4fce718e7a2f85dfccc987e8e883c09624285ad8dcb150daec6c1ddb25da7269d90553d868", {0x9, 0x49, 0x3231564e, 0x8, 0x9, 0xff, 0x8, 0x7}}) ioctl$TUNSETNOCSUM(r7, 0x400454c8, 0x0) r8 = dup(r3) getsockname$packet(r8, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2c0000001500010000000000000000000a780000", @ANYRES32=r9, @ANYBLOB="1400014b07e5b605b59306da469f00000000000013c229de0bb6263e37c97898ae9e192d22842241d09c071dd8aa1ab96ed49709bd8eaedd6d05f2e76e54c78d7ada1368d1e8a2599f3dc75704ea3d490421dd173a18e6b8420268cae74274400000008f1e9302c0cb1c65546635ebd4645ed2f0e4bed8df312094248c185178e36381b2e354a4d1e4a27a5509830d3dd803faffd8ca0000000000000000000000000000003270d369a7375974317db0d72c1e24d03a931e3e4ff69ccf4fd707f13c6fe89692f8fb10bdae9089fae736f94b988377788b820f7dc919a57e8c417e7579ab14a97a2d6954a4ab11ed950d232a8aa26ee3f4feda0a2096d0b8e6c696e6e7b327d54d885a879975ebbeada8451f16ff7c981979ba4ba657bb5631ae3e1417ed83783e7421698e3096f17cd6a3ed5061244203df947aad19b5e32ff27701dfc6e11dee9e504484949a563e605c5e17594560a12cf879531fef31f1bf9b463415d6eb0b76d43609b8aa70f4286067ac5d9274d7d69a"], 0x2c}}, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000040)={0x0, 0x270c}, &(0x7f0000000100)=0x8) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r8, 0x84, 0x76, &(0x7f0000000580)={0x0, 0x2a1}, 0x8) [ 530.558579][T13845] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:52 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 530.840586][T13852] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:53 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) getsockname$packet(r3, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) r4 = creat(&(0x7f00000000c0)='./file0\x00', 0x51f) write$binfmt_script(r4, &(0x7f0000002300)={'#! ', './file0'}, 0xb) close(r4) [ 530.915417][T13854] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 531.136495][T13838] not chained 510000 origins [ 531.141159][T13838] CPU: 1 PID: 13838 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 531.149833][T13838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 531.160106][T13838] Call Trace: [ 531.163505][T13838] dump_stack+0x1df/0x240 [ 531.167854][T13838] kmsan_internal_chain_origin+0x6f/0x130 [ 531.173590][T13838] ? kmsan_get_metadata+0x4f/0x180 [ 531.178717][T13838] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 531.184621][T13838] ? __msan_poison_alloca+0xf0/0x120 [ 531.189902][T13838] ? kmsan_get_metadata+0x11d/0x180 [ 531.195176][T13838] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 531.200969][T13838] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 531.207111][T13838] ? kfree+0x61/0x30f0 [ 531.211171][T13838] ? kmsan_get_metadata+0x4f/0x180 [ 531.216360][T13838] ? kmsan_set_origin_checked+0x95/0xf0 [ 531.221983][T13838] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 531.228043][T13838] ? _copy_from_user+0x15b/0x260 [ 531.232967][T13838] ? kmsan_get_metadata+0x4f/0x180 [ 531.238064][T13838] __msan_chain_origin+0x50/0x90 [ 531.242994][T13838] do_recvmmsg+0x105a/0x1ee0 [ 531.247599][T13838] ? __msan_poison_alloca+0xf0/0x120 [ 531.252874][T13838] ? __se_sys_recvmmsg+0xac/0x350 [ 531.257884][T13838] ? __se_sys_recvmmsg+0xac/0x350 [ 531.262897][T13838] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 531.268778][T13838] __se_sys_recvmmsg+0x1d1/0x350 [ 531.273804][T13838] __x64_sys_recvmmsg+0x62/0x80 [ 531.278664][T13838] do_syscall_64+0xb0/0x150 [ 531.283157][T13838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 531.289039][T13838] RIP: 0033:0x45c1d9 [ 531.292912][T13838] Code: Bad RIP value. [ 531.296959][T13838] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 531.305444][T13838] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 531.313494][T13838] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 531.321454][T13838] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 531.329671][T13838] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 531.337628][T13838] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 531.345621][T13838] Uninit was stored to memory at: [ 531.350634][T13838] kmsan_internal_chain_origin+0xad/0x130 [ 531.356360][T13838] __msan_chain_origin+0x50/0x90 [ 531.361295][T13838] do_recvmmsg+0x105a/0x1ee0 [ 531.368128][T13838] __se_sys_recvmmsg+0x1d1/0x350 [ 531.373051][T13838] __x64_sys_recvmmsg+0x62/0x80 [ 531.377890][T13838] do_syscall_64+0xb0/0x150 [ 531.382379][T13838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 531.388245][T13838] [ 531.390554][T13838] Uninit was stored to memory at: [ 531.395568][T13838] kmsan_internal_chain_origin+0xad/0x130 [ 531.401275][T13838] __msan_chain_origin+0x50/0x90 [ 531.406302][T13838] do_recvmmsg+0x105a/0x1ee0 [ 531.410878][T13838] __se_sys_recvmmsg+0x1d1/0x350 [ 531.415800][T13838] __x64_sys_recvmmsg+0x62/0x80 [ 531.420635][T13838] do_syscall_64+0xb0/0x150 [ 531.425386][T13838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 531.431254][T13838] [ 531.433560][T13838] Uninit was stored to memory at: [ 531.438566][T13838] kmsan_internal_chain_origin+0xad/0x130 [ 531.444377][T13838] __msan_chain_origin+0x50/0x90 [ 531.449362][T13838] do_recvmmsg+0x105a/0x1ee0 [ 531.453955][T13838] __se_sys_recvmmsg+0x1d1/0x350 [ 531.458903][T13838] __x64_sys_recvmmsg+0x62/0x80 [ 531.463745][T13838] do_syscall_64+0xb0/0x150 [ 531.468326][T13838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 531.474294][T13838] [ 531.476622][T13838] Uninit was stored to memory at: [ 531.481652][T13838] kmsan_internal_chain_origin+0xad/0x130 [ 531.487455][T13838] __msan_chain_origin+0x50/0x90 [ 531.492393][T13838] do_recvmmsg+0x105a/0x1ee0 [ 531.497684][T13838] __se_sys_recvmmsg+0x1d1/0x350 [ 531.502617][T13838] __x64_sys_recvmmsg+0x62/0x80 [ 531.507462][T13838] do_syscall_64+0xb0/0x150 [ 531.512115][T13838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 531.518331][T13838] [ 531.520639][T13838] Uninit was stored to memory at: [ 531.525648][T13838] kmsan_internal_chain_origin+0xad/0x130 [ 531.533953][T13838] __msan_chain_origin+0x50/0x90 [ 531.539917][T13838] do_recvmmsg+0x105a/0x1ee0 [ 531.544510][T13838] __se_sys_recvmmsg+0x1d1/0x350 [ 531.549530][T13838] __x64_sys_recvmmsg+0x62/0x80 [ 531.554366][T13838] do_syscall_64+0xb0/0x150 [ 531.559572][T13838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 531.565489][T13838] [ 531.567825][T13838] Uninit was stored to memory at: [ 531.572849][T13838] kmsan_internal_chain_origin+0xad/0x130 [ 531.578577][T13838] __msan_chain_origin+0x50/0x90 [ 531.583504][T13838] do_recvmmsg+0x105a/0x1ee0 [ 531.588081][T13838] __se_sys_recvmmsg+0x1d1/0x350 [ 531.593002][T13838] __x64_sys_recvmmsg+0x62/0x80 [ 531.597839][T13838] do_syscall_64+0xb0/0x150 [ 531.602328][T13838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 531.608194][T13838] [ 531.610502][T13838] Uninit was stored to memory at: [ 531.615522][T13838] kmsan_internal_chain_origin+0xad/0x130 [ 531.621223][T13838] __msan_chain_origin+0x50/0x90 [ 531.626146][T13838] do_recvmmsg+0x105a/0x1ee0 [ 531.630722][T13838] __se_sys_recvmmsg+0x1d1/0x350 [ 531.635645][T13838] __x64_sys_recvmmsg+0x62/0x80 [ 531.640480][T13838] do_syscall_64+0xb0/0x150 [ 531.644968][T13838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 531.650835][T13838] [ 531.653144][T13838] Local variable ----msg_sys@do_recvmmsg created at: [ 531.659805][T13838] do_recvmmsg+0xc5/0x1ee0 [ 531.664205][T13838] do_recvmmsg+0xc5/0x1ee0 05:27:54 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:27:54 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 532.713690][T13863] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 532.749335][T13863] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:55 executing program 1: openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x20601, 0x0) openat$dsp(0xffffffffffffff9c, 0x0, 0x123002, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xedc0) write$RDMA_USER_CM_CMD_GET_EVENT(r0, 0x0, 0x0) 05:27:55 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:27:55 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00'}) sendmsg$can_raw(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) [ 533.151652][T13875] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 533.248993][T13875] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:55 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00'}) sendmsg$can_raw(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) [ 533.957415][T13838] not chained 520000 origins [ 533.962054][T13838] CPU: 0 PID: 13838 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 533.970912][T13838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 533.981060][T13838] Call Trace: [ 533.984368][T13838] dump_stack+0x1df/0x240 [ 533.988704][T13838] kmsan_internal_chain_origin+0x6f/0x130 [ 533.994428][T13838] ? kmsan_get_metadata+0x4f/0x180 [ 533.999540][T13838] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 534.005439][T13838] ? __msan_poison_alloca+0xf0/0x120 [ 534.010734][T13838] ? kmsan_get_metadata+0x11d/0x180 [ 534.015935][T13838] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 534.021748][T13838] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 534.027834][T13838] ? kfree+0x61/0x30f0 [ 534.031924][T13838] ? kmsan_get_metadata+0x4f/0x180 [ 534.037042][T13838] ? kmsan_set_origin_checked+0x95/0xf0 [ 534.042598][T13838] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 534.048679][T13838] ? _copy_from_user+0x15b/0x260 [ 534.053625][T13838] ? kmsan_get_metadata+0x4f/0x180 [ 534.058926][T13838] __msan_chain_origin+0x50/0x90 [ 534.063885][T13838] do_recvmmsg+0x105a/0x1ee0 [ 534.068513][T13838] ? __msan_poison_alloca+0xf0/0x120 [ 534.073818][T13838] ? __se_sys_recvmmsg+0xac/0x350 [ 534.078864][T13838] ? __se_sys_recvmmsg+0xac/0x350 [ 534.083986][T13838] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 534.089896][T13838] __se_sys_recvmmsg+0x1d1/0x350 [ 534.094858][T13838] __x64_sys_recvmmsg+0x62/0x80 [ 534.099714][T13838] do_syscall_64+0xb0/0x150 [ 534.104226][T13838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 534.110123][T13838] RIP: 0033:0x45c1d9 [ 534.114006][T13838] Code: Bad RIP value. [ 534.118260][T13838] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 534.126672][T13838] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 534.134650][T13838] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 534.142624][T13838] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 534.150596][T13838] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 534.158573][T13838] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 534.166557][T13838] Uninit was stored to memory at: [ 534.171593][T13838] kmsan_internal_chain_origin+0xad/0x130 [ 534.177326][T13838] __msan_chain_origin+0x50/0x90 [ 534.182275][T13838] do_recvmmsg+0x105a/0x1ee0 [ 534.186880][T13838] __se_sys_recvmmsg+0x1d1/0x350 [ 534.191822][T13838] __x64_sys_recvmmsg+0x62/0x80 [ 534.196693][T13838] do_syscall_64+0xb0/0x150 [ 534.201206][T13838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 534.207091][T13838] [ 534.209411][T13838] Uninit was stored to memory at: [ 534.214442][T13838] kmsan_internal_chain_origin+0xad/0x130 [ 534.220168][T13838] __msan_chain_origin+0x50/0x90 [ 534.225111][T13838] do_recvmmsg+0x105a/0x1ee0 [ 534.229711][T13838] __se_sys_recvmmsg+0x1d1/0x350 [ 534.234647][T13838] __x64_sys_recvmmsg+0x62/0x80 [ 534.239498][T13838] do_syscall_64+0xb0/0x150 [ 534.244002][T13838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 534.249879][T13838] [ 534.252206][T13838] Uninit was stored to memory at: [ 534.257247][T13838] kmsan_internal_chain_origin+0xad/0x130 [ 534.263080][T13838] __msan_chain_origin+0x50/0x90 [ 534.268715][T13838] do_recvmmsg+0x105a/0x1ee0 [ 534.273313][T13838] __se_sys_recvmmsg+0x1d1/0x350 [ 534.278348][T13838] __x64_sys_recvmmsg+0x62/0x80 [ 534.283734][T13838] do_syscall_64+0xb0/0x150 [ 534.288250][T13838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 534.294134][T13838] [ 534.296456][T13838] Uninit was stored to memory at: [ 534.301491][T13838] kmsan_internal_chain_origin+0xad/0x130 [ 534.307390][T13838] __msan_chain_origin+0x50/0x90 [ 534.312342][T13838] do_recvmmsg+0x105a/0x1ee0 [ 534.316939][T13838] __se_sys_recvmmsg+0x1d1/0x350 [ 534.321881][T13838] __x64_sys_recvmmsg+0x62/0x80 [ 534.326728][T13838] do_syscall_64+0xb0/0x150 [ 534.331237][T13838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 534.337117][T13838] [ 534.339440][T13838] Uninit was stored to memory at: [ 534.344475][T13838] kmsan_internal_chain_origin+0xad/0x130 [ 534.350199][T13838] __msan_chain_origin+0x50/0x90 [ 534.355141][T13838] do_recvmmsg+0x105a/0x1ee0 [ 534.359736][T13838] __se_sys_recvmmsg+0x1d1/0x350 [ 534.364676][T13838] __x64_sys_recvmmsg+0x62/0x80 [ 534.369533][T13838] do_syscall_64+0xb0/0x150 [ 534.374044][T13838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 534.379931][T13838] [ 534.382261][T13838] Uninit was stored to memory at: [ 534.387292][T13838] kmsan_internal_chain_origin+0xad/0x130 [ 534.393014][T13838] __msan_chain_origin+0x50/0x90 [ 534.397967][T13838] do_recvmmsg+0x105a/0x1ee0 [ 534.402556][T13838] __se_sys_recvmmsg+0x1d1/0x350 [ 534.407491][T13838] __x64_sys_recvmmsg+0x62/0x80 [ 534.412347][T13838] do_syscall_64+0xb0/0x150 [ 534.416854][T13838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 534.422735][T13838] [ 534.425056][T13838] Uninit was stored to memory at: [ 534.430086][T13838] kmsan_internal_chain_origin+0xad/0x130 [ 534.435810][T13838] __msan_chain_origin+0x50/0x90 [ 534.440750][T13838] do_recvmmsg+0x105a/0x1ee0 [ 534.445339][T13838] __se_sys_recvmmsg+0x1d1/0x350 [ 534.450279][T13838] __x64_sys_recvmmsg+0x62/0x80 [ 534.455129][T13838] do_syscall_64+0xb0/0x150 [ 534.459659][T13838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 534.466218][T13838] [ 534.468541][T13838] Local variable ----msg_sys@do_recvmmsg created at: [ 534.475222][T13838] do_recvmmsg+0xc5/0x1ee0 [ 534.479771][T13838] do_recvmmsg+0xc5/0x1ee0 [ 534.702756][T13838] not chained 530000 origins [ 534.707391][T13838] CPU: 1 PID: 13838 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 534.716054][T13838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 534.726371][T13838] Call Trace: [ 534.729668][T13838] dump_stack+0x1df/0x240 [ 534.734010][T13838] kmsan_internal_chain_origin+0x6f/0x130 [ 534.739724][T13838] ? kmsan_get_metadata+0x4f/0x180 [ 534.744842][T13838] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 534.750747][T13838] ? __msan_poison_alloca+0xf0/0x120 [ 534.756042][T13838] ? kmsan_get_metadata+0x11d/0x180 [ 534.761241][T13838] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 534.767069][T13838] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 534.773142][T13838] ? kfree+0x61/0x30f0 [ 534.777219][T13838] ? kmsan_get_metadata+0x4f/0x180 [ 534.782337][T13838] ? kmsan_set_origin_checked+0x95/0xf0 [ 534.788060][T13838] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 534.794127][T13838] ? _copy_from_user+0x15b/0x260 [ 534.799064][T13838] ? kmsan_get_metadata+0x4f/0x180 [ 534.804172][T13838] __msan_chain_origin+0x50/0x90 [ 534.809112][T13838] do_recvmmsg+0x105a/0x1ee0 [ 534.813733][T13838] ? __msan_poison_alloca+0xf0/0x120 [ 534.819016][T13838] ? __se_sys_recvmmsg+0xac/0x350 [ 534.824045][T13838] ? __se_sys_recvmmsg+0xac/0x350 [ 534.829086][T13838] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 534.834991][T13838] __se_sys_recvmmsg+0x1d1/0x350 [ 534.840028][T13838] __x64_sys_recvmmsg+0x62/0x80 [ 534.844892][T13838] do_syscall_64+0xb0/0x150 [ 534.849403][T13838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 534.855287][T13838] RIP: 0033:0x45c1d9 [ 534.859163][T13838] Code: Bad RIP value. [ 534.863237][T13838] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 534.872080][T13838] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 534.880047][T13838] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 534.888012][T13838] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 534.895982][T13838] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 534.903964][T13838] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 534.912160][T13838] Uninit was stored to memory at: [ 534.918054][T13838] kmsan_internal_chain_origin+0xad/0x130 [ 534.923776][T13838] __msan_chain_origin+0x50/0x90 [ 534.928904][T13838] do_recvmmsg+0x105a/0x1ee0 [ 534.934194][T13838] __se_sys_recvmmsg+0x1d1/0x350 [ 534.939129][T13838] __x64_sys_recvmmsg+0x62/0x80 [ 534.943985][T13838] do_syscall_64+0xb0/0x150 [ 534.948843][T13838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 534.954736][T13838] [ 534.957137][T13838] Uninit was stored to memory at: [ 534.962162][T13838] kmsan_internal_chain_origin+0xad/0x130 [ 534.968053][T13838] __msan_chain_origin+0x50/0x90 [ 534.972986][T13838] do_recvmmsg+0x105a/0x1ee0 [ 534.978092][T13838] __se_sys_recvmmsg+0x1d1/0x350 [ 534.983209][T13838] __x64_sys_recvmmsg+0x62/0x80 [ 534.988088][T13838] do_syscall_64+0xb0/0x150 [ 534.992591][T13838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 534.998469][T13838] [ 535.000791][T13838] Uninit was stored to memory at: [ 535.005821][T13838] kmsan_internal_chain_origin+0xad/0x130 [ 535.011632][T13838] __msan_chain_origin+0x50/0x90 [ 535.016568][T13838] do_recvmmsg+0x105a/0x1ee0 [ 535.021174][T13838] __se_sys_recvmmsg+0x1d1/0x350 [ 535.026112][T13838] __x64_sys_recvmmsg+0x62/0x80 [ 535.031074][T13838] do_syscall_64+0xb0/0x150 [ 535.035669][T13838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 535.041545][T13838] [ 535.044022][T13838] Uninit was stored to memory at: [ 535.049078][T13838] kmsan_internal_chain_origin+0xad/0x130 [ 535.054891][T13838] __msan_chain_origin+0x50/0x90 [ 535.059835][T13838] do_recvmmsg+0x105a/0x1ee0 [ 535.064609][T13838] __se_sys_recvmmsg+0x1d1/0x350 [ 535.069559][T13838] __x64_sys_recvmmsg+0x62/0x80 [ 535.074418][T13838] do_syscall_64+0xb0/0x150 [ 535.078969][T13838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 535.084859][T13838] [ 535.087183][T13838] Uninit was stored to memory at: [ 535.092211][T13838] kmsan_internal_chain_origin+0xad/0x130 [ 535.098014][T13838] __msan_chain_origin+0x50/0x90 [ 535.102952][T13838] do_recvmmsg+0x105a/0x1ee0 [ 535.107660][T13838] __se_sys_recvmmsg+0x1d1/0x350 [ 535.112601][T13838] __x64_sys_recvmmsg+0x62/0x80 [ 535.117459][T13838] do_syscall_64+0xb0/0x150 [ 535.122053][T13838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 535.127965][T13838] [ 535.130291][T13838] Uninit was stored to memory at: [ 535.135321][T13838] kmsan_internal_chain_origin+0xad/0x130 [ 535.141038][T13838] __msan_chain_origin+0x50/0x90 [ 535.145979][T13838] do_recvmmsg+0x105a/0x1ee0 [ 535.150579][T13838] __se_sys_recvmmsg+0x1d1/0x350 [ 535.155518][T13838] __x64_sys_recvmmsg+0x62/0x80 [ 535.160371][T13838] do_syscall_64+0xb0/0x150 [ 535.164872][T13838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 535.170800][T13838] [ 535.173116][T13838] Uninit was stored to memory at: [ 535.178140][T13838] kmsan_internal_chain_origin+0xad/0x130 [ 535.184291][T13838] __msan_chain_origin+0x50/0x90 [ 535.189230][T13838] do_recvmmsg+0x105a/0x1ee0 [ 535.193819][T13838] __se_sys_recvmmsg+0x1d1/0x350 [ 535.198843][T13838] __x64_sys_recvmmsg+0x62/0x80 [ 535.203692][T13838] do_syscall_64+0xb0/0x150 [ 535.208192][T13838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 535.214069][T13838] [ 535.216386][T13838] Local variable ----msg_sys@do_recvmmsg created at: [ 535.223054][T13838] do_recvmmsg+0xc5/0x1ee0 [ 535.227465][T13838] do_recvmmsg+0xc5/0x1ee0 05:27:57 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:27:57 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:27:57 executing program 1: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000000340)=""/128, 0x1a, 0x80, 0x8}, 0x20) 05:27:57 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00'}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080), 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:57 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0xe040, 0x0) ioctl$PPPIOCGMRU(r2, 0x80047453, &(0x7f0000000080)) r3 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockname$packet(r5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) r7 = creat(&(0x7f00000000c0)='./file0\x00', 0x51f) write$binfmt_script(r7, &(0x7f0000002300)={'#! ', './file0'}, 0xb) close(r7) r8 = socket$netlink(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x58, r9, 0xb03, 0x0, 0x0, {0x13}, [@TIPC_NLA_MON={0x2c}, @TIPC_NLA_NODE={0xe, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_ADDR={0x8}]}]}, 0x58}}, 0x0) sendmsg$TIPC_NL_NAME_TABLE_GET(r7, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f00000002c0)={0x144, r9, 0x610, 0x70bd27, 0x25dfdbfd, {}, [@TIPC_NLA_NET={0x50, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x3}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x8}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x80000001}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xaddb}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x2e5c697c}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x81}]}, @TIPC_NLA_PUBL={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x9}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x4}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}]}, @TIPC_NLA_NODE={0x90, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ID={0x8b, 0x3, "8015326533851121b5715d33507464cb58ef5000949e2cab06bd69b1d0d48cce26083518cff30bf3cbc4def7e96f4bd1f6a91eeac4f3f0db7a4c206e02a34381c9f47395d30238abf95b1e9355945ad724b8850db02ddb642b251016adbe6240221c023e26ed6445894bf05010d6575af4f863389f17aa03c1d1ce17ed5cb4918bcb3af8349118"}]}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}]}, @TIPC_NLA_LINK={0x18, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}]}, 0x144}, 0x1, 0x0, 0x0, 0x4044884}, 0xc081) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="2c0000001520000000000000000000000a780000", @ANYRES32=r6, @ANYBLOB="14000100fc02004000"/20], 0x2c}}, 0x0) 05:27:57 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc008ae88, &(0x7f00000000c0)={0x3, 0x0, [0x175, 0x0, 0x3, 0x8, 0x619]}) [ 535.509483][T13890] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 535.551839][T13892] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 535.562027][T13892] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 535.577444][T13890] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 535.736747][T13895] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 535.746407][T13895] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. 05:27:58 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:27:58 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:27:58 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00'}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080), 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) 05:27:58 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc008ae88, &(0x7f00000000c0)={0x3, 0x0, [0x175, 0x0, 0x3, 0x8, 0x639]}) 05:27:58 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2c0000001500010000000000000000000a780000", @ANYRES32=r5, @ANYBLOB="14000100fc0200000000000000000000000000006842d976a20ee47fdff152f97718ccfc6b2415392a84e52de6dc2fb116cfbaacfc65a992a69975c263edcdd5932747cca4b342b586960f5d8e2020d4b15f4de42141e773b9dfd9f320967e877bf754f4f960e0026178624d806753eb89ac08defce0110c93b41be63dee9ecd89b05da19bb9faa0d7fa4536db5415de692a36f7c093fb0277ea1a8934684be451c7de555a3b9d8be4d084"], 0x2c}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_TOL(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)={0x68, r7, 0x1, 0x0, 0x0, {{}, {}, {0x3, 0x18, {0x0, @media='eth\x00'}}}}, 0x68}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r4, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x24, r7, 0x400, 0x70bd26, 0x25dfdbff, {{}, {}, {0x8, 0x11, 0x3}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x8050}, 0x84) [ 536.193942][T13918] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 05:27:58 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00'}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080), 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) [ 536.338899][T13893] not chained 540000 origins [ 536.343542][T13893] CPU: 0 PID: 13893 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 536.352219][T13893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 536.362279][T13893] Call Trace: [ 536.365625][T13893] dump_stack+0x1df/0x240 [ 536.369979][T13893] kmsan_internal_chain_origin+0x6f/0x130 [ 536.375709][T13893] ? kmsan_get_metadata+0x4f/0x180 [ 536.380828][T13893] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 536.386729][T13893] ? __msan_poison_alloca+0xf0/0x120 [ 536.392030][T13893] ? kmsan_get_metadata+0x11d/0x180 [ 536.397277][T13893] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 536.403822][T13893] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 536.409874][T13893] ? kfree+0x61/0x30f0 [ 536.413931][T13893] ? kmsan_get_metadata+0x4f/0x180 [ 536.419025][T13893] ? kmsan_set_origin_checked+0x95/0xf0 [ 536.424556][T13893] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 536.430628][T13893] ? _copy_from_user+0x15b/0x260 [ 536.435554][T13893] ? kmsan_get_metadata+0x4f/0x180 [ 536.440654][T13893] __msan_chain_origin+0x50/0x90 [ 536.445583][T13893] do_recvmmsg+0x105a/0x1ee0 [ 536.450182][T13893] ? __msan_poison_alloca+0xf0/0x120 [ 536.455465][T13893] ? __se_sys_recvmmsg+0xac/0x350 [ 536.460477][T13893] ? __se_sys_recvmmsg+0xac/0x350 [ 536.465510][T13893] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 536.471393][T13893] __se_sys_recvmmsg+0x1d1/0x350 [ 536.476322][T13893] __x64_sys_recvmmsg+0x62/0x80 [ 536.481161][T13893] do_syscall_64+0xb0/0x150 [ 536.485668][T13893] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 536.491542][T13893] RIP: 0033:0x45c1d9 [ 536.495415][T13893] Code: Bad RIP value. [ 536.499461][T13893] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 536.507945][T13893] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 536.515930][T13893] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 536.524211][T13893] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 536.532175][T13893] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 536.540130][T13893] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 536.548095][T13893] Uninit was stored to memory at: [ 536.553106][T13893] kmsan_internal_chain_origin+0xad/0x130 [ 536.558811][T13893] __msan_chain_origin+0x50/0x90 [ 536.563732][T13893] do_recvmmsg+0x105a/0x1ee0 [ 536.568308][T13893] __se_sys_recvmmsg+0x1d1/0x350 [ 536.573230][T13893] __x64_sys_recvmmsg+0x62/0x80 [ 536.578074][T13893] do_syscall_64+0xb0/0x150 [ 536.582565][T13893] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 536.588518][T13893] [ 536.590825][T13893] Uninit was stored to memory at: [ 536.595876][T13893] kmsan_internal_chain_origin+0xad/0x130 [ 536.601577][T13893] __msan_chain_origin+0x50/0x90 [ 536.606497][T13893] do_recvmmsg+0x105a/0x1ee0 [ 536.611071][T13893] __se_sys_recvmmsg+0x1d1/0x350 [ 536.615997][T13893] __x64_sys_recvmmsg+0x62/0x80 [ 536.620831][T13893] do_syscall_64+0xb0/0x150 [ 536.625317][T13893] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 536.631192][T13893] [ 536.633504][T13893] Uninit was stored to memory at: [ 536.638510][T13893] kmsan_internal_chain_origin+0xad/0x130 [ 536.644298][T13893] __msan_chain_origin+0x50/0x90 [ 536.649227][T13893] do_recvmmsg+0x105a/0x1ee0 [ 536.653804][T13893] __se_sys_recvmmsg+0x1d1/0x350 [ 536.658729][T13893] __x64_sys_recvmmsg+0x62/0x80 [ 536.663594][T13893] do_syscall_64+0xb0/0x150 [ 536.668081][T13893] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 536.674063][T13893] [ 536.676378][T13893] Uninit was stored to memory at: [ 536.681398][T13893] kmsan_internal_chain_origin+0xad/0x130 [ 536.687107][T13893] __msan_chain_origin+0x50/0x90 [ 536.692039][T13893] do_recvmmsg+0x105a/0x1ee0 [ 536.696609][T13893] __se_sys_recvmmsg+0x1d1/0x350 [ 536.701530][T13893] __x64_sys_recvmmsg+0x62/0x80 [ 536.706376][T13893] do_syscall_64+0xb0/0x150 [ 536.710876][T13893] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 536.716740][T13893] [ 536.719044][T13893] Uninit was stored to memory at: [ 536.724053][T13893] kmsan_internal_chain_origin+0xad/0x130 [ 536.729790][T13893] __msan_chain_origin+0x50/0x90 [ 536.734735][T13893] do_recvmmsg+0x105a/0x1ee0 [ 536.739314][T13893] __se_sys_recvmmsg+0x1d1/0x350 [ 536.744237][T13893] __x64_sys_recvmmsg+0x62/0x80 [ 536.749071][T13893] do_syscall_64+0xb0/0x150 [ 536.753561][T13893] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 536.759429][T13893] [ 536.761738][T13893] Uninit was stored to memory at: [ 536.766832][T13893] kmsan_internal_chain_origin+0xad/0x130 [ 536.772534][T13893] __msan_chain_origin+0x50/0x90 [ 536.777453][T13893] do_recvmmsg+0x105a/0x1ee0 [ 536.782026][T13893] __se_sys_recvmmsg+0x1d1/0x350 [ 536.786946][T13893] __x64_sys_recvmmsg+0x62/0x80 [ 536.791810][T13893] do_syscall_64+0xb0/0x150 [ 536.796297][T13893] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 536.802167][T13893] [ 536.804511][T13893] Uninit was stored to memory at: [ 536.809519][T13893] kmsan_internal_chain_origin+0xad/0x130 [ 536.815235][T13893] __msan_chain_origin+0x50/0x90 [ 536.820248][T13893] do_recvmmsg+0x105a/0x1ee0 [ 536.824824][T13893] __se_sys_recvmmsg+0x1d1/0x350 [ 536.829744][T13893] __x64_sys_recvmmsg+0x62/0x80 [ 536.834590][T13893] do_syscall_64+0xb0/0x150 [ 536.839078][T13893] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 536.844945][T13893] [ 536.847251][T13893] Local variable ----msg_sys@do_recvmmsg created at: [ 536.853912][T13893] do_recvmmsg+0xc5/0x1ee0 [ 536.858315][T13893] do_recvmmsg+0xc5/0x1ee0 [ 536.924336][T13932] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 537.892740][T13893] not chained 550000 origins [ 537.897386][T13893] CPU: 0 PID: 13893 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 537.906055][T13893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 537.916721][T13893] Call Trace: [ 537.920024][T13893] dump_stack+0x1df/0x240 [ 537.924366][T13893] kmsan_internal_chain_origin+0x6f/0x130 [ 537.930092][T13893] ? kmsan_get_metadata+0x11d/0x180 [ 537.935300][T13893] ? kmsan_get_metadata+0x11d/0x180 [ 537.940508][T13893] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 537.946329][T13893] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 537.952519][T13893] ? __perf_event_task_sched_in+0xa15/0xa80 [ 537.958431][T13893] ? kmsan_set_origin_checked+0x95/0xf0 [ 537.963997][T13893] ? kmsan_get_metadata+0x11d/0x180 [ 537.969313][T13893] ? kmsan_get_metadata+0x11d/0x180 [ 537.974530][T13893] ? kmsan_get_metadata+0x4f/0x180 [ 537.979652][T13893] ? kmsan_set_origin_checked+0x95/0xf0 [ 537.985212][T13893] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 537.991292][T13893] ? _copy_from_user+0x15b/0x260 [ 537.996241][T13893] ? kmsan_get_metadata+0x4f/0x180 [ 538.001448][T13893] __msan_chain_origin+0x50/0x90 [ 538.006398][T13893] do_recvmmsg+0x105a/0x1ee0 [ 538.011031][T13893] ? __msan_poison_alloca+0xf0/0x120 [ 538.016332][T13893] ? __se_sys_recvmmsg+0xac/0x350 [ 538.021364][T13893] ? __se_sys_recvmmsg+0xac/0x350 [ 538.026480][T13893] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 538.032382][T13893] __se_sys_recvmmsg+0x1d1/0x350 [ 538.037334][T13893] __x64_sys_recvmmsg+0x62/0x80 [ 538.042192][T13893] do_syscall_64+0xb0/0x150 [ 538.046709][T13893] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 538.052648][T13893] RIP: 0033:0x45c1d9 [ 538.056636][T13893] Code: Bad RIP value. [ 538.060708][T13893] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 538.069322][T13893] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 538.077389][T13893] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 538.085368][T13893] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 538.093377][T13893] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 538.101404][T13893] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 538.109573][T13893] Uninit was stored to memory at: [ 538.114612][T13893] kmsan_internal_chain_origin+0xad/0x130 [ 538.120349][T13893] __msan_chain_origin+0x50/0x90 [ 538.125296][T13893] do_recvmmsg+0x105a/0x1ee0 [ 538.129891][T13893] __se_sys_recvmmsg+0x1d1/0x350 [ 538.134832][T13893] __x64_sys_recvmmsg+0x62/0x80 [ 538.139681][T13893] do_syscall_64+0xb0/0x150 [ 538.144189][T13893] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 538.152675][T13893] [ 538.154992][T13893] Uninit was stored to memory at: [ 538.160018][T13893] kmsan_internal_chain_origin+0xad/0x130 [ 538.165751][T13893] __msan_chain_origin+0x50/0x90 [ 538.170801][T13893] do_recvmmsg+0x105a/0x1ee0 [ 538.175404][T13893] __se_sys_recvmmsg+0x1d1/0x350 [ 538.180350][T13893] __x64_sys_recvmmsg+0x62/0x80 [ 538.185216][T13893] do_syscall_64+0xb0/0x150 [ 538.189734][T13893] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 538.195636][T13893] [ 538.197960][T13893] Uninit was stored to memory at: [ 538.202993][T13893] kmsan_internal_chain_origin+0xad/0x130 [ 538.208718][T13893] __msan_chain_origin+0x50/0x90 [ 538.213664][T13893] do_recvmmsg+0x105a/0x1ee0 [ 538.218258][T13893] __se_sys_recvmmsg+0x1d1/0x350 [ 538.223207][T13893] __x64_sys_recvmmsg+0x62/0x80 [ 538.228061][T13893] do_syscall_64+0xb0/0x150 [ 538.232603][T13893] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 538.238573][T13893] [ 538.240894][T13893] Uninit was stored to memory at: [ 538.245925][T13893] kmsan_internal_chain_origin+0xad/0x130 [ 538.251648][T13893] __msan_chain_origin+0x50/0x90 [ 538.256594][T13893] do_recvmmsg+0x105a/0x1ee0 [ 538.261186][T13893] __se_sys_recvmmsg+0x1d1/0x350 [ 538.266126][T13893] __x64_sys_recvmmsg+0x62/0x80 [ 538.270983][T13893] do_syscall_64+0xb0/0x150 [ 538.275496][T13893] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 538.281498][T13893] [ 538.283822][T13893] Uninit was stored to memory at: [ 538.288857][T13893] kmsan_internal_chain_origin+0xad/0x130 [ 538.294584][T13893] __msan_chain_origin+0x50/0x90 [ 538.299542][T13893] do_recvmmsg+0x105a/0x1ee0 [ 538.304139][T13893] __se_sys_recvmmsg+0x1d1/0x350 [ 538.309081][T13893] __x64_sys_recvmmsg+0x62/0x80 [ 538.313939][T13893] do_syscall_64+0xb0/0x150 [ 538.318446][T13893] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 538.324330][T13893] [ 538.326654][T13893] Uninit was stored to memory at: [ 538.331685][T13893] kmsan_internal_chain_origin+0xad/0x130 [ 538.337408][T13893] __msan_chain_origin+0x50/0x90 [ 538.342353][T13893] do_recvmmsg+0x105a/0x1ee0 [ 538.346951][T13893] __se_sys_recvmmsg+0x1d1/0x350 [ 538.351895][T13893] __x64_sys_recvmmsg+0x62/0x80 [ 538.356748][T13893] do_syscall_64+0xb0/0x150 [ 538.361255][T13893] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 538.367134][T13893] [ 538.369455][T13893] Uninit was stored to memory at: [ 538.374485][T13893] kmsan_internal_chain_origin+0xad/0x130 [ 538.380213][T13893] __msan_chain_origin+0x50/0x90 [ 538.385152][T13893] do_recvmmsg+0x105a/0x1ee0 [ 538.389749][T13893] __se_sys_recvmmsg+0x1d1/0x350 [ 538.394706][T13893] __x64_sys_recvmmsg+0x62/0x80 [ 538.399559][T13893] do_syscall_64+0xb0/0x150 [ 538.404077][T13893] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 538.409958][T13893] [ 538.412288][T13893] Local variable ----msg_sys@do_recvmmsg created at: [ 538.418968][T13893] do_recvmmsg+0xc5/0x1ee0 [ 538.423397][T13893] do_recvmmsg+0xc5/0x1ee0 [ 539.001082][T13893] not chained 560000 origins [ 539.005711][T13893] CPU: 1 PID: 13893 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 539.014377][T13893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 539.024429][T13893] Call Trace: [ 539.027723][T13893] dump_stack+0x1df/0x240 [ 539.032061][T13893] kmsan_internal_chain_origin+0x6f/0x130 [ 539.037877][T13893] ? kmsan_get_metadata+0x4f/0x180 [ 539.043182][T13893] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 539.049077][T13893] ? __msan_poison_alloca+0xf0/0x120 [ 539.054372][T13893] ? kmsan_get_metadata+0x11d/0x180 [ 539.059583][T13893] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 539.065385][T13893] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 539.071450][T13893] ? kfree+0x61/0x30f0 [ 539.075549][T13893] ? kmsan_get_metadata+0x4f/0x180 [ 539.080659][T13893] ? kmsan_set_origin_checked+0x95/0xf0 [ 539.086202][T13893] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 539.092272][T13893] ? _copy_from_user+0x15b/0x260 [ 539.097230][T13893] ? kmsan_get_metadata+0x4f/0x180 [ 539.102351][T13893] __msan_chain_origin+0x50/0x90 [ 539.107302][T13893] do_recvmmsg+0x105a/0x1ee0 [ 539.112032][T13893] ? __msan_poison_alloca+0xf0/0x120 [ 539.117326][T13893] ? __se_sys_recvmmsg+0xac/0x350 [ 539.122347][T13893] ? __se_sys_recvmmsg+0xac/0x350 [ 539.127382][T13893] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 539.133369][T13893] __se_sys_recvmmsg+0x1d1/0x350 [ 539.140335][T13893] __x64_sys_recvmmsg+0x62/0x80 [ 539.145238][T13893] do_syscall_64+0xb0/0x150 [ 539.149777][T13893] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 539.155679][T13893] RIP: 0033:0x45c1d9 [ 539.159649][T13893] Code: Bad RIP value. [ 539.163715][T13893] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 539.172309][T13893] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 539.180279][T13893] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 539.188298][T13893] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 539.196901][T13893] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 539.205052][T13893] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 539.213038][T13893] Uninit was stored to memory at: [ 539.218070][T13893] kmsan_internal_chain_origin+0xad/0x130 [ 539.223785][T13893] __msan_chain_origin+0x50/0x90 [ 539.228721][T13893] do_recvmmsg+0x105a/0x1ee0 [ 539.233315][T13893] __se_sys_recvmmsg+0x1d1/0x350 [ 539.238507][T13893] __x64_sys_recvmmsg+0x62/0x80 [ 539.243357][T13893] do_syscall_64+0xb0/0x150 [ 539.250638][T13893] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 539.257220][T13893] [ 539.259542][T13893] Uninit was stored to memory at: [ 539.264576][T13893] kmsan_internal_chain_origin+0xad/0x130 [ 539.270385][T13893] __msan_chain_origin+0x50/0x90 [ 539.275409][T13893] do_recvmmsg+0x105a/0x1ee0 [ 539.279994][T13893] __se_sys_recvmmsg+0x1d1/0x350 [ 539.284936][T13893] __x64_sys_recvmmsg+0x62/0x80 [ 539.289800][T13893] do_syscall_64+0xb0/0x150 [ 539.294304][T13893] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 539.300179][T13893] [ 539.302495][T13893] Uninit was stored to memory at: [ 539.307564][T13893] kmsan_internal_chain_origin+0xad/0x130 [ 539.313280][T13893] __msan_chain_origin+0x50/0x90 [ 539.318223][T13893] do_recvmmsg+0x105a/0x1ee0 [ 539.322816][T13893] __se_sys_recvmmsg+0x1d1/0x350 [ 539.327749][T13893] __x64_sys_recvmmsg+0x62/0x80 [ 539.332599][T13893] do_syscall_64+0xb0/0x150 [ 539.337135][T13893] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 539.343010][T13893] [ 539.345329][T13893] Uninit was stored to memory at: [ 539.350350][T13893] kmsan_internal_chain_origin+0xad/0x130 [ 539.357818][T13893] __msan_chain_origin+0x50/0x90 [ 539.362938][T13893] do_recvmmsg+0x105a/0x1ee0 [ 539.368313][T13893] __se_sys_recvmmsg+0x1d1/0x350 [ 539.373249][T13893] __x64_sys_recvmmsg+0x62/0x80 [ 539.378101][T13893] do_syscall_64+0xb0/0x150 [ 539.382605][T13893] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 539.388657][T13893] [ 539.390992][T13893] Uninit was stored to memory at: [ 539.396053][T13893] kmsan_internal_chain_origin+0xad/0x130 [ 539.402390][T13893] __msan_chain_origin+0x50/0x90 [ 539.407334][T13893] do_recvmmsg+0x105a/0x1ee0 [ 539.411924][T13893] __se_sys_recvmmsg+0x1d1/0x350 [ 539.416865][T13893] __x64_sys_recvmmsg+0x62/0x80 [ 539.421725][T13893] do_syscall_64+0xb0/0x150 [ 539.426236][T13893] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 539.432117][T13893] [ 539.434436][T13893] Uninit was stored to memory at: [ 539.439460][T13893] kmsan_internal_chain_origin+0xad/0x130 [ 539.445180][T13893] __msan_chain_origin+0x50/0x90 [ 539.450226][T13893] do_recvmmsg+0x105a/0x1ee0 [ 539.454940][T13893] __se_sys_recvmmsg+0x1d1/0x350 [ 539.460031][T13893] __x64_sys_recvmmsg+0x62/0x80 [ 539.464905][T13893] do_syscall_64+0xb0/0x150 [ 539.469418][T13893] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 539.475304][T13893] [ 539.477629][T13893] Uninit was stored to memory at: [ 539.482658][T13893] kmsan_internal_chain_origin+0xad/0x130 [ 539.488475][T13893] __msan_chain_origin+0x50/0x90 [ 539.493527][T13893] do_recvmmsg+0x105a/0x1ee0 [ 539.498119][T13893] __se_sys_recvmmsg+0x1d1/0x350 [ 539.503060][T13893] __x64_sys_recvmmsg+0x62/0x80 [ 539.507909][T13893] do_syscall_64+0xb0/0x150 [ 539.512411][T13893] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 539.518288][T13893] [ 539.520610][T13893] Local variable ----msg_sys@do_recvmmsg created at: [ 539.527300][T13893] do_recvmmsg+0xc5/0x1ee0 [ 539.531724][T13893] do_recvmmsg+0xc5/0x1ee0 05:28:01 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:28:01 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc008ae88, &(0x7f00000000c0)={0x3, 0x0, [0x175, 0x0, 0x3, 0x8, 0x639]}) 05:28:01 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:28:01 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r2) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) getsockname$packet(r6, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r7}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) 05:28:01 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, 0x0}, 0x0) 05:28:01 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) [ 539.855906][T13957] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 539.990140][T13966] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:28:02 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc008ae88, &(0x7f00000000c0)={0x3, 0x0, [0x175, 0x0, 0x3, 0x8, 0x639]}) 05:28:02 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, 0x0}, 0x0) 05:28:02 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r3) r4 = creat(&(0x7f00000000c0)='./file0\x00', 0x51f) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) r7 = socket$inet_udp(0x2, 0x2, 0x0) open_by_handle_at(r3, &(0x7f0000000380)={0x61, 0x1, "809ea67ab078c0087e831b6cbe714bf751449064082e29db6d64c5b40c3074de3e2af157e706b7b5681b2d595a5cd96d4fd95f819ca617310d2f7d9de8c1d601e9883ec6778bd017cd2742463b7c280c3cd686d29a21f1590b"}, 0x51f081) close(r7) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$binfmt_script(0xffffffffffffffff, &(0x7f00000002c0)=ANY=[@ANYBLOB="2321202e2fed7ec7a72d5da57a6c60b8fdabb44766696c6530207b219e002a610e7b13c35356610628adde16e282d9fe7286f98ddcd9a99c050000004b881328035630c2ba71a737e818504b5a54130000000014eee5e3f1fe34866be20592dce8dfd0e9e2fafaf7b64c0e1c04af00f81da3948bbaf1ee331dbdeeffc8cce963745499f24db6f5cffa66202129d9202f6400762f6273670020"], 0x99) close(r4) openat$bsg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bsg\x00', 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000180)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000016000002540f5e8179fc18236929bd70"], 0x14}}, 0x81) [ 540.308326][T13961] not chained 570000 origins [ 540.312971][T13961] CPU: 0 PID: 13961 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 540.321642][T13961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 540.331788][T13961] Call Trace: [ 540.335097][T13961] dump_stack+0x1df/0x240 [ 540.339459][T13961] kmsan_internal_chain_origin+0x6f/0x130 [ 540.345193][T13961] ? kmsan_get_metadata+0x4f/0x180 [ 540.350316][T13961] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 540.356220][T13961] ? __msan_poison_alloca+0xf0/0x120 [ 540.361522][T13961] ? kmsan_get_metadata+0x11d/0x180 [ 540.366711][T13961] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 540.372505][T13961] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 540.378556][T13961] ? kfree+0x61/0x30f0 [ 540.382613][T13961] ? kmsan_get_metadata+0x4f/0x180 [ 540.387711][T13961] ? kmsan_set_origin_checked+0x95/0xf0 [ 540.393249][T13961] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 540.399317][T13961] ? _copy_from_user+0x15b/0x260 [ 540.404239][T13961] ? kmsan_get_metadata+0x4f/0x180 [ 540.409340][T13961] __msan_chain_origin+0x50/0x90 [ 540.414268][T13961] do_recvmmsg+0x105a/0x1ee0 [ 540.418871][T13961] ? __msan_poison_alloca+0xf0/0x120 [ 540.424146][T13961] ? __se_sys_recvmmsg+0xac/0x350 [ 540.429155][T13961] ? __se_sys_recvmmsg+0xac/0x350 [ 540.434168][T13961] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 540.440050][T13961] __se_sys_recvmmsg+0x1d1/0x350 [ 540.444984][T13961] __x64_sys_recvmmsg+0x62/0x80 [ 540.449821][T13961] do_syscall_64+0xb0/0x150 [ 540.454318][T13961] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 540.460191][T13961] RIP: 0033:0x45c1d9 [ 540.464078][T13961] Code: Bad RIP value. [ 540.468125][T13961] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 540.476519][T13961] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 540.484487][T13961] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 540.492454][T13961] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 540.500417][T13961] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 540.508377][T13961] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 540.516356][T13961] Uninit was stored to memory at: [ 540.521371][T13961] kmsan_internal_chain_origin+0xad/0x130 [ 540.527072][T13961] __msan_chain_origin+0x50/0x90 [ 540.531995][T13961] do_recvmmsg+0x105a/0x1ee0 [ 540.536567][T13961] __se_sys_recvmmsg+0x1d1/0x350 [ 540.541487][T13961] __x64_sys_recvmmsg+0x62/0x80 [ 540.546327][T13961] do_syscall_64+0xb0/0x150 [ 540.550818][T13961] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 540.556691][T13961] [ 540.558999][T13961] Uninit was stored to memory at: [ 540.564005][T13961] kmsan_internal_chain_origin+0xad/0x130 [ 540.569707][T13961] __msan_chain_origin+0x50/0x90 [ 540.574628][T13961] do_recvmmsg+0x105a/0x1ee0 [ 540.579198][T13961] __se_sys_recvmmsg+0x1d1/0x350 [ 540.584119][T13961] __x64_sys_recvmmsg+0x62/0x80 [ 540.588969][T13961] do_syscall_64+0xb0/0x150 [ 540.593467][T13961] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 540.599339][T13961] [ 540.601656][T13961] Uninit was stored to memory at: [ 540.606674][T13961] kmsan_internal_chain_origin+0xad/0x130 [ 540.612383][T13961] __msan_chain_origin+0x50/0x90 [ 540.617308][T13961] do_recvmmsg+0x105a/0x1ee0 [ 540.621882][T13961] __se_sys_recvmmsg+0x1d1/0x350 [ 540.626804][T13961] __x64_sys_recvmmsg+0x62/0x80 [ 540.631663][T13961] do_syscall_64+0xb0/0x150 [ 540.636148][T13961] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 540.642016][T13961] [ 540.644333][T13961] Uninit was stored to memory at: [ 540.649363][T13961] kmsan_internal_chain_origin+0xad/0x130 [ 540.655090][T13961] __msan_chain_origin+0x50/0x90 [ 540.660016][T13961] do_recvmmsg+0x105a/0x1ee0 [ 540.664593][T13961] __se_sys_recvmmsg+0x1d1/0x350 [ 540.669529][T13961] __x64_sys_recvmmsg+0x62/0x80 [ 540.674378][T13961] do_syscall_64+0xb0/0x150 [ 540.678865][T13961] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 540.684732][T13961] [ 540.687039][T13961] Uninit was stored to memory at: [ 540.692047][T13961] kmsan_internal_chain_origin+0xad/0x130 [ 540.697748][T13961] __msan_chain_origin+0x50/0x90 [ 540.702852][T13961] do_recvmmsg+0x105a/0x1ee0 [ 540.707435][T13961] __se_sys_recvmmsg+0x1d1/0x350 [ 540.712364][T13961] __x64_sys_recvmmsg+0x62/0x80 [ 540.717205][T13961] do_syscall_64+0xb0/0x150 [ 540.721698][T13961] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 540.727576][T13961] [ 540.729885][T13961] Uninit was stored to memory at: [ 540.734896][T13961] kmsan_internal_chain_origin+0xad/0x130 [ 540.740598][T13961] __msan_chain_origin+0x50/0x90 [ 540.745519][T13961] do_recvmmsg+0x105a/0x1ee0 [ 540.750094][T13961] __se_sys_recvmmsg+0x1d1/0x350 [ 540.755016][T13961] __x64_sys_recvmmsg+0x62/0x80 [ 540.759851][T13961] do_syscall_64+0xb0/0x150 [ 540.764343][T13961] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 540.770210][T13961] [ 540.772518][T13961] Uninit was stored to memory at: [ 540.777527][T13961] kmsan_internal_chain_origin+0xad/0x130 [ 540.783227][T13961] __msan_chain_origin+0x50/0x90 [ 540.788147][T13961] do_recvmmsg+0x105a/0x1ee0 [ 540.792723][T13961] __se_sys_recvmmsg+0x1d1/0x350 [ 540.797643][T13961] __x64_sys_recvmmsg+0x62/0x80 [ 540.802476][T13961] do_syscall_64+0xb0/0x150 05:28:02 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 540.806966][T13961] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 540.812835][T13961] [ 540.815144][T13961] Local variable ----msg_sys@do_recvmmsg created at: [ 540.821800][T13961] do_recvmmsg+0xc5/0x1ee0 [ 540.826199][T13961] do_recvmmsg+0xc5/0x1ee0 05:28:03 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc008ae88, &(0x7f00000000c0)={0x3, 0x0, [0x175, 0x0, 0x3, 0x8, 0x639]}) 05:28:03 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, 0x0}, 0x0) [ 541.258536][T13992] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 541.422801][T13995] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 541.689774][T13961] not chained 580000 origins [ 541.694414][T13961] CPU: 0 PID: 13961 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 541.703098][T13961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 541.714195][T13961] Call Trace: [ 541.717491][T13961] dump_stack+0x1df/0x240 [ 541.721830][T13961] kmsan_internal_chain_origin+0x6f/0x130 [ 541.727552][T13961] ? kmsan_get_metadata+0x4f/0x180 [ 541.732667][T13961] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 541.738565][T13961] ? __msan_poison_alloca+0xf0/0x120 [ 541.743862][T13961] ? kmsan_get_metadata+0x11d/0x180 [ 541.749066][T13961] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 541.754879][T13961] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 541.761039][T13961] ? kfree+0x61/0x30f0 [ 541.765118][T13961] ? kmsan_get_metadata+0x4f/0x180 [ 541.770234][T13961] ? kmsan_set_origin_checked+0x95/0xf0 [ 541.775787][T13961] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 541.782388][T13961] ? _copy_from_user+0x15b/0x260 [ 541.787331][T13961] ? kmsan_get_metadata+0x4f/0x180 [ 541.792450][T13961] __msan_chain_origin+0x50/0x90 [ 541.797393][T13961] do_recvmmsg+0x105a/0x1ee0 [ 541.802026][T13961] ? __msan_poison_alloca+0xf0/0x120 [ 541.807315][T13961] ? __se_sys_recvmmsg+0xac/0x350 [ 541.812514][T13961] ? __se_sys_recvmmsg+0xac/0x350 [ 541.817539][T13961] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 541.823442][T13961] __se_sys_recvmmsg+0x1d1/0x350 [ 541.828403][T13961] __x64_sys_recvmmsg+0x62/0x80 [ 541.833277][T13961] do_syscall_64+0xb0/0x150 [ 541.837785][T13961] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 541.843675][T13961] RIP: 0033:0x45c1d9 [ 541.847557][T13961] Code: Bad RIP value. [ 541.851617][T13961] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 541.860031][T13961] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 541.868268][T13961] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 541.876246][T13961] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 541.884219][T13961] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 541.892192][T13961] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 541.900174][T13961] Uninit was stored to memory at: [ 541.905293][T13961] kmsan_internal_chain_origin+0xad/0x130 [ 541.911068][T13961] __msan_chain_origin+0x50/0x90 [ 541.916020][T13961] do_recvmmsg+0x105a/0x1ee0 [ 541.920612][T13961] __se_sys_recvmmsg+0x1d1/0x350 [ 541.925556][T13961] __x64_sys_recvmmsg+0x62/0x80 [ 541.930409][T13961] do_syscall_64+0xb0/0x150 [ 541.934916][T13961] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 541.941000][T13961] [ 541.943320][T13961] Uninit was stored to memory at: [ 541.948358][T13961] kmsan_internal_chain_origin+0xad/0x130 [ 541.954693][T13961] __msan_chain_origin+0x50/0x90 [ 541.959634][T13961] do_recvmmsg+0x105a/0x1ee0 [ 541.964326][T13961] __se_sys_recvmmsg+0x1d1/0x350 [ 541.969280][T13961] __x64_sys_recvmmsg+0x62/0x80 [ 541.974151][T13961] do_syscall_64+0xb0/0x150 [ 541.978741][T13961] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 541.984623][T13961] [ 541.986943][T13961] Uninit was stored to memory at: [ 541.991974][T13961] kmsan_internal_chain_origin+0xad/0x130 [ 541.997693][T13961] __msan_chain_origin+0x50/0x90 [ 542.002633][T13961] do_recvmmsg+0x105a/0x1ee0 [ 542.007225][T13961] __se_sys_recvmmsg+0x1d1/0x350 [ 542.012162][T13961] __x64_sys_recvmmsg+0x62/0x80 [ 542.017017][T13961] do_syscall_64+0xb0/0x150 [ 542.021521][T13961] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 542.027404][T13961] [ 542.029723][T13961] Uninit was stored to memory at: [ 542.034764][T13961] kmsan_internal_chain_origin+0xad/0x130 [ 542.040479][T13961] __msan_chain_origin+0x50/0x90 [ 542.045425][T13961] do_recvmmsg+0x105a/0x1ee0 [ 542.050024][T13961] __se_sys_recvmmsg+0x1d1/0x350 [ 542.054969][T13961] __x64_sys_recvmmsg+0x62/0x80 [ 542.059836][T13961] do_syscall_64+0xb0/0x150 [ 542.064358][T13961] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 542.070238][T13961] [ 542.072558][T13961] Uninit was stored to memory at: [ 542.077691][T13961] kmsan_internal_chain_origin+0xad/0x130 [ 542.083422][T13961] __msan_chain_origin+0x50/0x90 [ 542.088372][T13961] do_recvmmsg+0x105a/0x1ee0 [ 542.093024][T13961] __se_sys_recvmmsg+0x1d1/0x350 [ 542.097967][T13961] __x64_sys_recvmmsg+0x62/0x80 [ 542.102825][T13961] do_syscall_64+0xb0/0x150 [ 542.107346][T13961] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 542.113235][T13961] [ 542.115674][T13961] Uninit was stored to memory at: [ 542.120708][T13961] kmsan_internal_chain_origin+0xad/0x130 [ 542.126433][T13961] __msan_chain_origin+0x50/0x90 [ 542.131370][T13961] do_recvmmsg+0x105a/0x1ee0 [ 542.135972][T13961] __se_sys_recvmmsg+0x1d1/0x350 [ 542.140924][T13961] __x64_sys_recvmmsg+0x62/0x80 [ 542.145793][T13961] do_syscall_64+0xb0/0x150 [ 542.150302][T13961] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 542.156183][T13961] [ 542.158504][T13961] Uninit was stored to memory at: [ 542.163537][T13961] kmsan_internal_chain_origin+0xad/0x130 [ 542.169255][T13961] __msan_chain_origin+0x50/0x90 [ 542.174199][T13961] do_recvmmsg+0x105a/0x1ee0 [ 542.178792][T13961] __se_sys_recvmmsg+0x1d1/0x350 [ 542.183734][T13961] __x64_sys_recvmmsg+0x62/0x80 [ 542.188598][T13961] do_syscall_64+0xb0/0x150 [ 542.193105][T13961] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 542.198975][T13961] [ 542.201290][T13961] Local variable ----msg_sys@do_recvmmsg created at: [ 542.207973][T13961] do_recvmmsg+0xc5/0x1ee0 [ 542.212384][T13961] do_recvmmsg+0xc5/0x1ee0 [ 543.429670][T13961] not chained 590000 origins [ 543.434300][T13961] CPU: 1 PID: 13961 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 543.442967][T13961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 543.453025][T13961] Call Trace: [ 543.456325][T13961] dump_stack+0x1df/0x240 [ 543.460664][T13961] kmsan_internal_chain_origin+0x6f/0x130 [ 543.466388][T13961] ? kmsan_get_metadata+0x4f/0x180 [ 543.471505][T13961] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 543.477747][T13961] ? __msan_poison_alloca+0xf0/0x120 [ 543.483303][T13961] ? kmsan_get_metadata+0x11d/0x180 [ 543.488597][T13961] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 543.494410][T13961] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 543.500485][T13961] ? kfree+0x61/0x30f0 [ 543.504557][T13961] ? kmsan_get_metadata+0x4f/0x180 [ 543.509700][T13961] ? kmsan_set_origin_checked+0x95/0xf0 [ 543.515426][T13961] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 543.521500][T13961] ? _copy_from_user+0x15b/0x260 [ 543.526442][T13961] ? kmsan_get_metadata+0x4f/0x180 [ 543.531552][T13961] __msan_chain_origin+0x50/0x90 [ 543.536507][T13961] do_recvmmsg+0x105a/0x1ee0 [ 543.541135][T13961] ? __msan_poison_alloca+0xf0/0x120 [ 543.546426][T13961] ? __se_sys_recvmmsg+0xac/0x350 [ 543.551452][T13961] ? __se_sys_recvmmsg+0xac/0x350 [ 543.556476][T13961] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 543.562372][T13961] __se_sys_recvmmsg+0x1d1/0x350 [ 543.567318][T13961] __x64_sys_recvmmsg+0x62/0x80 [ 543.572174][T13961] do_syscall_64+0xb0/0x150 [ 543.576677][T13961] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 543.582563][T13961] RIP: 0033:0x45c1d9 [ 543.586445][T13961] Code: Bad RIP value. [ 543.590501][T13961] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 543.598914][T13961] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 543.606967][T13961] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 543.614934][T13961] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 543.622991][T13961] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 543.630972][T13961] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 543.639379][T13961] Uninit was stored to memory at: [ 543.644409][T13961] kmsan_internal_chain_origin+0xad/0x130 [ 543.650150][T13961] __msan_chain_origin+0x50/0x90 [ 543.655087][T13961] do_recvmmsg+0x105a/0x1ee0 [ 543.659816][T13961] __se_sys_recvmmsg+0x1d1/0x350 [ 543.664752][T13961] __x64_sys_recvmmsg+0x62/0x80 [ 543.669599][T13961] do_syscall_64+0xb0/0x150 [ 543.674104][T13961] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 543.680155][T13961] [ 543.682477][T13961] Uninit was stored to memory at: [ 543.687514][T13961] kmsan_internal_chain_origin+0xad/0x130 [ 543.693236][T13961] __msan_chain_origin+0x50/0x90 [ 543.698776][T13961] do_recvmmsg+0x105a/0x1ee0 [ 543.703459][T13961] __se_sys_recvmmsg+0x1d1/0x350 [ 543.708487][T13961] __x64_sys_recvmmsg+0x62/0x80 [ 543.713457][T13961] do_syscall_64+0xb0/0x150 [ 543.718067][T13961] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 543.724214][T13961] [ 543.726530][T13961] Uninit was stored to memory at: [ 543.731557][T13961] kmsan_internal_chain_origin+0xad/0x130 [ 543.737273][T13961] __msan_chain_origin+0x50/0x90 [ 543.742208][T13961] do_recvmmsg+0x105a/0x1ee0 [ 543.746794][T13961] __se_sys_recvmmsg+0x1d1/0x350 [ 543.751738][T13961] __x64_sys_recvmmsg+0x62/0x80 [ 543.757023][T13961] do_syscall_64+0xb0/0x150 [ 543.761816][T13961] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 543.767694][T13961] [ 543.770038][T13961] Uninit was stored to memory at: [ 543.775588][T13961] kmsan_internal_chain_origin+0xad/0x130 [ 543.781487][T13961] __msan_chain_origin+0x50/0x90 [ 543.786423][T13961] do_recvmmsg+0x105a/0x1ee0 [ 543.791094][T13961] __se_sys_recvmmsg+0x1d1/0x350 [ 543.796419][T13961] __x64_sys_recvmmsg+0x62/0x80 [ 543.801372][T13961] do_syscall_64+0xb0/0x150 [ 543.805884][T13961] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 543.811808][T13961] [ 543.814315][T13961] Uninit was stored to memory at: [ 543.819603][T13961] kmsan_internal_chain_origin+0xad/0x130 [ 543.825758][T13961] __msan_chain_origin+0x50/0x90 [ 543.830990][T13961] do_recvmmsg+0x105a/0x1ee0 [ 543.835694][T13961] __se_sys_recvmmsg+0x1d1/0x350 [ 543.840627][T13961] __x64_sys_recvmmsg+0x62/0x80 [ 543.845569][T13961] do_syscall_64+0xb0/0x150 [ 543.850255][T13961] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 543.857347][T13961] [ 543.859669][T13961] Uninit was stored to memory at: [ 543.865146][T13961] kmsan_internal_chain_origin+0xad/0x130 [ 543.871142][T13961] __msan_chain_origin+0x50/0x90 [ 543.876084][T13961] do_recvmmsg+0x105a/0x1ee0 [ 543.880675][T13961] __se_sys_recvmmsg+0x1d1/0x350 [ 543.885710][T13961] __x64_sys_recvmmsg+0x62/0x80 [ 543.890559][T13961] do_syscall_64+0xb0/0x150 [ 543.895065][T13961] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 543.900977][T13961] [ 543.903310][T13961] Uninit was stored to memory at: [ 543.908482][T13961] kmsan_internal_chain_origin+0xad/0x130 [ 543.914302][T13961] __msan_chain_origin+0x50/0x90 [ 543.919251][T13961] do_recvmmsg+0x105a/0x1ee0 [ 543.923842][T13961] __se_sys_recvmmsg+0x1d1/0x350 [ 543.928791][T13961] __x64_sys_recvmmsg+0x62/0x80 [ 543.935040][T13961] do_syscall_64+0xb0/0x150 [ 543.939546][T13961] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 543.945719][T13961] [ 543.948166][T13961] Local variable ----msg_sys@do_recvmmsg created at: [ 543.954936][T13961] do_recvmmsg+0xc5/0x1ee0 [ 543.959350][T13961] do_recvmmsg+0xc5/0x1ee0 05:28:06 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:28:06 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(0xffffffffffffffff, 0xc008ae88, &(0x7f00000000c0)={0x3, 0x0, [0x175, 0x0, 0x3, 0x8, 0x639]}) 05:28:06 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={0x0}}, 0x0) 05:28:06 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:28:06 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = pkey_alloc(0x0, 0x0) pkey_free(r3) pkey_free(r3) pkey_mprotect(&(0x7f00003fe000/0xc00000)=nil, 0xc00000, 0x0, r3) pkey_mprotect(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x8, r3) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockname$packet(r5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r6}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) 05:28:06 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) 05:28:06 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(0xffffffffffffffff, 0xc008ae88, &(0x7f00000000c0)={0x3, 0x0, [0x175, 0x0, 0x3, 0x8, 0x639]}) [ 544.258977][T14019] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:28:06 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$SNDCTL_DSP_GETOSPACE(r4, 0x8010500c, &(0x7f0000000040)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendto$unix(r7, &(0x7f00000002c0)="7f032619e3e5c46aea9e8ce5e9dae19f95c431bb77a72d7e9c7b8d390aa919efa517cbfcfa2892c2ea00e080b5d809af23e68b779e2563fb1946dcd2591fdfb4908026c432041b02db3602b2b797e444159b0ff9f26a88e66162354848c4015ab1abd11d8a13b6ab458e60366b45ce37957e6008dd89a4fa72a3004db1a9017e4048670fd11a24c670343da67ac92580e2", 0x91, 0x4000, &(0x7f0000000180)=@abs={0x1, 0x0, 0x4e24}, 0x6e) r8 = dup(r5) getsockname$packet(r8, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r9}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) 05:28:06 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={0x0}}, 0x0) 05:28:06 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 544.588819][T14023] not chained 600000 origins [ 544.593461][T14023] CPU: 0 PID: 14023 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 544.602239][T14023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 544.612299][T14023] Call Trace: [ 544.615607][T14023] dump_stack+0x1df/0x240 [ 544.619957][T14023] kmsan_internal_chain_origin+0x6f/0x130 [ 544.625871][T14023] ? kmsan_get_metadata+0x4f/0x180 [ 544.631003][T14023] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 544.636913][T14023] ? __msan_poison_alloca+0xf0/0x120 [ 544.642213][T14023] ? kmsan_get_metadata+0x11d/0x180 [ 544.647426][T14023] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 544.653423][T14023] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 544.659521][T14023] ? kfree+0x61/0x30f0 [ 544.663693][T14023] ? kmsan_get_metadata+0x4f/0x180 [ 544.668819][T14023] ? kmsan_set_origin_checked+0x95/0xf0 [ 544.674394][T14023] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 544.680478][T14023] ? _copy_from_user+0x15b/0x260 [ 544.685427][T14023] ? kmsan_get_metadata+0x4f/0x180 [ 544.690556][T14023] __msan_chain_origin+0x50/0x90 [ 544.695510][T14023] do_recvmmsg+0x105a/0x1ee0 [ 544.700136][T14023] ? __msan_poison_alloca+0xf0/0x120 [ 544.705419][T14023] ? __se_sys_recvmmsg+0xac/0x350 [ 544.710431][T14023] ? __se_sys_recvmmsg+0xac/0x350 [ 544.715444][T14023] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 544.721330][T14023] __se_sys_recvmmsg+0x1d1/0x350 [ 544.726268][T14023] __x64_sys_recvmmsg+0x62/0x80 [ 544.731110][T14023] do_syscall_64+0xb0/0x150 [ 544.735603][T14023] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 544.741488][T14023] RIP: 0033:0x45c1d9 [ 544.745385][T14023] Code: Bad RIP value. [ 544.749518][T14023] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 544.758150][T14023] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 544.766144][T14023] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 544.774118][T14023] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 544.782182][T14023] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 544.790135][T14023] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 544.798096][T14023] Uninit was stored to memory at: [ 544.803345][T14023] kmsan_internal_chain_origin+0xad/0x130 [ 544.809254][T14023] __msan_chain_origin+0x50/0x90 [ 544.815024][T14023] do_recvmmsg+0x105a/0x1ee0 [ 544.819742][T14023] __se_sys_recvmmsg+0x1d1/0x350 [ 544.824677][T14023] __x64_sys_recvmmsg+0x62/0x80 [ 544.829514][T14023] do_syscall_64+0xb0/0x150 [ 544.834015][T14023] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 544.839892][T14023] [ 544.842211][T14023] Uninit was stored to memory at: [ 544.847230][T14023] kmsan_internal_chain_origin+0xad/0x130 [ 544.852936][T14023] __msan_chain_origin+0x50/0x90 [ 544.857969][T14023] do_recvmmsg+0x105a/0x1ee0 [ 544.862639][T14023] __se_sys_recvmmsg+0x1d1/0x350 [ 544.868126][T14023] __x64_sys_recvmmsg+0x62/0x80 [ 544.872974][T14023] do_syscall_64+0xb0/0x150 [ 544.877568][T14023] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 544.883476][T14023] [ 544.885807][T14023] Uninit was stored to memory at: [ 544.890832][T14023] kmsan_internal_chain_origin+0xad/0x130 [ 544.896543][T14023] __msan_chain_origin+0x50/0x90 [ 544.901472][T14023] do_recvmmsg+0x105a/0x1ee0 [ 544.906045][T14023] __se_sys_recvmmsg+0x1d1/0x350 [ 544.910990][T14023] __x64_sys_recvmmsg+0x62/0x80 [ 544.915837][T14023] do_syscall_64+0xb0/0x150 [ 544.920352][T14023] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 544.926227][T14023] [ 544.928539][T14023] Uninit was stored to memory at: [ 544.933554][T14023] kmsan_internal_chain_origin+0xad/0x130 [ 544.939342][T14023] __msan_chain_origin+0x50/0x90 [ 544.944814][T14023] do_recvmmsg+0x105a/0x1ee0 [ 544.949409][T14023] __se_sys_recvmmsg+0x1d1/0x350 [ 544.954342][T14023] __x64_sys_recvmmsg+0x62/0x80 [ 544.968314][T14023] do_syscall_64+0xb0/0x150 [ 544.972909][T14023] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 544.978951][T14023] [ 544.981257][T14023] Uninit was stored to memory at: [ 544.986265][T14023] kmsan_internal_chain_origin+0xad/0x130 [ 544.992058][T14023] __msan_chain_origin+0x50/0x90 [ 544.997013][T14023] do_recvmmsg+0x105a/0x1ee0 [ 545.001595][T14023] __se_sys_recvmmsg+0x1d1/0x350 [ 545.006524][T14023] __x64_sys_recvmmsg+0x62/0x80 [ 545.011376][T14023] do_syscall_64+0xb0/0x150 [ 545.015872][T14023] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 545.021738][T14023] [ 545.024068][T14023] Uninit was stored to memory at: [ 545.029971][T14023] kmsan_internal_chain_origin+0xad/0x130 [ 545.036125][T14023] __msan_chain_origin+0x50/0x90 [ 545.041323][T14023] do_recvmmsg+0x105a/0x1ee0 [ 545.045908][T14023] __se_sys_recvmmsg+0x1d1/0x350 [ 545.050833][T14023] __x64_sys_recvmmsg+0x62/0x80 [ 545.055692][T14023] do_syscall_64+0xb0/0x150 [ 545.060275][T14023] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 545.067891][T14023] [ 545.070207][T14023] Uninit was stored to memory at: [ 545.075234][T14023] kmsan_internal_chain_origin+0xad/0x130 [ 545.080945][T14023] __msan_chain_origin+0x50/0x90 [ 545.085871][T14023] do_recvmmsg+0x105a/0x1ee0 05:28:07 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(0xffffffffffffffff, 0xc008ae88, &(0x7f00000000c0)={0x3, 0x0, [0x175, 0x0, 0x3, 0x8, 0x639]}) [ 545.090563][T14023] __se_sys_recvmmsg+0x1d1/0x350 [ 545.095581][T14023] __x64_sys_recvmmsg+0x62/0x80 [ 545.100437][T14023] do_syscall_64+0xb0/0x150 [ 545.104930][T14023] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 545.110796][T14023] [ 545.113191][T14023] Local variable ----msg_sys@do_recvmmsg created at: [ 545.119938][T14023] do_recvmmsg+0xc5/0x1ee0 [ 545.124338][T14023] do_recvmmsg+0xc5/0x1ee0 [ 545.358738][T14044] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:28:07 executing program 5: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={0x0}}, 0x0) [ 545.768381][T14023] not chained 610000 origins [ 545.773020][T14023] CPU: 1 PID: 14023 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 545.781691][T14023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 545.791840][T14023] Call Trace: [ 545.795149][T14023] dump_stack+0x1df/0x240 [ 545.799576][T14023] kmsan_internal_chain_origin+0x6f/0x130 [ 545.805303][T14023] ? kmsan_get_metadata+0x4f/0x180 [ 545.810421][T14023] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 545.816323][T14023] ? __msan_poison_alloca+0xf0/0x120 [ 545.821644][T14023] ? kmsan_get_metadata+0x11d/0x180 [ 545.826852][T14023] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 545.832667][T14023] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 545.838755][T14023] ? kfree+0x61/0x30f0 [ 545.842839][T14023] ? kmsan_get_metadata+0x4f/0x180 [ 545.848032][T14023] ? kmsan_set_origin_checked+0x95/0xf0 [ 545.853592][T14023] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 545.859677][T14023] ? _copy_from_user+0x15b/0x260 [ 545.864805][T14023] ? kmsan_get_metadata+0x4f/0x180 [ 545.870191][T14023] __msan_chain_origin+0x50/0x90 [ 545.875236][T14023] do_recvmmsg+0x105a/0x1ee0 [ 545.879871][T14023] ? __msan_poison_alloca+0xf0/0x120 [ 545.885254][T14023] ? __se_sys_recvmmsg+0xac/0x350 [ 545.890289][T14023] ? __se_sys_recvmmsg+0xac/0x350 [ 545.895318][T14023] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 545.901224][T14023] __se_sys_recvmmsg+0x1d1/0x350 [ 545.906216][T14023] __x64_sys_recvmmsg+0x62/0x80 [ 545.911166][T14023] do_syscall_64+0xb0/0x150 [ 545.915684][T14023] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 545.921578][T14023] RIP: 0033:0x45c1d9 [ 545.925464][T14023] Code: Bad RIP value. [ 545.929623][T14023] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 545.939340][T14023] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 545.947316][T14023] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 545.955465][T14023] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 545.963441][T14023] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 545.971518][T14023] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 545.979680][T14023] Uninit was stored to memory at: [ 545.984757][T14023] kmsan_internal_chain_origin+0xad/0x130 [ 545.990487][T14023] __msan_chain_origin+0x50/0x90 [ 545.995441][T14023] do_recvmmsg+0x105a/0x1ee0 [ 546.000119][T14023] __se_sys_recvmmsg+0x1d1/0x350 [ 546.005053][T14023] __x64_sys_recvmmsg+0x62/0x80 [ 546.009912][T14023] do_syscall_64+0xb0/0x150 [ 546.014524][T14023] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 546.020489][T14023] [ 546.022812][T14023] Uninit was stored to memory at: [ 546.027843][T14023] kmsan_internal_chain_origin+0xad/0x130 [ 546.033566][T14023] __msan_chain_origin+0x50/0x90 [ 546.038512][T14023] do_recvmmsg+0x105a/0x1ee0 [ 546.043121][T14023] __se_sys_recvmmsg+0x1d1/0x350 [ 546.048064][T14023] __x64_sys_recvmmsg+0x62/0x80 [ 546.052927][T14023] do_syscall_64+0xb0/0x150 [ 546.057477][T14023] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 546.063363][T14023] [ 546.065693][T14023] Uninit was stored to memory at: [ 546.070732][T14023] kmsan_internal_chain_origin+0xad/0x130 [ 546.076458][T14023] __msan_chain_origin+0x50/0x90 [ 546.081408][T14023] do_recvmmsg+0x105a/0x1ee0 [ 546.086006][T14023] __se_sys_recvmmsg+0x1d1/0x350 [ 546.090945][T14023] __x64_sys_recvmmsg+0x62/0x80 [ 546.095804][T14023] do_syscall_64+0xb0/0x150 [ 546.100315][T14023] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 546.106195][T14023] [ 546.108519][T14023] Uninit was stored to memory at: [ 546.113585][T14023] kmsan_internal_chain_origin+0xad/0x130 [ 546.119398][T14023] __msan_chain_origin+0x50/0x90 [ 546.124869][T14023] do_recvmmsg+0x105a/0x1ee0 [ 546.129474][T14023] __se_sys_recvmmsg+0x1d1/0x350 [ 546.134503][T14023] __x64_sys_recvmmsg+0x62/0x80 [ 546.139359][T14023] do_syscall_64+0xb0/0x150 [ 546.143872][T14023] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 546.149789][T14023] [ 546.152229][T14023] Uninit was stored to memory at: [ 546.157254][T14023] kmsan_internal_chain_origin+0xad/0x130 [ 546.162983][T14023] __msan_chain_origin+0x50/0x90 [ 546.167925][T14023] do_recvmmsg+0x105a/0x1ee0 [ 546.172523][T14023] __se_sys_recvmmsg+0x1d1/0x350 [ 546.177461][T14023] __x64_sys_recvmmsg+0x62/0x80 [ 546.182316][T14023] do_syscall_64+0xb0/0x150 [ 546.186849][T14023] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 546.192822][T14023] [ 546.195154][T14023] Uninit was stored to memory at: [ 546.200181][T14023] kmsan_internal_chain_origin+0xad/0x130 [ 546.207289][T14023] __msan_chain_origin+0x50/0x90 [ 546.212319][T14023] do_recvmmsg+0x105a/0x1ee0 [ 546.216912][T14023] __se_sys_recvmmsg+0x1d1/0x350 [ 546.221850][T14023] __x64_sys_recvmmsg+0x62/0x80 [ 546.226735][T14023] do_syscall_64+0xb0/0x150 [ 546.231332][T14023] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 546.237301][T14023] [ 546.239621][T14023] Uninit was stored to memory at: [ 546.244649][T14023] kmsan_internal_chain_origin+0xad/0x130 [ 546.251620][T14023] __msan_chain_origin+0x50/0x90 [ 546.256910][T14023] do_recvmmsg+0x105a/0x1ee0 [ 546.261515][T14023] __se_sys_recvmmsg+0x1d1/0x350 [ 546.269071][T14023] __x64_sys_recvmmsg+0x62/0x80 [ 546.274053][T14023] do_syscall_64+0xb0/0x150 [ 546.279013][T14023] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 546.285039][T14023] [ 546.287460][T14023] Local variable ----msg_sys@do_recvmmsg created at: [ 546.294317][T14023] do_recvmmsg+0xc5/0x1ee0 [ 546.298744][T14023] do_recvmmsg+0xc5/0x1ee0 [ 546.554776][T14023] not chained 620000 origins [ 546.559503][T14023] CPU: 0 PID: 14023 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 546.568266][T14023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 546.581098][T14023] Call Trace: [ 546.585005][T14023] dump_stack+0x1df/0x240 [ 546.589530][T14023] kmsan_internal_chain_origin+0x6f/0x130 [ 546.595299][T14023] ? kmsan_get_metadata+0x4f/0x180 [ 546.600422][T14023] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 546.606326][T14023] ? __msan_poison_alloca+0xf0/0x120 [ 546.611622][T14023] ? kmsan_get_metadata+0x11d/0x180 [ 546.616830][T14023] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 546.622642][T14023] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 546.628718][T14023] ? kfree+0x61/0x30f0 [ 546.632800][T14023] ? kmsan_get_metadata+0x4f/0x180 [ 546.637931][T14023] ? kmsan_set_origin_checked+0x95/0xf0 [ 546.643661][T14023] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 546.652216][T14023] ? _copy_from_user+0x15b/0x260 [ 546.657254][T14023] ? kmsan_get_metadata+0x4f/0x180 [ 546.662561][T14023] __msan_chain_origin+0x50/0x90 [ 546.675600][T14023] do_recvmmsg+0x105a/0x1ee0 [ 546.680244][T14023] ? __msan_poison_alloca+0xf0/0x120 [ 546.685547][T14023] ? __se_sys_recvmmsg+0xac/0x350 [ 546.690788][T14023] ? __se_sys_recvmmsg+0xac/0x350 [ 546.695834][T14023] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 546.701747][T14023] __se_sys_recvmmsg+0x1d1/0x350 [ 546.706713][T14023] __x64_sys_recvmmsg+0x62/0x80 [ 546.711573][T14023] do_syscall_64+0xb0/0x150 [ 546.716100][T14023] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 546.722114][T14023] RIP: 0033:0x45c1d9 [ 546.726019][T14023] Code: Bad RIP value. [ 546.730091][T14023] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 546.738509][T14023] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 546.746491][T14023] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 546.755475][T14023] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 546.763637][T14023] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 546.771619][T14023] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 546.779781][T14023] Uninit was stored to memory at: [ 546.784870][T14023] kmsan_internal_chain_origin+0xad/0x130 [ 546.790596][T14023] __msan_chain_origin+0x50/0x90 [ 546.795548][T14023] do_recvmmsg+0x105a/0x1ee0 [ 546.800185][T14023] __se_sys_recvmmsg+0x1d1/0x350 [ 546.805182][T14023] __x64_sys_recvmmsg+0x62/0x80 [ 546.810043][T14023] do_syscall_64+0xb0/0x150 [ 546.814556][T14023] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 546.820436][T14023] [ 546.822753][T14023] Uninit was stored to memory at: [ 546.829260][T14023] kmsan_internal_chain_origin+0xad/0x130 [ 546.834990][T14023] __msan_chain_origin+0x50/0x90 [ 546.840026][T14023] do_recvmmsg+0x105a/0x1ee0 [ 546.844636][T14023] __se_sys_recvmmsg+0x1d1/0x350 [ 546.849587][T14023] __x64_sys_recvmmsg+0x62/0x80 [ 546.854538][T14023] do_syscall_64+0xb0/0x150 [ 546.859051][T14023] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 546.864978][T14023] [ 546.867299][T14023] Uninit was stored to memory at: [ 546.872328][T14023] kmsan_internal_chain_origin+0xad/0x130 [ 546.878090][T14023] __msan_chain_origin+0x50/0x90 [ 546.883037][T14023] do_recvmmsg+0x105a/0x1ee0 [ 546.887807][T14023] __se_sys_recvmmsg+0x1d1/0x350 [ 546.892756][T14023] __x64_sys_recvmmsg+0x62/0x80 [ 546.897619][T14023] do_syscall_64+0xb0/0x150 [ 546.902134][T14023] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 546.908111][T14023] [ 546.910436][T14023] Uninit was stored to memory at: [ 546.915472][T14023] kmsan_internal_chain_origin+0xad/0x130 [ 546.921287][T14023] __msan_chain_origin+0x50/0x90 [ 546.926234][T14023] do_recvmmsg+0x105a/0x1ee0 [ 546.931020][T14023] __se_sys_recvmmsg+0x1d1/0x350 [ 546.936059][T14023] __x64_sys_recvmmsg+0x62/0x80 [ 546.940918][T14023] do_syscall_64+0xb0/0x150 [ 546.945431][T14023] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 546.951503][T14023] [ 546.953829][T14023] Uninit was stored to memory at: [ 546.958864][T14023] kmsan_internal_chain_origin+0xad/0x130 [ 546.964677][T14023] __msan_chain_origin+0x50/0x90 [ 546.969643][T14023] do_recvmmsg+0x105a/0x1ee0 [ 546.974260][T14023] __se_sys_recvmmsg+0x1d1/0x350 [ 546.979380][T14023] __x64_sys_recvmmsg+0x62/0x80 [ 546.984329][T14023] do_syscall_64+0xb0/0x150 [ 546.988834][T14023] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 546.994715][T14023] [ 546.997040][T14023] Uninit was stored to memory at: [ 547.002070][T14023] kmsan_internal_chain_origin+0xad/0x130 [ 547.007798][T14023] __msan_chain_origin+0x50/0x90 [ 547.012740][T14023] do_recvmmsg+0x105a/0x1ee0 [ 547.017334][T14023] __se_sys_recvmmsg+0x1d1/0x350 [ 547.022278][T14023] __x64_sys_recvmmsg+0x62/0x80 [ 547.027306][T14023] do_syscall_64+0xb0/0x150 [ 547.032086][T14023] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 547.038010][T14023] [ 547.040345][T14023] Uninit was stored to memory at: [ 547.045384][T14023] kmsan_internal_chain_origin+0xad/0x130 [ 547.051203][T14023] __msan_chain_origin+0x50/0x90 [ 547.056158][T14023] do_recvmmsg+0x105a/0x1ee0 [ 547.060773][T14023] __se_sys_recvmmsg+0x1d1/0x350 [ 547.065723][T14023] __x64_sys_recvmmsg+0x62/0x80 [ 547.072161][T14023] do_syscall_64+0xb0/0x150 [ 547.076970][T14023] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 547.083780][T14023] [ 547.086113][T14023] Local variable ----msg_sys@do_recvmmsg created at: [ 547.092942][T14023] do_recvmmsg+0xc5/0x1ee0 [ 547.097375][T14023] do_recvmmsg+0xc5/0x1ee0 05:28:09 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:28:09 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r0, 0xc008ae88, &(0x7f00000000c0)={0x3, 0x0, [0x175, 0x0, 0x3, 0x8, 0x639]}) 05:28:09 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x3f, 0x0, 0x0, r5}, [@IFA_LOCAL={0x14, 0x2, @mcast1}]}, 0x2c}}, 0x4044004) 05:28:09 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:28:09 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc008ae88, &(0x7f00000000c0)={0x3, 0x0, [0x175, 0x0, 0x3, 0x8, 0x400000b1]}) 05:28:09 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) [ 547.634744][T14061] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 547.821053][T14076] not chained 630000 origins [ 547.825689][T14076] CPU: 0 PID: 14076 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 547.835322][T14076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 547.845374][T14076] Call Trace: [ 547.848670][T14076] dump_stack+0x1df/0x240 [ 547.853001][T14076] kmsan_internal_chain_origin+0x6f/0x130 [ 547.859772][T14076] ? kmsan_get_metadata+0x4f/0x180 [ 547.864879][T14076] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 547.870767][T14076] ? __msan_poison_alloca+0xf0/0x120 [ 547.876060][T14076] ? kmsan_get_metadata+0x11d/0x180 [ 547.881251][T14076] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 547.887130][T14076] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 547.893215][T14076] ? kfree+0x61/0x30f0 [ 547.897362][T14076] ? kmsan_get_metadata+0x4f/0x180 [ 547.902474][T14076] ? kmsan_set_origin_checked+0x95/0xf0 [ 547.908181][T14076] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 547.914331][T14076] ? _copy_from_user+0x15b/0x260 [ 547.919254][T14076] ? kmsan_get_metadata+0x4f/0x180 [ 547.924487][T14076] __msan_chain_origin+0x50/0x90 [ 547.929422][T14076] do_recvmmsg+0x105a/0x1ee0 [ 547.934486][T14076] ? __msan_poison_alloca+0xf0/0x120 [ 547.939807][T14076] ? __se_sys_recvmmsg+0xac/0x350 [ 547.944831][T14076] ? __se_sys_recvmmsg+0xac/0x350 [ 547.950088][T14076] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 547.955983][T14076] __se_sys_recvmmsg+0x1d1/0x350 [ 547.960942][T14076] __x64_sys_recvmmsg+0x62/0x80 [ 547.965814][T14076] do_syscall_64+0xb0/0x150 [ 547.970319][T14076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 547.976203][T14076] RIP: 0033:0x45c1d9 [ 547.980087][T14076] Code: Bad RIP value. [ 547.984148][T14076] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 547.992560][T14076] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 548.000526][T14076] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 548.008575][T14076] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 548.016619][T14076] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 548.024578][T14076] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 548.032658][T14076] Uninit was stored to memory at: [ 548.037681][T14076] kmsan_internal_chain_origin+0xad/0x130 [ 548.043416][T14076] __msan_chain_origin+0x50/0x90 [ 548.048355][T14076] do_recvmmsg+0x105a/0x1ee0 [ 548.052942][T14076] __se_sys_recvmmsg+0x1d1/0x350 [ 548.057870][T14076] __x64_sys_recvmmsg+0x62/0x80 [ 548.062710][T14076] do_syscall_64+0xb0/0x150 [ 548.067201][T14076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 548.073191][T14076] [ 548.075507][T14076] Uninit was stored to memory at: [ 548.080527][T14076] kmsan_internal_chain_origin+0xad/0x130 [ 548.086232][T14076] __msan_chain_origin+0x50/0x90 [ 548.091179][T14076] do_recvmmsg+0x105a/0x1ee0 [ 548.095763][T14076] __se_sys_recvmmsg+0x1d1/0x350 [ 548.100709][T14076] __x64_sys_recvmmsg+0x62/0x80 [ 548.105566][T14076] do_syscall_64+0xb0/0x150 [ 548.110057][T14076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 548.115962][T14076] [ 548.118275][T14076] Uninit was stored to memory at: [ 548.123289][T14076] kmsan_internal_chain_origin+0xad/0x130 [ 548.128997][T14076] __msan_chain_origin+0x50/0x90 [ 548.133921][T14076] do_recvmmsg+0x105a/0x1ee0 [ 548.138496][T14076] __se_sys_recvmmsg+0x1d1/0x350 [ 548.143418][T14076] __x64_sys_recvmmsg+0x62/0x80 [ 548.148257][T14076] do_syscall_64+0xb0/0x150 [ 548.152746][T14076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 548.158614][T14076] [ 548.160924][T14076] Uninit was stored to memory at: [ 548.165934][T14076] kmsan_internal_chain_origin+0xad/0x130 [ 548.171652][T14076] __msan_chain_origin+0x50/0x90 [ 548.176580][T14076] do_recvmmsg+0x105a/0x1ee0 [ 548.181164][T14076] __se_sys_recvmmsg+0x1d1/0x350 [ 548.186092][T14076] __x64_sys_recvmmsg+0x62/0x80 [ 548.190932][T14076] do_syscall_64+0xb0/0x150 [ 548.195424][T14076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 548.201291][T14076] [ 548.203601][T14076] Uninit was stored to memory at: [ 548.208630][T14076] kmsan_internal_chain_origin+0xad/0x130 [ 548.214340][T14076] __msan_chain_origin+0x50/0x90 [ 548.219265][T14076] do_recvmmsg+0x105a/0x1ee0 [ 548.223845][T14076] __se_sys_recvmmsg+0x1d1/0x350 [ 548.228770][T14076] __x64_sys_recvmmsg+0x62/0x80 [ 548.233605][T14076] do_syscall_64+0xb0/0x150 [ 548.238093][T14076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 548.243961][T14076] [ 548.246269][T14076] Uninit was stored to memory at: [ 548.251298][T14076] kmsan_internal_chain_origin+0xad/0x130 [ 548.257008][T14076] __msan_chain_origin+0x50/0x90 [ 548.261934][T14076] do_recvmmsg+0x105a/0x1ee0 [ 548.266510][T14076] __se_sys_recvmmsg+0x1d1/0x350 [ 548.271557][T14076] __x64_sys_recvmmsg+0x62/0x80 [ 548.276400][T14076] do_syscall_64+0xb0/0x150 [ 548.280893][T14076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 548.286763][T14076] [ 548.289075][T14076] Uninit was stored to memory at: [ 548.294084][T14076] kmsan_internal_chain_origin+0xad/0x130 [ 548.299786][T14076] __msan_chain_origin+0x50/0x90 [ 548.304709][T14076] do_recvmmsg+0x105a/0x1ee0 [ 548.309290][T14076] __se_sys_recvmmsg+0x1d1/0x350 [ 548.314231][T14076] __x64_sys_recvmmsg+0x62/0x80 05:28:10 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r0, 0xc008ae88, &(0x7f00000000c0)={0x3, 0x0, [0x175, 0x0, 0x3, 0x8, 0x639]}) [ 548.319068][T14076] do_syscall_64+0xb0/0x150 [ 548.323654][T14076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 548.329536][T14076] [ 548.331846][T14076] Local variable ----msg_sys@do_recvmmsg created at: [ 548.338511][T14076] do_recvmmsg+0xc5/0x1ee0 [ 548.342941][T14076] do_recvmmsg+0xc5/0x1ee0 05:28:10 executing program 5: 05:28:10 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r5}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) 05:28:10 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:28:10 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r0, 0xc008ae88, &(0x7f00000000c0)={0x3, 0x0, [0x175, 0x0, 0x3, 0x8, 0x639]}) 05:28:10 executing program 5: [ 548.747942][T14083] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 549.153413][T14076] not chained 640000 origins [ 549.158056][T14076] CPU: 1 PID: 14076 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 549.166726][T14076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 549.176789][T14076] Call Trace: [ 549.180084][T14076] dump_stack+0x1df/0x240 [ 549.184424][T14076] kmsan_internal_chain_origin+0x6f/0x130 [ 549.190149][T14076] ? kmsan_get_metadata+0x4f/0x180 [ 549.195360][T14076] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 549.201290][T14076] ? __msan_poison_alloca+0xf0/0x120 [ 549.206584][T14076] ? kmsan_get_metadata+0x11d/0x180 [ 549.211792][T14076] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 549.217607][T14076] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 549.224382][T14076] ? kfree+0x61/0x30f0 [ 549.228457][T14076] ? kmsan_get_metadata+0x4f/0x180 [ 549.233577][T14076] ? kmsan_set_origin_checked+0x95/0xf0 [ 549.239125][T14076] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 549.245198][T14076] ? _copy_from_user+0x15b/0x260 [ 549.250136][T14076] ? kmsan_get_metadata+0x4f/0x180 [ 549.255255][T14076] __msan_chain_origin+0x50/0x90 [ 549.260327][T14076] do_recvmmsg+0x105a/0x1ee0 [ 549.264968][T14076] ? __msan_poison_alloca+0xf0/0x120 [ 549.270263][T14076] ? __se_sys_recvmmsg+0xac/0x350 [ 549.275295][T14076] ? __se_sys_recvmmsg+0xac/0x350 [ 549.280322][T14076] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 549.286220][T14076] __se_sys_recvmmsg+0x1d1/0x350 [ 549.291255][T14076] __x64_sys_recvmmsg+0x62/0x80 [ 549.296112][T14076] do_syscall_64+0xb0/0x150 [ 549.300625][T14076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 549.306517][T14076] RIP: 0033:0x45c1d9 [ 549.310401][T14076] Code: Bad RIP value. [ 549.314551][T14076] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 549.322966][T14076] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 549.330936][T14076] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 549.338913][T14076] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 549.346982][T14076] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 549.355085][T14076] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 549.363073][T14076] Uninit was stored to memory at: [ 549.368108][T14076] kmsan_internal_chain_origin+0xad/0x130 [ 549.373832][T14076] __msan_chain_origin+0x50/0x90 [ 549.378768][T14076] do_recvmmsg+0x105a/0x1ee0 [ 549.383361][T14076] __se_sys_recvmmsg+0x1d1/0x350 [ 549.388990][T14076] __x64_sys_recvmmsg+0x62/0x80 [ 549.393842][T14076] do_syscall_64+0xb0/0x150 [ 549.398350][T14076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 549.404338][T14076] [ 549.406670][T14076] Uninit was stored to memory at: [ 549.411701][T14076] kmsan_internal_chain_origin+0xad/0x130 [ 549.417437][T14076] __msan_chain_origin+0x50/0x90 [ 549.422382][T14076] do_recvmmsg+0x105a/0x1ee0 [ 549.427239][T14076] __se_sys_recvmmsg+0x1d1/0x350 [ 549.432201][T14076] __x64_sys_recvmmsg+0x62/0x80 [ 549.437066][T14076] do_syscall_64+0xb0/0x150 [ 549.441582][T14076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 549.447605][T14076] [ 549.450023][T14076] Uninit was stored to memory at: [ 549.455067][T14076] kmsan_internal_chain_origin+0xad/0x130 [ 549.460916][T14076] __msan_chain_origin+0x50/0x90 [ 549.465881][T14076] do_recvmmsg+0x105a/0x1ee0 [ 549.470480][T14076] __se_sys_recvmmsg+0x1d1/0x350 [ 549.475436][T14076] __x64_sys_recvmmsg+0x62/0x80 [ 549.480292][T14076] do_syscall_64+0xb0/0x150 [ 549.484815][T14076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 549.490703][T14076] [ 549.493029][T14076] Uninit was stored to memory at: [ 549.498062][T14076] kmsan_internal_chain_origin+0xad/0x130 [ 549.503790][T14076] __msan_chain_origin+0x50/0x90 [ 549.508733][T14076] do_recvmmsg+0x105a/0x1ee0 [ 549.513336][T14076] __se_sys_recvmmsg+0x1d1/0x350 [ 549.518375][T14076] __x64_sys_recvmmsg+0x62/0x80 [ 549.523272][T14076] do_syscall_64+0xb0/0x150 [ 549.527987][T14076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 549.533877][T14076] [ 549.536201][T14076] Uninit was stored to memory at: [ 549.541362][T14076] kmsan_internal_chain_origin+0xad/0x130 [ 549.547091][T14076] __msan_chain_origin+0x50/0x90 [ 549.552037][T14076] do_recvmmsg+0x105a/0x1ee0 [ 549.556631][T14076] __se_sys_recvmmsg+0x1d1/0x350 [ 549.561569][T14076] __x64_sys_recvmmsg+0x62/0x80 [ 549.566431][T14076] do_syscall_64+0xb0/0x150 [ 549.570953][T14076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 549.576858][T14076] [ 549.579183][T14076] Uninit was stored to memory at: [ 549.584218][T14076] kmsan_internal_chain_origin+0xad/0x130 [ 549.589949][T14076] __msan_chain_origin+0x50/0x90 [ 549.594899][T14076] do_recvmmsg+0x105a/0x1ee0 [ 549.599493][T14076] __se_sys_recvmmsg+0x1d1/0x350 [ 549.604568][T14076] __x64_sys_recvmmsg+0x62/0x80 [ 549.609430][T14076] do_syscall_64+0xb0/0x150 [ 549.614034][T14076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 549.619915][T14076] [ 549.622238][T14076] Uninit was stored to memory at: [ 549.627446][T14076] kmsan_internal_chain_origin+0xad/0x130 [ 549.633171][T14076] __msan_chain_origin+0x50/0x90 [ 549.638285][T14076] do_recvmmsg+0x105a/0x1ee0 [ 549.642881][T14076] __se_sys_recvmmsg+0x1d1/0x350 [ 549.647828][T14076] __x64_sys_recvmmsg+0x62/0x80 [ 549.652865][T14076] do_syscall_64+0xb0/0x150 [ 549.657369][T14076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 549.663249][T14076] [ 549.665574][T14076] Local variable ----msg_sys@do_recvmmsg created at: [ 549.672379][T14076] do_recvmmsg+0xc5/0x1ee0 [ 549.676794][T14076] do_recvmmsg+0xc5/0x1ee0 [ 550.364809][T14076] not chained 650000 origins [ 550.369557][T14076] CPU: 0 PID: 14076 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 550.378231][T14076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 550.388297][T14076] Call Trace: [ 550.391615][T14076] dump_stack+0x1df/0x240 [ 550.395957][T14076] kmsan_internal_chain_origin+0x6f/0x130 [ 550.402292][T14076] ? kmsan_get_metadata+0x4f/0x180 [ 550.407419][T14076] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 550.413324][T14076] ? __msan_poison_alloca+0xf0/0x120 [ 550.418635][T14076] ? kmsan_get_metadata+0x11d/0x180 [ 550.423843][T14076] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 550.429658][T14076] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 550.435735][T14076] ? kfree+0x61/0x30f0 [ 550.439904][T14076] ? kmsan_get_metadata+0x4f/0x180 [ 550.445025][T14076] ? kmsan_set_origin_checked+0x95/0xf0 [ 550.450582][T14076] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 550.456660][T14076] ? _copy_from_user+0x15b/0x260 [ 550.461610][T14076] ? kmsan_get_metadata+0x4f/0x180 [ 550.466734][T14076] __msan_chain_origin+0x50/0x90 [ 550.471781][T14076] do_recvmmsg+0x105a/0x1ee0 [ 550.476420][T14076] ? __msan_poison_alloca+0xf0/0x120 [ 550.481809][T14076] ? __se_sys_recvmmsg+0xac/0x350 [ 550.486845][T14076] ? __se_sys_recvmmsg+0xac/0x350 [ 550.491881][T14076] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 550.497792][T14076] __se_sys_recvmmsg+0x1d1/0x350 [ 550.502753][T14076] __x64_sys_recvmmsg+0x62/0x80 [ 550.507617][T14076] do_syscall_64+0xb0/0x150 [ 550.512140][T14076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 550.518033][T14076] RIP: 0033:0x45c1d9 [ 550.522012][T14076] Code: Bad RIP value. [ 550.526079][T14076] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 550.534495][T14076] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 550.542475][T14076] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 550.550454][T14076] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 550.558428][T14076] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 550.566408][T14076] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 550.574396][T14076] Uninit was stored to memory at: [ 550.579569][T14076] kmsan_internal_chain_origin+0xad/0x130 [ 550.585299][T14076] __msan_chain_origin+0x50/0x90 [ 550.590243][T14076] do_recvmmsg+0x105a/0x1ee0 [ 550.594840][T14076] __se_sys_recvmmsg+0x1d1/0x350 [ 550.599779][T14076] __x64_sys_recvmmsg+0x62/0x80 [ 550.604727][T14076] do_syscall_64+0xb0/0x150 [ 550.609234][T14076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 550.615114][T14076] [ 550.617435][T14076] Uninit was stored to memory at: [ 550.622466][T14076] kmsan_internal_chain_origin+0xad/0x130 [ 550.628197][T14076] __msan_chain_origin+0x50/0x90 [ 550.633143][T14076] do_recvmmsg+0x105a/0x1ee0 [ 550.637745][T14076] __se_sys_recvmmsg+0x1d1/0x350 [ 550.642709][T14076] __x64_sys_recvmmsg+0x62/0x80 [ 550.647563][T14076] do_syscall_64+0xb0/0x150 [ 550.652076][T14076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 550.657965][T14076] [ 550.660297][T14076] Uninit was stored to memory at: [ 550.665419][T14076] kmsan_internal_chain_origin+0xad/0x130 [ 550.671129][T14076] __msan_chain_origin+0x50/0x90 [ 550.676150][T14076] do_recvmmsg+0x105a/0x1ee0 [ 550.680728][T14076] __se_sys_recvmmsg+0x1d1/0x350 [ 550.685657][T14076] __x64_sys_recvmmsg+0x62/0x80 [ 550.690621][T14076] do_syscall_64+0xb0/0x150 [ 550.695109][T14076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 550.700981][T14076] [ 550.703296][T14076] Uninit was stored to memory at: [ 550.708479][T14076] kmsan_internal_chain_origin+0xad/0x130 [ 550.714195][T14076] __msan_chain_origin+0x50/0x90 [ 550.719116][T14076] do_recvmmsg+0x105a/0x1ee0 [ 550.723690][T14076] __se_sys_recvmmsg+0x1d1/0x350 [ 550.728613][T14076] __x64_sys_recvmmsg+0x62/0x80 [ 550.733548][T14076] do_syscall_64+0xb0/0x150 [ 550.738040][T14076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 550.743906][T14076] [ 550.746227][T14076] Uninit was stored to memory at: [ 550.751241][T14076] kmsan_internal_chain_origin+0xad/0x130 [ 550.756944][T14076] __msan_chain_origin+0x50/0x90 [ 550.761868][T14076] do_recvmmsg+0x105a/0x1ee0 [ 550.766441][T14076] __se_sys_recvmmsg+0x1d1/0x350 [ 550.771364][T14076] __x64_sys_recvmmsg+0x62/0x80 [ 550.776201][T14076] do_syscall_64+0xb0/0x150 [ 550.780702][T14076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 550.786568][T14076] [ 550.788881][T14076] Uninit was stored to memory at: [ 550.793889][T14076] kmsan_internal_chain_origin+0xad/0x130 [ 550.799592][T14076] __msan_chain_origin+0x50/0x90 [ 550.804602][T14076] do_recvmmsg+0x105a/0x1ee0 [ 550.809363][T14076] __se_sys_recvmmsg+0x1d1/0x350 [ 550.814300][T14076] __x64_sys_recvmmsg+0x62/0x80 [ 550.819141][T14076] do_syscall_64+0xb0/0x150 [ 550.823639][T14076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 550.829530][T14076] [ 550.831839][T14076] Uninit was stored to memory at: [ 550.836853][T14076] kmsan_internal_chain_origin+0xad/0x130 [ 550.842572][T14076] __msan_chain_origin+0x50/0x90 [ 550.847493][T14076] do_recvmmsg+0x105a/0x1ee0 [ 550.852065][T14076] __se_sys_recvmmsg+0x1d1/0x350 [ 550.856990][T14076] __x64_sys_recvmmsg+0x62/0x80 [ 550.861824][T14076] do_syscall_64+0xb0/0x150 [ 550.866323][T14076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 550.872187][T14076] [ 550.874660][T14076] Local variable ----msg_sys@do_recvmmsg created at: [ 550.881336][T14076] do_recvmmsg+0xc5/0x1ee0 [ 550.885747][T14076] do_recvmmsg+0xc5/0x1ee0 [ 551.199452][T14076] not chained 660000 origins [ 551.207031][T14076] CPU: 0 PID: 14076 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 551.215698][T14076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 551.225753][T14076] Call Trace: [ 551.229058][T14076] dump_stack+0x1df/0x240 [ 551.233409][T14076] kmsan_internal_chain_origin+0x6f/0x130 [ 551.239134][T14076] ? kmsan_get_metadata+0x4f/0x180 [ 551.244253][T14076] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 551.250162][T14076] ? __msan_poison_alloca+0xf0/0x120 [ 551.255461][T14076] ? kmsan_get_metadata+0x11d/0x180 [ 551.260776][T14076] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 551.266588][T14076] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 551.272657][T14076] ? kfree+0x61/0x30f0 [ 551.284123][T14076] ? kmsan_get_metadata+0x4f/0x180 [ 551.289244][T14076] ? kmsan_set_origin_checked+0x95/0xf0 [ 551.294802][T14076] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 551.300889][T14076] ? _copy_from_user+0x15b/0x260 [ 551.305833][T14076] ? kmsan_get_metadata+0x4f/0x180 [ 551.311121][T14076] __msan_chain_origin+0x50/0x90 [ 551.316065][T14076] do_recvmmsg+0x105a/0x1ee0 [ 551.320697][T14076] ? __msan_poison_alloca+0xf0/0x120 [ 551.325993][T14076] ? __se_sys_recvmmsg+0xac/0x350 [ 551.331022][T14076] ? __se_sys_recvmmsg+0xac/0x350 [ 551.336060][T14076] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 551.341961][T14076] __se_sys_recvmmsg+0x1d1/0x350 [ 551.346912][T14076] __x64_sys_recvmmsg+0x62/0x80 [ 551.351768][T14076] do_syscall_64+0xb0/0x150 [ 551.356276][T14076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 551.362164][T14076] RIP: 0033:0x45c1d9 [ 551.366052][T14076] Code: Bad RIP value. [ 551.370112][T14076] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 551.378527][T14076] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 551.386500][T14076] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 551.394470][T14076] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 551.402440][T14076] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 551.410414][T14076] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 551.418398][T14076] Uninit was stored to memory at: [ 551.423424][T14076] kmsan_internal_chain_origin+0xad/0x130 [ 551.429137][T14076] __msan_chain_origin+0x50/0x90 [ 551.434082][T14076] do_recvmmsg+0x105a/0x1ee0 [ 551.438676][T14076] __se_sys_recvmmsg+0x1d1/0x350 [ 551.443611][T14076] __x64_sys_recvmmsg+0x62/0x80 [ 551.448460][T14076] do_syscall_64+0xb0/0x150 [ 551.452962][T14076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 551.458841][T14076] [ 551.461160][T14076] Uninit was stored to memory at: [ 551.466288][T14076] kmsan_internal_chain_origin+0xad/0x130 [ 551.472011][T14076] __msan_chain_origin+0x50/0x90 [ 551.476948][T14076] do_recvmmsg+0x105a/0x1ee0 [ 551.481627][T14076] __se_sys_recvmmsg+0x1d1/0x350 [ 551.486572][T14076] __x64_sys_recvmmsg+0x62/0x80 [ 551.491424][T14076] do_syscall_64+0xb0/0x150 [ 551.495941][T14076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 551.501827][T14076] [ 551.504147][T14076] Uninit was stored to memory at: [ 551.509175][T14076] kmsan_internal_chain_origin+0xad/0x130 [ 551.514907][T14076] __msan_chain_origin+0x50/0x90 [ 551.519845][T14076] do_recvmmsg+0x105a/0x1ee0 [ 551.524433][T14076] __se_sys_recvmmsg+0x1d1/0x350 [ 551.529367][T14076] __x64_sys_recvmmsg+0x62/0x80 [ 551.534224][T14076] do_syscall_64+0xb0/0x150 [ 551.538729][T14076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 551.544609][T14076] [ 551.546924][T14076] Uninit was stored to memory at: [ 551.551949][T14076] kmsan_internal_chain_origin+0xad/0x130 [ 551.557671][T14076] __msan_chain_origin+0x50/0x90 [ 551.562614][T14076] do_recvmmsg+0x105a/0x1ee0 [ 551.567206][T14076] __se_sys_recvmmsg+0x1d1/0x350 [ 551.572145][T14076] __x64_sys_recvmmsg+0x62/0x80 [ 551.577017][T14076] do_syscall_64+0xb0/0x150 [ 551.581518][T14076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 551.587389][T14076] [ 551.589706][T14076] Uninit was stored to memory at: [ 551.594732][T14076] kmsan_internal_chain_origin+0xad/0x130 [ 551.600457][T14076] __msan_chain_origin+0x50/0x90 [ 551.605390][T14076] do_recvmmsg+0x105a/0x1ee0 [ 551.609990][T14076] __se_sys_recvmmsg+0x1d1/0x350 [ 551.614926][T14076] __x64_sys_recvmmsg+0x62/0x80 [ 551.619774][T14076] do_syscall_64+0xb0/0x150 [ 551.624284][T14076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 551.630161][T14076] [ 551.632480][T14076] Uninit was stored to memory at: [ 551.637502][T14076] kmsan_internal_chain_origin+0xad/0x130 [ 551.643225][T14076] __msan_chain_origin+0x50/0x90 [ 551.648158][T14076] do_recvmmsg+0x105a/0x1ee0 [ 551.652745][T14076] __se_sys_recvmmsg+0x1d1/0x350 [ 551.657678][T14076] __x64_sys_recvmmsg+0x62/0x80 [ 551.662529][T14076] do_syscall_64+0xb0/0x150 [ 551.667289][T14076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 551.673166][T14076] [ 551.675481][T14076] Uninit was stored to memory at: [ 551.680502][T14076] kmsan_internal_chain_origin+0xad/0x130 [ 551.686224][T14076] __msan_chain_origin+0x50/0x90 [ 551.691267][T14076] do_recvmmsg+0x105a/0x1ee0 [ 551.695859][T14076] __se_sys_recvmmsg+0x1d1/0x350 [ 551.700831][T14076] __x64_sys_recvmmsg+0x62/0x80 [ 551.705689][T14076] do_syscall_64+0xb0/0x150 [ 551.710189][T14076] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 551.716249][T14076] [ 551.718569][T14076] Local variable ----msg_sys@do_recvmmsg created at: [ 551.725242][T14076] do_recvmmsg+0xc5/0x1ee0 [ 551.729651][T14076] do_recvmmsg+0xc5/0x1ee0 05:28:13 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:28:13 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r5}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) ioctl$DRM_IOCTL_AGP_ENABLE(r1, 0x40086432, &(0x7f0000000040)=0x6) 05:28:13 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r1, 0xc008ae88, &(0x7f00000000c0)={0x3, 0x0, [0x175, 0x0, 0x3, 0x8, 0x639]}) 05:28:13 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:28:13 executing program 5: 05:28:14 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) [ 551.958649][T14102] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:28:14 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r1, 0xc008ae88, &(0x7f00000000c0)={0x3, 0x0, [0x175, 0x0, 0x3, 0x8, 0x639]}) 05:28:14 executing program 5: 05:28:14 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000040)) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r5}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) 05:28:14 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:28:14 executing program 5: [ 552.456054][T14119] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:28:14 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r5}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) r6 = creat(&(0x7f00000000c0)='./file0\x00', 0x51f) write$binfmt_script(r6, &(0x7f0000002300)={'#! ', './file0'}, 0xb) close(r6) ioctl$SNDRV_PCM_IOCTL_STATUS64(r6, 0x80984120, &(0x7f00000002c0)) [ 552.664382][T14109] not chained 670000 origins [ 552.669368][T14109] CPU: 1 PID: 14109 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 552.678131][T14109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 552.688276][T14109] Call Trace: [ 552.691580][T14109] dump_stack+0x1df/0x240 [ 552.695919][T14109] kmsan_internal_chain_origin+0x6f/0x130 [ 552.701640][T14109] ? kmsan_get_metadata+0x4f/0x180 [ 552.706755][T14109] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 552.712664][T14109] ? __msan_poison_alloca+0xf0/0x120 [ 552.717957][T14109] ? kmsan_get_metadata+0x11d/0x180 [ 552.723164][T14109] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 552.728976][T14109] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 552.735033][T14109] ? kfree+0x61/0x30f0 [ 552.739092][T14109] ? kmsan_get_metadata+0x4f/0x180 [ 552.744202][T14109] ? kmsan_set_origin_checked+0x95/0xf0 [ 552.749754][T14109] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 552.755819][T14109] ? _copy_from_user+0x15b/0x260 [ 552.760740][T14109] ? kmsan_get_metadata+0x4f/0x180 [ 552.765932][T14109] __msan_chain_origin+0x50/0x90 [ 552.770861][T14109] do_recvmmsg+0x105a/0x1ee0 [ 552.776267][T14109] ? __msan_poison_alloca+0xf0/0x120 [ 552.781568][T14109] ? __se_sys_recvmmsg+0xac/0x350 [ 552.786582][T14109] ? __se_sys_recvmmsg+0xac/0x350 [ 552.791600][T14109] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 552.797487][T14109] __se_sys_recvmmsg+0x1d1/0x350 [ 552.802418][T14109] __x64_sys_recvmmsg+0x62/0x80 [ 552.807260][T14109] do_syscall_64+0xb0/0x150 [ 552.811753][T14109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 552.817629][T14109] RIP: 0033:0x45c1d9 [ 552.821506][T14109] Code: Bad RIP value. [ 552.825567][T14109] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 552.833962][T14109] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 552.841921][T14109] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 552.849946][T14109] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 552.857901][T14109] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 552.865952][T14109] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 552.873915][T14109] Uninit was stored to memory at: [ 552.878928][T14109] kmsan_internal_chain_origin+0xad/0x130 [ 552.884629][T14109] __msan_chain_origin+0x50/0x90 [ 552.889550][T14109] do_recvmmsg+0x105a/0x1ee0 [ 552.894122][T14109] __se_sys_recvmmsg+0x1d1/0x350 [ 552.899147][T14109] __x64_sys_recvmmsg+0x62/0x80 [ 552.903995][T14109] do_syscall_64+0xb0/0x150 [ 552.908498][T14109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 552.914467][T14109] [ 552.916778][T14109] Uninit was stored to memory at: [ 552.921790][T14109] kmsan_internal_chain_origin+0xad/0x130 [ 552.927495][T14109] __msan_chain_origin+0x50/0x90 [ 552.932418][T14109] do_recvmmsg+0x105a/0x1ee0 [ 552.936998][T14109] __se_sys_recvmmsg+0x1d1/0x350 [ 552.942009][T14109] __x64_sys_recvmmsg+0x62/0x80 [ 552.946843][T14109] do_syscall_64+0xb0/0x150 [ 552.951421][T14109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 552.957379][T14109] [ 552.959694][T14109] Uninit was stored to memory at: [ 552.964728][T14109] kmsan_internal_chain_origin+0xad/0x130 [ 552.970611][T14109] __msan_chain_origin+0x50/0x90 [ 552.975538][T14109] do_recvmmsg+0x105a/0x1ee0 [ 552.980127][T14109] __se_sys_recvmmsg+0x1d1/0x350 [ 552.985053][T14109] __x64_sys_recvmmsg+0x62/0x80 [ 552.989892][T14109] do_syscall_64+0xb0/0x150 [ 552.994382][T14109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 553.000252][T14109] [ 553.002595][T14109] Uninit was stored to memory at: [ 553.007612][T14109] kmsan_internal_chain_origin+0xad/0x130 [ 553.013466][T14109] __msan_chain_origin+0x50/0x90 [ 553.018415][T14109] do_recvmmsg+0x105a/0x1ee0 [ 553.022998][T14109] __se_sys_recvmmsg+0x1d1/0x350 [ 553.027937][T14109] __x64_sys_recvmmsg+0x62/0x80 [ 553.032881][T14109] do_syscall_64+0xb0/0x150 [ 553.037383][T14109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 553.043256][T14109] [ 553.045569][T14109] Uninit was stored to memory at: [ 553.050604][T14109] kmsan_internal_chain_origin+0xad/0x130 [ 553.056313][T14109] __msan_chain_origin+0x50/0x90 [ 553.061236][T14109] do_recvmmsg+0x105a/0x1ee0 [ 553.065837][T14109] __se_sys_recvmmsg+0x1d1/0x350 [ 553.070783][T14109] __x64_sys_recvmmsg+0x62/0x80 [ 553.075630][T14109] do_syscall_64+0xb0/0x150 [ 553.080161][T14109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 553.086036][T14109] [ 553.088349][T14109] Uninit was stored to memory at: [ 553.093362][T14109] kmsan_internal_chain_origin+0xad/0x130 [ 553.099071][T14109] __msan_chain_origin+0x50/0x90 [ 553.103995][T14109] do_recvmmsg+0x105a/0x1ee0 [ 553.108569][T14109] __se_sys_recvmmsg+0x1d1/0x350 [ 553.113493][T14109] __x64_sys_recvmmsg+0x62/0x80 [ 553.118522][T14109] do_syscall_64+0xb0/0x150 [ 553.123021][T14109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 553.128903][T14109] [ 553.131224][T14109] Uninit was stored to memory at: [ 553.136242][T14109] kmsan_internal_chain_origin+0xad/0x130 [ 553.142047][T14109] __msan_chain_origin+0x50/0x90 [ 553.146971][T14109] do_recvmmsg+0x105a/0x1ee0 [ 553.151550][T14109] __se_sys_recvmmsg+0x1d1/0x350 [ 553.156472][T14109] __x64_sys_recvmmsg+0x62/0x80 [ 553.161310][T14109] do_syscall_64+0xb0/0x150 [ 553.165801][T14109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 553.171670][T14109] [ 553.173981][T14109] Local variable ----msg_sys@do_recvmmsg created at: [ 553.180663][T14109] do_recvmmsg+0xc5/0x1ee0 [ 553.185074][T14109] do_recvmmsg+0xc5/0x1ee0 [ 553.583560][T14109] not chained 680000 origins [ 553.588321][T14109] CPU: 0 PID: 14109 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 553.597001][T14109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 553.607065][T14109] Call Trace: [ 553.610374][T14109] dump_stack+0x1df/0x240 [ 553.614723][T14109] kmsan_internal_chain_origin+0x6f/0x130 [ 553.620471][T14109] ? kmsan_get_metadata+0x4f/0x180 [ 553.625598][T14109] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 553.631504][T14109] ? __msan_poison_alloca+0xf0/0x120 [ 553.636806][T14109] ? kmsan_get_metadata+0x11d/0x180 [ 553.642025][T14109] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 553.647931][T14109] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 553.654020][T14109] ? kfree+0x61/0x30f0 [ 553.658108][T14109] ? kmsan_get_metadata+0x4f/0x180 [ 553.663228][T14109] ? kmsan_set_origin_checked+0x95/0xf0 [ 553.668783][T14109] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 553.674865][T14109] ? _copy_from_user+0x15b/0x260 [ 553.679820][T14109] ? kmsan_get_metadata+0x4f/0x180 [ 553.684943][T14109] __msan_chain_origin+0x50/0x90 [ 553.689901][T14109] do_recvmmsg+0x105a/0x1ee0 [ 553.694531][T14109] ? __msan_poison_alloca+0xf0/0x120 [ 553.699826][T14109] ? __se_sys_recvmmsg+0xac/0x350 [ 553.704843][T14109] ? __se_sys_recvmmsg+0xac/0x350 [ 553.709901][T14109] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 553.715786][T14109] __se_sys_recvmmsg+0x1d1/0x350 [ 553.720904][T14109] __x64_sys_recvmmsg+0x62/0x80 [ 553.725759][T14109] do_syscall_64+0xb0/0x150 [ 553.730258][T14109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 553.736221][T14109] RIP: 0033:0x45c1d9 [ 553.740093][T14109] Code: Bad RIP value. [ 553.745097][T14109] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 553.753496][T14109] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 553.761454][T14109] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 553.769412][T14109] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 553.777370][T14109] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 553.785338][T14109] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 553.793307][T14109] Uninit was stored to memory at: [ 553.798325][T14109] kmsan_internal_chain_origin+0xad/0x130 [ 553.804066][T14109] __msan_chain_origin+0x50/0x90 [ 553.809006][T14109] do_recvmmsg+0x105a/0x1ee0 [ 553.813601][T14109] __se_sys_recvmmsg+0x1d1/0x350 [ 553.818532][T14109] __x64_sys_recvmmsg+0x62/0x80 [ 553.823372][T14109] do_syscall_64+0xb0/0x150 [ 553.827869][T14109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 553.834713][T14109] [ 553.837033][T14109] Uninit was stored to memory at: [ 553.842138][T14109] kmsan_internal_chain_origin+0xad/0x130 [ 553.847847][T14109] __msan_chain_origin+0x50/0x90 [ 553.852773][T14109] do_recvmmsg+0x105a/0x1ee0 [ 553.857352][T14109] __se_sys_recvmmsg+0x1d1/0x350 [ 553.862277][T14109] __x64_sys_recvmmsg+0x62/0x80 [ 553.867305][T14109] do_syscall_64+0xb0/0x150 [ 553.871904][T14109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 553.877774][T14109] [ 553.880082][T14109] Uninit was stored to memory at: [ 553.885223][T14109] kmsan_internal_chain_origin+0xad/0x130 [ 553.890944][T14109] __msan_chain_origin+0x50/0x90 [ 553.895876][T14109] do_recvmmsg+0x105a/0x1ee0 [ 553.900455][T14109] __se_sys_recvmmsg+0x1d1/0x350 [ 553.905379][T14109] __x64_sys_recvmmsg+0x62/0x80 [ 553.910357][T14109] do_syscall_64+0xb0/0x150 [ 553.914870][T14109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 553.920833][T14109] [ 553.923148][T14109] Uninit was stored to memory at: [ 553.928373][T14109] kmsan_internal_chain_origin+0xad/0x130 [ 553.934081][T14109] __msan_chain_origin+0x50/0x90 [ 553.939011][T14109] do_recvmmsg+0x105a/0x1ee0 [ 553.943588][T14109] __se_sys_recvmmsg+0x1d1/0x350 [ 553.948512][T14109] __x64_sys_recvmmsg+0x62/0x80 [ 553.953350][T14109] do_syscall_64+0xb0/0x150 [ 553.957839][T14109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 553.963709][T14109] [ 553.966078][T14109] Uninit was stored to memory at: [ 553.971092][T14109] kmsan_internal_chain_origin+0xad/0x130 [ 553.976801][T14109] __msan_chain_origin+0x50/0x90 [ 553.981835][T14109] do_recvmmsg+0x105a/0x1ee0 [ 553.986508][T14109] __se_sys_recvmmsg+0x1d1/0x350 [ 553.991441][T14109] __x64_sys_recvmmsg+0x62/0x80 [ 553.996286][T14109] do_syscall_64+0xb0/0x150 [ 554.000807][T14109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 554.006679][T14109] [ 554.008998][T14109] Uninit was stored to memory at: [ 554.014139][T14109] kmsan_internal_chain_origin+0xad/0x130 [ 554.019855][T14109] __msan_chain_origin+0x50/0x90 [ 554.024788][T14109] do_recvmmsg+0x105a/0x1ee0 [ 554.029368][T14109] __se_sys_recvmmsg+0x1d1/0x350 [ 554.034310][T14109] __x64_sys_recvmmsg+0x62/0x80 [ 554.039162][T14109] do_syscall_64+0xb0/0x150 [ 554.043664][T14109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 554.049624][T14109] [ 554.051940][T14109] Uninit was stored to memory at: [ 554.056968][T14109] kmsan_internal_chain_origin+0xad/0x130 [ 554.062696][T14109] __msan_chain_origin+0x50/0x90 [ 554.067803][T14109] do_recvmmsg+0x105a/0x1ee0 [ 554.072476][T14109] __se_sys_recvmmsg+0x1d1/0x350 [ 554.077405][T14109] __x64_sys_recvmmsg+0x62/0x80 [ 554.082244][T14109] do_syscall_64+0xb0/0x150 [ 554.086737][T14109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 554.092605][T14109] [ 554.094940][T14109] Local variable ----msg_sys@do_recvmmsg created at: [ 554.101625][T14109] do_recvmmsg+0xc5/0x1ee0 [ 554.106035][T14109] do_recvmmsg+0xc5/0x1ee0 [ 554.314177][T14109] not chained 690000 origins [ 554.318822][T14109] CPU: 0 PID: 14109 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 554.327578][T14109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 554.337640][T14109] Call Trace: [ 554.340962][T14109] dump_stack+0x1df/0x240 [ 554.345301][T14109] kmsan_internal_chain_origin+0x6f/0x130 [ 554.351118][T14109] ? kmsan_get_metadata+0x4f/0x180 [ 554.356240][T14109] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 554.362208][T14109] ? __msan_poison_alloca+0xf0/0x120 [ 554.367503][T14109] ? kmsan_get_metadata+0x11d/0x180 [ 554.375317][T14109] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 554.381137][T14109] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 554.387213][T14109] ? kfree+0x61/0x30f0 [ 554.391305][T14109] ? kmsan_get_metadata+0x4f/0x180 [ 554.396428][T14109] ? kmsan_set_origin_checked+0x95/0xf0 [ 554.401986][T14109] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 554.408073][T14109] ? _copy_from_user+0x15b/0x260 [ 554.413018][T14109] ? kmsan_get_metadata+0x4f/0x180 [ 554.418152][T14109] __msan_chain_origin+0x50/0x90 [ 554.423103][T14109] do_recvmmsg+0x105a/0x1ee0 [ 554.427732][T14109] ? __msan_poison_alloca+0xf0/0x120 [ 554.433035][T14109] ? __se_sys_recvmmsg+0xac/0x350 [ 554.438069][T14109] ? __se_sys_recvmmsg+0xac/0x350 [ 554.443108][T14109] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 554.449012][T14109] __se_sys_recvmmsg+0x1d1/0x350 [ 554.453967][T14109] __x64_sys_recvmmsg+0x62/0x80 [ 554.458836][T14109] do_syscall_64+0xb0/0x150 [ 554.463357][T14109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 554.469248][T14109] RIP: 0033:0x45c1d9 [ 554.473138][T14109] Code: Bad RIP value. [ 554.477201][T14109] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 554.486234][T14109] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 554.494247][T14109] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 554.502232][T14109] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 554.510209][T14109] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 554.518188][T14109] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 554.526176][T14109] Uninit was stored to memory at: [ 554.531216][T14109] kmsan_internal_chain_origin+0xad/0x130 [ 554.536942][T14109] __msan_chain_origin+0x50/0x90 [ 554.541883][T14109] do_recvmmsg+0x105a/0x1ee0 [ 554.546496][T14109] __se_sys_recvmmsg+0x1d1/0x350 [ 554.551444][T14109] __x64_sys_recvmmsg+0x62/0x80 [ 554.556477][T14109] do_syscall_64+0xb0/0x150 [ 554.560992][T14109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 554.566876][T14109] [ 554.569197][T14109] Uninit was stored to memory at: [ 554.574402][T14109] kmsan_internal_chain_origin+0xad/0x130 [ 554.580134][T14109] __msan_chain_origin+0x50/0x90 [ 554.585081][T14109] do_recvmmsg+0x105a/0x1ee0 [ 554.589689][T14109] __se_sys_recvmmsg+0x1d1/0x350 [ 554.594633][T14109] __x64_sys_recvmmsg+0x62/0x80 [ 554.599491][T14109] do_syscall_64+0xb0/0x150 [ 554.604006][T14109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 554.609976][T14109] [ 554.612301][T14109] Uninit was stored to memory at: [ 554.617334][T14109] kmsan_internal_chain_origin+0xad/0x130 [ 554.623056][T14109] __msan_chain_origin+0x50/0x90 [ 554.628000][T14109] do_recvmmsg+0x105a/0x1ee0 [ 554.632600][T14109] __se_sys_recvmmsg+0x1d1/0x350 [ 554.638499][T14109] __x64_sys_recvmmsg+0x62/0x80 [ 554.643357][T14109] do_syscall_64+0xb0/0x150 [ 554.647869][T14109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 554.653766][T14109] [ 554.656090][T14109] Uninit was stored to memory at: [ 554.661127][T14109] kmsan_internal_chain_origin+0xad/0x130 [ 554.666853][T14109] __msan_chain_origin+0x50/0x90 [ 554.671797][T14109] do_recvmmsg+0x105a/0x1ee0 [ 554.676383][T14109] __se_sys_recvmmsg+0x1d1/0x350 [ 554.681336][T14109] __x64_sys_recvmmsg+0x62/0x80 [ 554.686438][T14109] do_syscall_64+0xb0/0x150 [ 554.690940][T14109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 554.696812][T14109] [ 554.699121][T14109] Uninit was stored to memory at: [ 554.704136][T14109] kmsan_internal_chain_origin+0xad/0x130 [ 554.709839][T14109] __msan_chain_origin+0x50/0x90 [ 554.714766][T14109] do_recvmmsg+0x105a/0x1ee0 [ 554.719346][T14109] __se_sys_recvmmsg+0x1d1/0x350 [ 554.724275][T14109] __x64_sys_recvmmsg+0x62/0x80 [ 554.729129][T14109] do_syscall_64+0xb0/0x150 [ 554.733627][T14109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 554.739514][T14109] [ 554.741834][T14109] Uninit was stored to memory at: [ 554.746854][T14109] kmsan_internal_chain_origin+0xad/0x130 [ 554.752564][T14109] __msan_chain_origin+0x50/0x90 [ 554.757493][T14109] do_recvmmsg+0x105a/0x1ee0 [ 554.762086][T14109] __se_sys_recvmmsg+0x1d1/0x350 [ 554.767010][T14109] __x64_sys_recvmmsg+0x62/0x80 [ 554.771935][T14109] do_syscall_64+0xb0/0x150 [ 554.776425][T14109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 554.782382][T14109] [ 554.784693][T14109] Uninit was stored to memory at: [ 554.789704][T14109] kmsan_internal_chain_origin+0xad/0x130 [ 554.795412][T14109] __msan_chain_origin+0x50/0x90 [ 554.800340][T14109] do_recvmmsg+0x105a/0x1ee0 [ 554.804915][T14109] __se_sys_recvmmsg+0x1d1/0x350 [ 554.810205][T14109] __x64_sys_recvmmsg+0x62/0x80 [ 554.815047][T14109] do_syscall_64+0xb0/0x150 [ 554.819540][T14109] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 554.825410][T14109] [ 554.827722][T14109] Local variable ----msg_sys@do_recvmmsg created at: [ 554.834555][T14109] do_recvmmsg+0xc5/0x1ee0 [ 554.838959][T14109] do_recvmmsg+0xc5/0x1ee0 05:28:17 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:28:17 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r1, 0xc008ae88, &(0x7f00000000c0)={0x3, 0x0, [0x175, 0x0, 0x3, 0x8, 0x639]}) 05:28:17 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffff7, 0x11, r2, 0x0) ioctl$KVM_GET_MSRS(r2, 0xc008ae88, &(0x7f0000000000)) 05:28:17 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="48000000100005070000", @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:28:17 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:28:17 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) getsockopt$inet6_tcp_buf(r4, 0x6, 0x21, &(0x7f00000002c0)=""/211, &(0x7f0000000040)=0xd3) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) getsockname$packet(r6, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000080)=0x14) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r9 = dup(r8) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) setsockopt$inet6_MCAST_LEAVE_GROUP(r9, 0x29, 0x2d, &(0x7f00000003c0)={0x7fffffff, {{0xa, 0x4e20, 0xffffff00, @empty, 0x8bc}}}, 0x88) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r7}, [@IFA_LOCAL={0x14, 0x2, @local}]}, 0x2c}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r11 = dup(r10) ioctl$PERF_EVENT_IOC_ENABLE(r11, 0x8912, 0x400200) ioctl$BLKTRACESTOP(r11, 0x1275, 0x0) [ 555.513900][T14147] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'. [ 555.528976][T14138] debugfs: Directory '14138-4' with parent 'kvm' already present! [ 555.598105][T14154] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:28:17 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc008ae88, &(0x7f00000000c0)={0x3, 0x0, [0x175, 0x0, 0x3, 0x8, 0x639]}) 05:28:18 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="48000000100005070000", @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:28:18 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r3) r4 = creat(&(0x7f00000000c0)='./file0\x00', 0x51f) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000680)=ANY=[@ANYBLOB="23ff202e4f66696c65300a7842e4e873960a060c57a834855299645b2bc0816bb1fcc6cd4772e55f6bb517f4a7da77941f01785f9378c939cf1c5eb369082b44f5a6178e15ecd43e6ffed6589add714612236172e4bfd4376166e9ca8b4dbf779ac0b4fb34a7fbdcdd178e9534af72e2da9a7021f1d24d736cb26badc0996f7f4508f6b59deaabeade72"], 0xb) r5 = creat(&(0x7f00000000c0)='./file0\x00', 0x51f) write$binfmt_script(r5, &(0x7f0000002300)=ANY=[@ANYBLOB='#! ./file0\r'], 0xb) close(r5) ioctl$TIOCL_BLANKSCREEN(r5, 0x541c, &(0x7f0000000240)) close(r4) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) r7 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000640)="f16101000000000100c1", 0xa, 0xfffffffffffffffe) r8 = add_key$user(&(0x7f00000003c0)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000000)={r7, r8, r7}, &(0x7f0000000580)=""/83, 0x53, 0x0) keyctl$KEYCTL_PKEY_DECRYPT(0x1a, &(0x7f0000000080)={r7, 0x65, 0xb5}, &(0x7f0000000480)=ANY=[@ANYBLOB="656e633d6f61657020686173683d626c616b6532732d3232342d783836000000000000000000000000001c0000006e08000000000000000000000000000000000000000000000000000000000000c4e8d217a289f932d25bcbfeedd69511349e101467820402d96f2bb331233f13b6e9e6d19d6609ad8b6689af72d0930f2e5c4539b2c47c5f4074c6edfc2cc8d5544b726c98d479848e15a8892f43b06cb08b96620bb1d535bc271194da148b72f110155fec437471ceeac1af1ced197c6490ab812f42f29592cdc3981fbec8d7667e410eaa"], &(0x7f00000002c0)="f86720c01c9e20d5f846b4a1d18386d3482b767a67b46665525fae30e598186f6ddc24b372267ae4034d30aa0f7c0b204c7681120a7b5c67636da3ea51eb31abab25a2550761aab9012ed8f1f6f718fa12565fdd3a9399e76ee929ee741e612e95ce0d7630", &(0x7f0000000340)=""/181) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r6}, [@IFA_ADDRESS={0x14, 0x1, @ipv4={[], [], @rand_addr=0x64010100}}]}, 0xffffffffffffffdb}}, 0x0) openat$random(0xffffffffffffff9c, &(0x7f0000000040)='/dev/urandom\x00', 0x200400, 0x0) 05:28:18 executing program 5: [ 555.984078][T14137] not chained 700000 origins [ 555.988726][T14137] CPU: 1 PID: 14137 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 555.997554][T14137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 556.007656][T14137] Call Trace: [ 556.010995][T14137] dump_stack+0x1df/0x240 [ 556.015435][T14137] kmsan_internal_chain_origin+0x6f/0x130 [ 556.021177][T14137] ? kmsan_get_metadata+0x11d/0x180 [ 556.027211][T14137] ? kmsan_get_metadata+0x11d/0x180 [ 556.032430][T14137] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 556.038264][T14137] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 556.044349][T14137] ? __perf_event_task_sched_in+0xa15/0xa80 [ 556.050256][T14137] ? kmsan_set_origin_checked+0x95/0xf0 [ 556.055826][T14137] ? kmsan_get_metadata+0x11d/0x180 [ 556.061041][T14137] ? kmsan_get_metadata+0x11d/0x180 [ 556.066259][T14137] ? kmsan_get_metadata+0x4f/0x180 [ 556.071551][T14137] ? kmsan_set_origin_checked+0x95/0xf0 [ 556.077363][T14137] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 556.083667][T14137] ? _copy_from_user+0x15b/0x260 [ 556.088628][T14137] ? kmsan_get_metadata+0x4f/0x180 [ 556.093851][T14137] __msan_chain_origin+0x50/0x90 [ 556.098809][T14137] do_recvmmsg+0x105a/0x1ee0 [ 556.104922][T14137] ? __msan_poison_alloca+0xf0/0x120 [ 556.110229][T14137] ? __se_sys_recvmmsg+0xac/0x350 [ 556.115269][T14137] ? __se_sys_recvmmsg+0xac/0x350 [ 556.120298][T14137] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 556.126201][T14137] __se_sys_recvmmsg+0x1d1/0x350 [ 556.131159][T14137] __x64_sys_recvmmsg+0x62/0x80 [ 556.136013][T14137] do_syscall_64+0xb0/0x150 [ 556.140514][T14137] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 556.147017][T14137] RIP: 0033:0x45c1d9 [ 556.150905][T14137] Code: Bad RIP value. [ 556.154989][T14137] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 556.163394][T14137] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 556.171355][T14137] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 556.179316][T14137] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 556.187758][T14137] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 556.195724][T14137] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 556.203694][T14137] Uninit was stored to memory at: [ 556.208712][T14137] kmsan_internal_chain_origin+0xad/0x130 [ 556.214427][T14137] __msan_chain_origin+0x50/0x90 [ 556.219352][T14137] do_recvmmsg+0x105a/0x1ee0 [ 556.223930][T14137] __se_sys_recvmmsg+0x1d1/0x350 [ 556.228875][T14137] __x64_sys_recvmmsg+0x62/0x80 [ 556.233719][T14137] do_syscall_64+0xb0/0x150 [ 556.238221][T14137] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 556.244112][T14137] [ 556.246425][T14137] Uninit was stored to memory at: [ 556.251438][T14137] kmsan_internal_chain_origin+0xad/0x130 [ 556.257144][T14137] __msan_chain_origin+0x50/0x90 [ 556.262067][T14137] do_recvmmsg+0x105a/0x1ee0 [ 556.266642][T14137] __se_sys_recvmmsg+0x1d1/0x350 [ 556.271570][T14137] __x64_sys_recvmmsg+0x62/0x80 [ 556.276411][T14137] do_syscall_64+0xb0/0x150 [ 556.280901][T14137] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 556.286779][T14137] [ 556.289105][T14137] Uninit was stored to memory at: [ 556.294320][T14137] kmsan_internal_chain_origin+0xad/0x130 [ 556.300032][T14137] __msan_chain_origin+0x50/0x90 [ 556.304962][T14137] do_recvmmsg+0x105a/0x1ee0 [ 556.309538][T14137] __se_sys_recvmmsg+0x1d1/0x350 [ 556.314462][T14137] __x64_sys_recvmmsg+0x62/0x80 [ 556.319299][T14137] do_syscall_64+0xb0/0x150 [ 556.323794][T14137] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 556.329662][T14137] [ 556.332058][T14137] Uninit was stored to memory at: [ 556.337154][T14137] kmsan_internal_chain_origin+0xad/0x130 [ 556.342943][T14137] __msan_chain_origin+0x50/0x90 [ 556.347864][T14137] do_recvmmsg+0x105a/0x1ee0 [ 556.352534][T14137] __se_sys_recvmmsg+0x1d1/0x350 [ 556.357543][T14137] __x64_sys_recvmmsg+0x62/0x80 [ 556.362377][T14137] do_syscall_64+0xb0/0x150 [ 556.366865][T14137] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 556.372728][T14137] [ 556.375036][T14137] Uninit was stored to memory at: [ 556.380045][T14137] kmsan_internal_chain_origin+0xad/0x130 [ 556.385745][T14137] __msan_chain_origin+0x50/0x90 [ 556.390753][T14137] do_recvmmsg+0x105a/0x1ee0 [ 556.396121][T14137] __se_sys_recvmmsg+0x1d1/0x350 [ 556.401042][T14137] __x64_sys_recvmmsg+0x62/0x80 [ 556.405887][T14137] do_syscall_64+0xb0/0x150 [ 556.410373][T14137] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 556.416241][T14137] [ 556.418555][T14137] Uninit was stored to memory at: [ 556.423564][T14137] kmsan_internal_chain_origin+0xad/0x130 [ 556.429268][T14137] __msan_chain_origin+0x50/0x90 [ 556.434187][T14137] do_recvmmsg+0x105a/0x1ee0 [ 556.438758][T14137] __se_sys_recvmmsg+0x1d1/0x350 [ 556.443679][T14137] __x64_sys_recvmmsg+0x62/0x80 [ 556.448600][T14137] do_syscall_64+0xb0/0x150 [ 556.453176][T14137] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 556.459053][T14137] [ 556.461369][T14137] Uninit was stored to memory at: [ 556.466462][T14137] kmsan_internal_chain_origin+0xad/0x130 [ 556.472347][T14137] __msan_chain_origin+0x50/0x90 [ 556.477269][T14137] do_recvmmsg+0x105a/0x1ee0 05:28:18 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc008ae88, &(0x7f00000000c0)={0x3, 0x0, [0x175, 0x0, 0x3, 0x8, 0x639]}) [ 556.481875][T14137] __se_sys_recvmmsg+0x1d1/0x350 [ 556.486794][T14137] __x64_sys_recvmmsg+0x62/0x80 [ 556.491629][T14137] do_syscall_64+0xb0/0x150 [ 556.496125][T14137] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 556.501993][T14137] [ 556.504304][T14137] Local variable ----msg_sys@do_recvmmsg created at: [ 556.511322][T14137] do_recvmmsg+0xc5/0x1ee0 [ 556.515723][T14137] do_recvmmsg+0xc5/0x1ee0 05:28:18 executing program 5: [ 557.436064][T14162] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'. [ 557.464379][T14162] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 558.004887][T14137] not chained 710000 origins [ 558.009615][T14137] CPU: 1 PID: 14137 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 558.018320][T14137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 558.028384][T14137] Call Trace: [ 558.031696][T14137] dump_stack+0x1df/0x240 [ 558.036039][T14137] kmsan_internal_chain_origin+0x6f/0x130 [ 558.041769][T14137] ? kmsan_get_metadata+0x4f/0x180 [ 558.046891][T14137] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 558.052791][T14137] ? __msan_poison_alloca+0xf0/0x120 [ 558.058085][T14137] ? kmsan_get_metadata+0x11d/0x180 [ 558.063436][T14137] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 558.069252][T14137] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 558.075325][T14137] ? kfree+0x61/0x30f0 [ 558.079413][T14137] ? kmsan_get_metadata+0x4f/0x180 [ 558.084532][T14137] ? kmsan_set_origin_checked+0x95/0xf0 [ 558.090085][T14137] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 558.096164][T14137] ? _copy_from_user+0x15b/0x260 [ 558.101108][T14137] ? kmsan_get_metadata+0x4f/0x180 [ 558.106314][T14137] __msan_chain_origin+0x50/0x90 [ 558.111264][T14137] do_recvmmsg+0x105a/0x1ee0 [ 558.115903][T14137] ? __msan_poison_alloca+0xf0/0x120 [ 558.121199][T14137] ? __se_sys_recvmmsg+0xac/0x350 [ 558.126227][T14137] ? __se_sys_recvmmsg+0xac/0x350 [ 558.131390][T14137] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 558.137297][T14137] __se_sys_recvmmsg+0x1d1/0x350 [ 558.142341][T14137] __x64_sys_recvmmsg+0x62/0x80 [ 558.147199][T14137] do_syscall_64+0xb0/0x150 [ 558.151713][T14137] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 558.157602][T14137] RIP: 0033:0x45c1d9 [ 558.161489][T14137] Code: Bad RIP value. [ 558.165634][T14137] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 558.174094][T14137] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 558.182067][T14137] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 558.190301][T14137] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 558.198966][T14137] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 558.206962][T14137] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 558.214950][T14137] Uninit was stored to memory at: [ 558.220160][T14137] kmsan_internal_chain_origin+0xad/0x130 [ 558.225888][T14137] __msan_chain_origin+0x50/0x90 [ 558.230857][T14137] do_recvmmsg+0x105a/0x1ee0 [ 558.235448][T14137] __se_sys_recvmmsg+0x1d1/0x350 [ 558.240388][T14137] __x64_sys_recvmmsg+0x62/0x80 [ 558.245246][T14137] do_syscall_64+0xb0/0x150 [ 558.249932][T14137] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 558.255814][T14137] [ 558.258136][T14137] Uninit was stored to memory at: [ 558.263168][T14137] kmsan_internal_chain_origin+0xad/0x130 [ 558.269005][T14137] __msan_chain_origin+0x50/0x90 [ 558.273970][T14137] do_recvmmsg+0x105a/0x1ee0 [ 558.278567][T14137] __se_sys_recvmmsg+0x1d1/0x350 [ 558.284388][T14137] __x64_sys_recvmmsg+0x62/0x80 [ 558.289254][T14137] do_syscall_64+0xb0/0x150 [ 558.293767][T14137] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 558.299658][T14137] [ 558.301982][T14137] Uninit was stored to memory at: [ 558.307101][T14137] kmsan_internal_chain_origin+0xad/0x130 [ 558.313464][T14137] __msan_chain_origin+0x50/0x90 [ 558.318509][T14137] do_recvmmsg+0x105a/0x1ee0 [ 558.323291][T14137] __se_sys_recvmmsg+0x1d1/0x350 [ 558.328244][T14137] __x64_sys_recvmmsg+0x62/0x80 [ 558.333189][T14137] do_syscall_64+0xb0/0x150 [ 558.337705][T14137] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 558.343686][T14137] [ 558.346067][T14137] Uninit was stored to memory at: [ 558.351184][T14137] kmsan_internal_chain_origin+0xad/0x130 [ 558.357311][T14137] __msan_chain_origin+0x50/0x90 [ 558.362266][T14137] do_recvmmsg+0x105a/0x1ee0 [ 558.366976][T14137] __se_sys_recvmmsg+0x1d1/0x350 [ 558.371941][T14137] __x64_sys_recvmmsg+0x62/0x80 [ 558.376886][T14137] do_syscall_64+0xb0/0x150 [ 558.381400][T14137] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 558.387286][T14137] [ 558.389695][T14137] Uninit was stored to memory at: [ 558.394728][T14137] kmsan_internal_chain_origin+0xad/0x130 [ 558.400563][T14137] __msan_chain_origin+0x50/0x90 [ 558.405607][T14137] do_recvmmsg+0x105a/0x1ee0 [ 558.410199][T14137] __se_sys_recvmmsg+0x1d1/0x350 [ 558.415253][T14137] __x64_sys_recvmmsg+0x62/0x80 [ 558.420108][T14137] do_syscall_64+0xb0/0x150 [ 558.424614][T14137] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 558.430502][T14137] [ 558.432917][T14137] Uninit was stored to memory at: [ 558.438394][T14137] kmsan_internal_chain_origin+0xad/0x130 [ 558.444128][T14137] __msan_chain_origin+0x50/0x90 [ 558.449078][T14137] do_recvmmsg+0x105a/0x1ee0 [ 558.453676][T14137] __se_sys_recvmmsg+0x1d1/0x350 [ 558.458623][T14137] __x64_sys_recvmmsg+0x62/0x80 [ 558.464131][T14137] do_syscall_64+0xb0/0x150 [ 558.468863][T14137] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 558.476844][T14137] [ 558.479174][T14137] Uninit was stored to memory at: [ 558.484321][T14137] kmsan_internal_chain_origin+0xad/0x130 [ 558.490051][T14137] __msan_chain_origin+0x50/0x90 [ 558.495001][T14137] do_recvmmsg+0x105a/0x1ee0 [ 558.499604][T14137] __se_sys_recvmmsg+0x1d1/0x350 [ 558.504555][T14137] __x64_sys_recvmmsg+0x62/0x80 [ 558.509595][T14137] do_syscall_64+0xb0/0x150 [ 558.514093][T14137] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 558.520048][T14137] [ 558.522367][T14137] Local variable ----msg_sys@do_recvmmsg created at: [ 558.529277][T14137] do_recvmmsg+0xc5/0x1ee0 [ 558.533766][T14137] do_recvmmsg+0xc5/0x1ee0 [ 558.865660][T14137] not chained 720000 origins [ 558.870294][T14137] CPU: 1 PID: 14137 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 558.879069][T14137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 558.889205][T14137] Call Trace: [ 558.892502][T14137] dump_stack+0x1df/0x240 [ 558.896839][T14137] kmsan_internal_chain_origin+0x6f/0x130 [ 558.903778][T14137] ? kmsan_get_metadata+0x4f/0x180 [ 558.908897][T14137] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 558.914793][T14137] ? __msan_poison_alloca+0xf0/0x120 [ 558.920100][T14137] ? kmsan_get_metadata+0x11d/0x180 [ 558.925302][T14137] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 558.931111][T14137] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 558.937364][T14137] ? kfree+0x61/0x30f0 [ 558.941530][T14137] ? kmsan_get_metadata+0x4f/0x180 [ 558.946676][T14137] ? kmsan_set_origin_checked+0x95/0xf0 [ 558.952224][T14137] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 558.959684][T14137] ? _copy_from_user+0x15b/0x260 [ 558.964632][T14137] ? kmsan_get_metadata+0x4f/0x180 [ 558.969839][T14137] __msan_chain_origin+0x50/0x90 [ 558.974777][T14137] do_recvmmsg+0x105a/0x1ee0 [ 558.979404][T14137] ? __msan_poison_alloca+0xf0/0x120 [ 558.984692][T14137] ? __se_sys_recvmmsg+0xac/0x350 [ 558.989816][T14137] ? __se_sys_recvmmsg+0xac/0x350 [ 558.994840][T14137] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 559.000740][T14137] __se_sys_recvmmsg+0x1d1/0x350 [ 559.005688][T14137] __x64_sys_recvmmsg+0x62/0x80 [ 559.010541][T14137] do_syscall_64+0xb0/0x150 [ 559.015048][T14137] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 559.020934][T14137] RIP: 0033:0x45c1d9 [ 559.024848][T14137] Code: Bad RIP value. [ 559.028991][T14137] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 559.037398][T14137] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 559.045363][T14137] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 559.053349][T14137] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 559.061313][T14137] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 559.069493][T14137] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 559.077479][T14137] Uninit was stored to memory at: [ 559.082603][T14137] kmsan_internal_chain_origin+0xad/0x130 [ 559.090799][T14137] __msan_chain_origin+0x50/0x90 [ 559.095746][T14137] do_recvmmsg+0x105a/0x1ee0 [ 559.100339][T14137] __se_sys_recvmmsg+0x1d1/0x350 [ 559.105276][T14137] __x64_sys_recvmmsg+0x62/0x80 [ 559.110126][T14137] do_syscall_64+0xb0/0x150 [ 559.114713][T14137] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 559.120590][T14137] [ 559.122909][T14137] Uninit was stored to memory at: [ 559.127928][T14137] kmsan_internal_chain_origin+0xad/0x130 [ 559.133644][T14137] __msan_chain_origin+0x50/0x90 [ 559.138583][T14137] do_recvmmsg+0x105a/0x1ee0 [ 559.143183][T14137] __se_sys_recvmmsg+0x1d1/0x350 [ 559.148202][T14137] __x64_sys_recvmmsg+0x62/0x80 [ 559.153087][T14137] do_syscall_64+0xb0/0x150 [ 559.157594][T14137] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 559.163500][T14137] [ 559.165820][T14137] Uninit was stored to memory at: [ 559.170841][T14137] kmsan_internal_chain_origin+0xad/0x130 [ 559.176557][T14137] __msan_chain_origin+0x50/0x90 [ 559.181492][T14137] do_recvmmsg+0x105a/0x1ee0 [ 559.186078][T14137] __se_sys_recvmmsg+0x1d1/0x350 [ 559.191015][T14137] __x64_sys_recvmmsg+0x62/0x80 [ 559.195862][T14137] do_syscall_64+0xb0/0x150 [ 559.200387][T14137] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 559.206263][T14137] [ 559.208581][T14137] Uninit was stored to memory at: [ 559.213609][T14137] kmsan_internal_chain_origin+0xad/0x130 [ 559.219858][T14137] __msan_chain_origin+0x50/0x90 [ 559.224794][T14137] do_recvmmsg+0x105a/0x1ee0 [ 559.229394][T14137] __se_sys_recvmmsg+0x1d1/0x350 [ 559.234675][T14137] __x64_sys_recvmmsg+0x62/0x80 [ 559.239523][T14137] do_syscall_64+0xb0/0x150 [ 559.244032][T14137] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 559.249909][T14137] [ 559.252226][T14137] Uninit was stored to memory at: [ 559.257336][T14137] kmsan_internal_chain_origin+0xad/0x130 [ 559.263050][T14137] __msan_chain_origin+0x50/0x90 [ 559.268047][T14137] do_recvmmsg+0x105a/0x1ee0 [ 559.272638][T14137] __se_sys_recvmmsg+0x1d1/0x350 [ 559.277573][T14137] __x64_sys_recvmmsg+0x62/0x80 [ 559.282424][T14137] do_syscall_64+0xb0/0x150 [ 559.286929][T14137] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 559.292895][T14137] [ 559.295212][T14137] Uninit was stored to memory at: [ 559.300233][T14137] kmsan_internal_chain_origin+0xad/0x130 [ 559.305948][T14137] __msan_chain_origin+0x50/0x90 [ 559.310969][T14137] do_recvmmsg+0x105a/0x1ee0 [ 559.315559][T14137] __se_sys_recvmmsg+0x1d1/0x350 [ 559.320495][T14137] __x64_sys_recvmmsg+0x62/0x80 [ 559.325344][T14137] do_syscall_64+0xb0/0x150 [ 559.329846][T14137] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 559.335724][T14137] [ 559.338048][T14137] Uninit was stored to memory at: [ 559.343074][T14137] kmsan_internal_chain_origin+0xad/0x130 [ 559.348792][T14137] __msan_chain_origin+0x50/0x90 [ 559.353735][T14137] do_recvmmsg+0x105a/0x1ee0 [ 559.358335][T14137] __se_sys_recvmmsg+0x1d1/0x350 [ 559.363275][T14137] __x64_sys_recvmmsg+0x62/0x80 [ 559.368129][T14137] do_syscall_64+0xb0/0x150 [ 559.372636][T14137] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 559.378532][T14137] [ 559.380854][T14137] Local variable ----msg_sys@do_recvmmsg created at: [ 559.387562][T14137] do_recvmmsg+0xc5/0x1ee0 [ 559.391981][T14137] do_recvmmsg+0xc5/0x1ee0 05:28:21 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc008ae88, &(0x7f00000000c0)={0x3, 0x0, [0x175, 0x0, 0x3, 0x8, 0x639]}) 05:28:21 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:28:21 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r5}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) r6 = creat(&(0x7f00000000c0)='./file0\x00', 0x51f) write$binfmt_script(r6, &(0x7f0000002300)={'#! ', './file0'}, 0xb) close(r6) getsockopt$IPT_SO_GET_ENTRIES(r6, 0x0, 0x41, &(0x7f0000000040)={'filter\x00', 0x13, "307ec243dfe4306178463f634a154b554c6315"}, &(0x7f0000000080)=0x37) 05:28:21 executing program 5: 05:28:21 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:28:21 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="48000000100005070000", @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 559.687709][T14185] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'. [ 559.768293][T14185] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:28:22 executing program 5: 05:28:22 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r1, 0xc008ae88, &(0x7f00000000c0)={0x3, 0x0, [0x175, 0x0, 0x3, 0x8, 0x639]}) [ 559.956881][T14190] not chained 730000 origins [ 559.961615][T14190] CPU: 0 PID: 14190 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 559.970514][T14190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 559.980579][T14190] Call Trace: [ 559.983895][T14190] dump_stack+0x1df/0x240 [ 559.988241][T14190] kmsan_internal_chain_origin+0x6f/0x130 [ 559.993968][T14190] ? kmsan_get_metadata+0x4f/0x180 [ 559.999076][T14190] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 560.004990][T14190] ? __msan_poison_alloca+0xf0/0x120 [ 560.010536][T14190] ? kmsan_get_metadata+0x11d/0x180 [ 560.015731][T14190] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 560.021528][T14190] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 560.027585][T14190] ? kfree+0x61/0x30f0 [ 560.031649][T14190] ? kmsan_get_metadata+0x4f/0x180 [ 560.036933][T14190] ? kmsan_set_origin_checked+0x95/0xf0 [ 560.042490][T14190] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 560.048550][T14190] ? _copy_from_user+0x15b/0x260 [ 560.053479][T14190] ? kmsan_get_metadata+0x4f/0x180 [ 560.058698][T14190] __msan_chain_origin+0x50/0x90 [ 560.063633][T14190] do_recvmmsg+0x105a/0x1ee0 [ 560.068274][T14190] ? __msan_poison_alloca+0xf0/0x120 [ 560.073551][T14190] ? __se_sys_recvmmsg+0xac/0x350 [ 560.078565][T14190] ? __se_sys_recvmmsg+0xac/0x350 [ 560.084074][T14190] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 560.090007][T14190] __se_sys_recvmmsg+0x1d1/0x350 [ 560.094961][T14190] __x64_sys_recvmmsg+0x62/0x80 [ 560.099841][T14190] do_syscall_64+0xb0/0x150 [ 560.104351][T14190] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 560.110254][T14190] RIP: 0033:0x45c1d9 [ 560.114143][T14190] Code: Bad RIP value. [ 560.118194][T14190] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 560.126696][T14190] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 560.134670][T14190] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 560.142630][T14190] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 560.150683][T14190] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 560.158642][T14190] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 560.166611][T14190] Uninit was stored to memory at: [ 560.171628][T14190] kmsan_internal_chain_origin+0xad/0x130 [ 560.177352][T14190] __msan_chain_origin+0x50/0x90 [ 560.182277][T14190] do_recvmmsg+0x105a/0x1ee0 [ 560.186871][T14190] __se_sys_recvmmsg+0x1d1/0x350 [ 560.191797][T14190] __x64_sys_recvmmsg+0x62/0x80 [ 560.196796][T14190] do_syscall_64+0xb0/0x150 [ 560.201763][T14190] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 560.207638][T14190] [ 560.209952][T14190] Uninit was stored to memory at: [ 560.214965][T14190] kmsan_internal_chain_origin+0xad/0x130 [ 560.221278][T14190] __msan_chain_origin+0x50/0x90 [ 560.226201][T14190] do_recvmmsg+0x105a/0x1ee0 [ 560.230778][T14190] __se_sys_recvmmsg+0x1d1/0x350 [ 560.235703][T14190] __x64_sys_recvmmsg+0x62/0x80 [ 560.240541][T14190] do_syscall_64+0xb0/0x150 [ 560.245032][T14190] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 560.250987][T14190] [ 560.253296][T14190] Uninit was stored to memory at: [ 560.258400][T14190] kmsan_internal_chain_origin+0xad/0x130 [ 560.264124][T14190] __msan_chain_origin+0x50/0x90 [ 560.269047][T14190] do_recvmmsg+0x105a/0x1ee0 [ 560.273623][T14190] __se_sys_recvmmsg+0x1d1/0x350 [ 560.278547][T14190] __x64_sys_recvmmsg+0x62/0x80 [ 560.283401][T14190] do_syscall_64+0xb0/0x150 [ 560.287979][T14190] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 560.293857][T14190] [ 560.296168][T14190] Uninit was stored to memory at: [ 560.301179][T14190] kmsan_internal_chain_origin+0xad/0x130 [ 560.307923][T14190] __msan_chain_origin+0x50/0x90 [ 560.312848][T14190] do_recvmmsg+0x105a/0x1ee0 [ 560.317515][T14190] __se_sys_recvmmsg+0x1d1/0x350 [ 560.322525][T14190] __x64_sys_recvmmsg+0x62/0x80 [ 560.327416][T14190] do_syscall_64+0xb0/0x150 [ 560.332012][T14190] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 560.337883][T14190] [ 560.340192][T14190] Uninit was stored to memory at: [ 560.345204][T14190] kmsan_internal_chain_origin+0xad/0x130 [ 560.350909][T14190] __msan_chain_origin+0x50/0x90 [ 560.355833][T14190] do_recvmmsg+0x105a/0x1ee0 [ 560.360408][T14190] __se_sys_recvmmsg+0x1d1/0x350 [ 560.365337][T14190] __x64_sys_recvmmsg+0x62/0x80 [ 560.370172][T14190] do_syscall_64+0xb0/0x150 [ 560.374681][T14190] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 560.380548][T14190] [ 560.382857][T14190] Uninit was stored to memory at: [ 560.387868][T14190] kmsan_internal_chain_origin+0xad/0x130 [ 560.393578][T14190] __msan_chain_origin+0x50/0x90 [ 560.398590][T14190] do_recvmmsg+0x105a/0x1ee0 [ 560.403171][T14190] __se_sys_recvmmsg+0x1d1/0x350 [ 560.408097][T14190] __x64_sys_recvmmsg+0x62/0x80 [ 560.412978][T14190] do_syscall_64+0xb0/0x150 [ 560.417497][T14190] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 560.423373][T14190] [ 560.425686][T14190] Uninit was stored to memory at: [ 560.430707][T14190] kmsan_internal_chain_origin+0xad/0x130 [ 560.436412][T14190] __msan_chain_origin+0x50/0x90 [ 560.441449][T14190] do_recvmmsg+0x105a/0x1ee0 [ 560.446027][T14190] __se_sys_recvmmsg+0x1d1/0x350 [ 560.450985][T14190] __x64_sys_recvmmsg+0x62/0x80 05:28:22 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205647, &(0x7f0000000080)={0x9d0000, 0xfffffffc, 0x6, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x990a94, 0x1, [], @value64=0x20}}) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000400)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @dev, 0x1}, {0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, r4}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f00000000c0)={0x3, 0x40, 0xfa00, {{0x2, 0x0, 0x0, @mcast2}, {0x2, 0x0, 0xac141424, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, r4}}, 0x48) write$RDMA_USER_CM_CMD_QUERY_ROUTE(0xffffffffffffffff, &(0x7f0000000300)={0x5, 0x10, 0xfa00, {&(0x7f0000000100), r4}}, 0x18) write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r2, &(0x7f0000000180)={0xb, 0x10, 0xfa00, {&(0x7f00000002c0), r4, 0x10000}}, 0x18) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$BLKRESETZONE(r2, 0x40101283, &(0x7f0000000380)={0x2, 0x7f}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) write$binfmt_script(0xffffffffffffffff, &(0x7f0000002300)={'#! ', './file0'}, 0xb) close(0xffffffffffffffff) r8 = openat2(0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000480)={0x40, 0x100, 0x3}, 0x18) getsockopt$CAN_RAW_FD_FRAMES(r8, 0x65, 0x5, &(0x7f00000004c0), &(0x7f0000000500)=0x4) getsockname$packet(r7, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r9}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) [ 560.455861][T14190] do_syscall_64+0xb0/0x150 [ 560.460359][T14190] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 560.466259][T14190] [ 560.468603][T14190] Local variable ----msg_sys@do_recvmmsg created at: [ 560.475278][T14190] do_recvmmsg+0xc5/0x1ee0 [ 560.479684][T14190] do_recvmmsg+0xc5/0x1ee0 05:28:22 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r1, 0xc008ae88, &(0x7f00000000c0)={0x3, 0x0, [0x175, 0x0, 0x3, 0x8, 0x639]}) 05:28:22 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700000000000000", @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:28:22 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000015000100000000008db010e63e59996c", @ANYRES32=r5, @ANYBLOB="14000100fc0200"/20], 0x2c}}, 0x0) 05:28:23 executing program 5: [ 560.923971][T14205] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'. [ 560.999544][T14205] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 562.480495][T14190] not chained 740000 origins [ 562.485140][T14190] CPU: 1 PID: 14190 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 562.493816][T14190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 562.503904][T14190] Call Trace: [ 562.507211][T14190] dump_stack+0x1df/0x240 [ 562.511561][T14190] kmsan_internal_chain_origin+0x6f/0x130 [ 562.517296][T14190] ? kmsan_get_metadata+0x4f/0x180 [ 562.522419][T14190] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 562.528330][T14190] ? __msan_poison_alloca+0xf0/0x120 [ 562.533638][T14190] ? kmsan_get_metadata+0x11d/0x180 [ 562.538848][T14190] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 562.544665][T14190] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 562.550740][T14190] ? kfree+0x61/0x30f0 [ 562.554826][T14190] ? kmsan_get_metadata+0x4f/0x180 [ 562.559949][T14190] ? kmsan_set_origin_checked+0x95/0xf0 [ 562.565513][T14190] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 562.571597][T14190] ? _copy_from_user+0x15b/0x260 [ 562.576546][T14190] ? kmsan_get_metadata+0x4f/0x180 [ 562.581667][T14190] __msan_chain_origin+0x50/0x90 [ 562.586620][T14190] do_recvmmsg+0x105a/0x1ee0 [ 562.591339][T14190] ? __msan_poison_alloca+0xf0/0x120 [ 562.596642][T14190] ? __se_sys_recvmmsg+0xac/0x350 [ 562.601681][T14190] ? __se_sys_recvmmsg+0xac/0x350 [ 562.606716][T14190] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 562.612986][T14190] __se_sys_recvmmsg+0x1d1/0x350 [ 562.617942][T14190] __x64_sys_recvmmsg+0x62/0x80 [ 562.622804][T14190] do_syscall_64+0xb0/0x150 [ 562.627325][T14190] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 562.633217][T14190] RIP: 0033:0x45c1d9 [ 562.637105][T14190] Code: Bad RIP value. [ 562.641170][T14190] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 562.649589][T14190] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 562.657575][T14190] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 562.665562][T14190] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 562.674929][T14190] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 562.682908][T14190] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 562.690897][T14190] Uninit was stored to memory at: [ 562.696026][T14190] kmsan_internal_chain_origin+0xad/0x130 [ 562.701753][T14190] __msan_chain_origin+0x50/0x90 [ 562.706786][T14190] do_recvmmsg+0x105a/0x1ee0 [ 562.711370][T14190] __se_sys_recvmmsg+0x1d1/0x350 [ 562.716296][T14190] __x64_sys_recvmmsg+0x62/0x80 [ 562.721133][T14190] do_syscall_64+0xb0/0x150 [ 562.725627][T14190] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 562.731496][T14190] [ 562.733808][T14190] Uninit was stored to memory at: [ 562.738822][T14190] kmsan_internal_chain_origin+0xad/0x130 [ 562.744554][T14190] __msan_chain_origin+0x50/0x90 [ 562.749477][T14190] do_recvmmsg+0x105a/0x1ee0 [ 562.754054][T14190] __se_sys_recvmmsg+0x1d1/0x350 [ 562.758980][T14190] __x64_sys_recvmmsg+0x62/0x80 [ 562.763821][T14190] do_syscall_64+0xb0/0x150 [ 562.768317][T14190] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 562.774186][T14190] [ 562.776493][T14190] Uninit was stored to memory at: [ 562.781503][T14190] kmsan_internal_chain_origin+0xad/0x130 [ 562.787211][T14190] __msan_chain_origin+0x50/0x90 [ 562.792138][T14190] do_recvmmsg+0x105a/0x1ee0 [ 562.796714][T14190] __se_sys_recvmmsg+0x1d1/0x350 [ 562.801637][T14190] __x64_sys_recvmmsg+0x62/0x80 [ 562.806508][T14190] do_syscall_64+0xb0/0x150 [ 562.810999][T14190] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 562.816869][T14190] [ 562.819177][T14190] Uninit was stored to memory at: [ 562.824186][T14190] kmsan_internal_chain_origin+0xad/0x130 [ 562.829889][T14190] __msan_chain_origin+0x50/0x90 [ 562.834815][T14190] do_recvmmsg+0x105a/0x1ee0 [ 562.839401][T14190] __se_sys_recvmmsg+0x1d1/0x350 [ 562.844334][T14190] __x64_sys_recvmmsg+0x62/0x80 [ 562.849190][T14190] do_syscall_64+0xb0/0x150 [ 562.853867][T14190] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 562.859851][T14190] [ 562.862261][T14190] Uninit was stored to memory at: [ 562.867303][T14190] kmsan_internal_chain_origin+0xad/0x130 [ 562.873024][T14190] __msan_chain_origin+0x50/0x90 [ 562.877956][T14190] do_recvmmsg+0x105a/0x1ee0 [ 562.882563][T14190] __se_sys_recvmmsg+0x1d1/0x350 [ 562.887486][T14190] __x64_sys_recvmmsg+0x62/0x80 [ 562.892699][T14190] do_syscall_64+0xb0/0x150 [ 562.897211][T14190] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 562.903086][T14190] [ 562.905836][T14190] Uninit was stored to memory at: [ 562.910858][T14190] kmsan_internal_chain_origin+0xad/0x130 [ 562.916603][T14190] __msan_chain_origin+0x50/0x90 [ 562.921636][T14190] do_recvmmsg+0x105a/0x1ee0 [ 562.926432][T14190] __se_sys_recvmmsg+0x1d1/0x350 [ 562.931379][T14190] __x64_sys_recvmmsg+0x62/0x80 [ 562.936248][T14190] do_syscall_64+0xb0/0x150 [ 562.940740][T14190] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 562.947046][T14190] [ 562.949363][T14190] Uninit was stored to memory at: [ 562.954403][T14190] kmsan_internal_chain_origin+0xad/0x130 [ 562.960207][T14190] __msan_chain_origin+0x50/0x90 [ 562.965256][T14190] do_recvmmsg+0x105a/0x1ee0 [ 562.969877][T14190] __se_sys_recvmmsg+0x1d1/0x350 [ 562.974814][T14190] __x64_sys_recvmmsg+0x62/0x80 [ 562.979683][T14190] do_syscall_64+0xb0/0x150 [ 562.984179][T14190] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 562.990165][T14190] [ 562.992489][T14190] Local variable ----msg_sys@do_recvmmsg created at: [ 562.999253][T14190] do_recvmmsg+0xc5/0x1ee0 [ 563.004093][T14190] do_recvmmsg+0xc5/0x1ee0 [ 563.302212][T14190] not chained 750000 origins [ 563.306934][T14190] CPU: 1 PID: 14190 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 563.315949][T14190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 563.326010][T14190] Call Trace: [ 563.329308][T14190] dump_stack+0x1df/0x240 [ 563.333648][T14190] kmsan_internal_chain_origin+0x6f/0x130 [ 563.339369][T14190] ? kmsan_get_metadata+0x4f/0x180 [ 563.344483][T14190] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 563.350380][T14190] ? __msan_poison_alloca+0xf0/0x120 [ 563.355671][T14190] ? kmsan_get_metadata+0x11d/0x180 [ 563.360894][T14190] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 563.366717][T14190] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 563.372916][T14190] ? kfree+0x61/0x30f0 [ 563.376993][T14190] ? kmsan_get_metadata+0x4f/0x180 [ 563.382463][T14190] ? kmsan_set_origin_checked+0x95/0xf0 [ 563.388011][T14190] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 563.394088][T14190] ? _copy_from_user+0x15b/0x260 [ 563.399154][T14190] ? kmsan_get_metadata+0x4f/0x180 [ 563.404277][T14190] __msan_chain_origin+0x50/0x90 [ 563.409223][T14190] do_recvmmsg+0x105a/0x1ee0 [ 563.413848][T14190] ? __msan_poison_alloca+0xf0/0x120 [ 563.419134][T14190] ? __se_sys_recvmmsg+0xac/0x350 [ 563.424174][T14190] ? __se_sys_recvmmsg+0xac/0x350 [ 563.429206][T14190] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 563.435108][T14190] __se_sys_recvmmsg+0x1d1/0x350 [ 563.440087][T14190] __x64_sys_recvmmsg+0x62/0x80 [ 563.444946][T14190] do_syscall_64+0xb0/0x150 [ 563.449579][T14190] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 563.455556][T14190] RIP: 0033:0x45c1d9 [ 563.459439][T14190] Code: Bad RIP value. [ 563.463498][T14190] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 563.471908][T14190] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 563.479877][T14190] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 563.488973][T14190] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 563.496953][T14190] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 563.504928][T14190] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 563.513188][T14190] Uninit was stored to memory at: [ 563.518244][T14190] kmsan_internal_chain_origin+0xad/0x130 [ 563.523965][T14190] __msan_chain_origin+0x50/0x90 [ 563.529515][T14190] do_recvmmsg+0x105a/0x1ee0 [ 563.534107][T14190] __se_sys_recvmmsg+0x1d1/0x350 [ 563.539040][T14190] __x64_sys_recvmmsg+0x62/0x80 [ 563.544032][T14190] do_syscall_64+0xb0/0x150 [ 563.548566][T14190] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 563.554537][T14190] [ 563.556864][T14190] Uninit was stored to memory at: [ 563.561893][T14190] kmsan_internal_chain_origin+0xad/0x130 [ 563.567794][T14190] __msan_chain_origin+0x50/0x90 [ 563.572750][T14190] do_recvmmsg+0x105a/0x1ee0 [ 563.577348][T14190] __se_sys_recvmmsg+0x1d1/0x350 [ 563.582289][T14190] __x64_sys_recvmmsg+0x62/0x80 [ 563.587151][T14190] do_syscall_64+0xb0/0x150 [ 563.591657][T14190] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 563.597693][T14190] [ 563.600014][T14190] Uninit was stored to memory at: [ 563.605137][T14190] kmsan_internal_chain_origin+0xad/0x130 [ 563.610867][T14190] __msan_chain_origin+0x50/0x90 [ 563.615803][T14190] do_recvmmsg+0x105a/0x1ee0 [ 563.620393][T14190] __se_sys_recvmmsg+0x1d1/0x350 [ 563.625331][T14190] __x64_sys_recvmmsg+0x62/0x80 [ 563.630189][T14190] do_syscall_64+0xb0/0x150 [ 563.634708][T14190] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 563.640585][T14190] [ 563.642908][T14190] Uninit was stored to memory at: [ 563.647951][T14190] kmsan_internal_chain_origin+0xad/0x130 [ 563.653669][T14190] __msan_chain_origin+0x50/0x90 [ 563.658690][T14190] do_recvmmsg+0x105a/0x1ee0 [ 563.663287][T14190] __se_sys_recvmmsg+0x1d1/0x350 [ 563.668228][T14190] __x64_sys_recvmmsg+0x62/0x80 [ 563.673079][T14190] do_syscall_64+0xb0/0x150 [ 563.677589][T14190] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 563.683466][T14190] [ 563.685783][T14190] Uninit was stored to memory at: [ 563.690809][T14190] kmsan_internal_chain_origin+0xad/0x130 [ 563.696538][T14190] __msan_chain_origin+0x50/0x90 [ 563.701586][T14190] do_recvmmsg+0x105a/0x1ee0 [ 563.706174][T14190] __se_sys_recvmmsg+0x1d1/0x350 [ 563.711111][T14190] __x64_sys_recvmmsg+0x62/0x80 [ 563.715961][T14190] do_syscall_64+0xb0/0x150 [ 563.720590][T14190] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 563.726477][T14190] [ 563.728801][T14190] Uninit was stored to memory at: [ 563.733832][T14190] kmsan_internal_chain_origin+0xad/0x130 [ 563.739549][T14190] __msan_chain_origin+0x50/0x90 [ 563.744493][T14190] do_recvmmsg+0x105a/0x1ee0 [ 563.749083][T14190] __se_sys_recvmmsg+0x1d1/0x350 [ 563.754023][T14190] __x64_sys_recvmmsg+0x62/0x80 [ 563.758968][T14190] do_syscall_64+0xb0/0x150 [ 563.763572][T14190] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 563.769457][T14190] [ 563.771948][T14190] Uninit was stored to memory at: [ 563.776976][T14190] kmsan_internal_chain_origin+0xad/0x130 [ 563.782695][T14190] __msan_chain_origin+0x50/0x90 [ 563.787720][T14190] do_recvmmsg+0x105a/0x1ee0 [ 563.792309][T14190] __se_sys_recvmmsg+0x1d1/0x350 [ 563.797247][T14190] __x64_sys_recvmmsg+0x62/0x80 [ 563.802099][T14190] do_syscall_64+0xb0/0x150 [ 563.806618][T14190] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 563.812498][T14190] [ 563.814822][T14190] Local variable ----msg_sys@do_recvmmsg created at: [ 563.821492][T14190] do_recvmmsg+0xc5/0x1ee0 [ 563.825906][T14190] do_recvmmsg+0xc5/0x1ee0 [ 563.971045][T14190] not chained 760000 origins [ 563.975677][T14190] CPU: 1 PID: 14190 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 563.984439][T14190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 563.994499][T14190] Call Trace: [ 563.997799][T14190] dump_stack+0x1df/0x240 [ 564.002139][T14190] kmsan_internal_chain_origin+0x6f/0x130 [ 564.007863][T14190] ? kmsan_get_metadata+0x4f/0x180 [ 564.012980][T14190] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 564.018966][T14190] ? __msan_poison_alloca+0xf0/0x120 [ 564.024252][T14190] ? kmsan_get_metadata+0x11d/0x180 [ 564.029456][T14190] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 564.035270][T14190] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 564.041358][T14190] ? kfree+0x61/0x30f0 [ 564.045445][T14190] ? kmsan_get_metadata+0x4f/0x180 [ 564.050650][T14190] ? kmsan_set_origin_checked+0x95/0xf0 [ 564.056213][T14190] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 564.062297][T14190] ? _copy_from_user+0x15b/0x260 [ 564.067244][T14190] ? kmsan_get_metadata+0x4f/0x180 [ 564.072361][T14190] __msan_chain_origin+0x50/0x90 [ 564.077307][T14190] do_recvmmsg+0x105a/0x1ee0 [ 564.082030][T14190] ? __msan_poison_alloca+0xf0/0x120 [ 564.087349][T14190] ? __se_sys_recvmmsg+0xac/0x350 [ 564.092460][T14190] ? __se_sys_recvmmsg+0xac/0x350 [ 564.097485][T14190] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 564.103383][T14190] __se_sys_recvmmsg+0x1d1/0x350 [ 564.108335][T14190] __x64_sys_recvmmsg+0x62/0x80 [ 564.113200][T14190] do_syscall_64+0xb0/0x150 [ 564.117727][T14190] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 564.123621][T14190] RIP: 0033:0x45c1d9 [ 564.127513][T14190] Code: Bad RIP value. [ 564.131580][T14190] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 564.139991][T14190] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 564.147966][T14190] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 564.155940][T14190] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 564.163914][T14190] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 564.172149][T14190] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 564.180335][T14190] Uninit was stored to memory at: [ 564.185367][T14190] kmsan_internal_chain_origin+0xad/0x130 [ 564.191101][T14190] __msan_chain_origin+0x50/0x90 [ 564.196050][T14190] do_recvmmsg+0x105a/0x1ee0 [ 564.200642][T14190] __se_sys_recvmmsg+0x1d1/0x350 [ 564.205595][T14190] __x64_sys_recvmmsg+0x62/0x80 [ 564.210454][T14190] do_syscall_64+0xb0/0x150 [ 564.214965][T14190] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 564.221016][T14190] [ 564.223338][T14190] Uninit was stored to memory at: [ 564.228367][T14190] kmsan_internal_chain_origin+0xad/0x130 [ 564.234336][T14190] __msan_chain_origin+0x50/0x90 [ 564.239275][T14190] do_recvmmsg+0x105a/0x1ee0 [ 564.243868][T14190] __se_sys_recvmmsg+0x1d1/0x350 [ 564.248803][T14190] __x64_sys_recvmmsg+0x62/0x80 [ 564.253658][T14190] do_syscall_64+0xb0/0x150 [ 564.258161][T14190] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 564.264042][T14190] [ 564.266365][T14190] Uninit was stored to memory at: [ 564.271397][T14190] kmsan_internal_chain_origin+0xad/0x130 [ 564.277126][T14190] __msan_chain_origin+0x50/0x90 [ 564.282066][T14190] do_recvmmsg+0x105a/0x1ee0 [ 564.286743][T14190] __se_sys_recvmmsg+0x1d1/0x350 [ 564.291765][T14190] __x64_sys_recvmmsg+0x62/0x80 [ 564.296617][T14190] do_syscall_64+0xb0/0x150 [ 564.301296][T14190] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 564.307182][T14190] [ 564.309504][T14190] Uninit was stored to memory at: [ 564.314547][T14190] kmsan_internal_chain_origin+0xad/0x130 [ 564.320355][T14190] __msan_chain_origin+0x50/0x90 [ 564.325743][T14190] do_recvmmsg+0x105a/0x1ee0 [ 564.330337][T14190] __se_sys_recvmmsg+0x1d1/0x350 [ 564.335274][T14190] __x64_sys_recvmmsg+0x62/0x80 [ 564.340124][T14190] do_syscall_64+0xb0/0x150 [ 564.344630][T14190] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 564.350506][T14190] [ 564.352826][T14190] Uninit was stored to memory at: [ 564.358377][T14190] kmsan_internal_chain_origin+0xad/0x130 [ 564.364183][T14190] __msan_chain_origin+0x50/0x90 [ 564.369380][T14190] do_recvmmsg+0x105a/0x1ee0 [ 564.373970][T14190] __se_sys_recvmmsg+0x1d1/0x350 [ 564.378914][T14190] __x64_sys_recvmmsg+0x62/0x80 [ 564.383763][T14190] do_syscall_64+0xb0/0x150 [ 564.388275][T14190] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 564.394153][T14190] [ 564.396474][T14190] Uninit was stored to memory at: [ 564.401583][T14190] kmsan_internal_chain_origin+0xad/0x130 [ 564.407302][T14190] __msan_chain_origin+0x50/0x90 [ 564.412240][T14190] do_recvmmsg+0x105a/0x1ee0 [ 564.416924][T14190] __se_sys_recvmmsg+0x1d1/0x350 [ 564.421858][T14190] __x64_sys_recvmmsg+0x62/0x80 [ 564.426804][T14190] do_syscall_64+0xb0/0x150 [ 564.431319][T14190] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 564.437202][T14190] [ 564.439525][T14190] Uninit was stored to memory at: [ 564.444561][T14190] kmsan_internal_chain_origin+0xad/0x130 [ 564.450280][T14190] __msan_chain_origin+0x50/0x90 [ 564.455264][T14190] do_recvmmsg+0x105a/0x1ee0 [ 564.459852][T14190] __se_sys_recvmmsg+0x1d1/0x350 [ 564.464798][T14190] __x64_sys_recvmmsg+0x62/0x80 [ 564.469658][T14190] do_syscall_64+0xb0/0x150 [ 564.474166][T14190] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 564.480047][T14190] [ 564.482371][T14190] Local variable ----msg_sys@do_recvmmsg created at: [ 564.489245][T14190] do_recvmmsg+0xc5/0x1ee0 [ 564.493677][T14190] do_recvmmsg+0xc5/0x1ee0 05:28:26 executing program 5: 05:28:26 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:28:26 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r1, 0xc008ae88, &(0x7f00000000c0)={0x3, 0x0, [0x175, 0x0, 0x3, 0x8, 0x639]}) 05:28:26 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f00000002c0)={{0x2, 0x4e23, @remote}, {0x1, @broadcast}, 0x3c, {0x2, 0x4e21, @empty}, 'bridge0\x00'}) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x51f) write$binfmt_script(r2, &(0x7f0000002300)=ANY=[@ANYBLOB="2323a9340666010065300a"], 0xb) close(r2) ioctl$TIOCGRS485(r2, 0x542e, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/hwrng\x00', 0x8e800, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = dup(r7) getsockname$packet(r8, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r9}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) sendmsg$DCCPDIAG_GETSOCK(r5, &(0x7f0000000900)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000008c0)={&(0x7f0000000740)={0x17c, 0x13, 0x200, 0x70bd25, 0x25dfdbff, {0x22, 0x0, 0xce, 0x9, {0x4e24, 0x4e23, [0x3, 0x6, 0xfffffff7, 0x18], [0x418, 0x81, 0x600000, 0x1ff], r9, [0x1, 0x401]}, 0x1, 0x8}, [@INET_DIAG_REQ_BYTECODE={0x7b, 0x1, "e2087ee2b1516a2c31599a083bdc47cc5c14241ae02ccd6cdae4d994fa16279ac2140919712757352118a674e4d9b850c6e5196bab56c8b3ab8d9ed07622df6c75e7e17f1e0d00944651a2cadb630226cc09a58eda70fe22ec64e5eac206f540630273dcd1b24ebe98894ab32c65ace33bbae48d6d674d"}, @INET_DIAG_REQ_BYTECODE={0xb2, 0x1, "6e0ef10f2ed1a3222ba9d4a76102dc25ecc3e1a4b472fb92976542eb8e2121e0403901d9482b968fc4b36754fa230f7ff2b492229484be726dea43a97a83d80f7c8ca6552ddd6df51df526b14ebb4f6590bcb71703023b9be53f6caaf189127fee6615666665ab6097438f87a9e411ce76f541acf968ebd5b119910c81ad1316de0b28d221b2bed81960c5fc5df3b43f5897ced47555b5a8acf8f00fae7e3bf97ce52ec3afab9927e11b7a17fa96"}]}, 0x17c}, 0x1, 0x0, 0x0, 0xc803}, 0x48050) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r10}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) 05:28:26 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:28:26 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700000000000000", @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 564.700263][T14226] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'. [ 564.766314][T14226] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:28:27 executing program 5: 05:28:27 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r1, 0xc008ae88, &(0x7f00000000c0)={0x3, 0x0, [0x175, 0x0, 0x3, 0x8, 0x639]}) 05:28:27 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x51f) write$binfmt_script(r2, &(0x7f0000002300)={'#! ', './file0'}, 0xb) close(r2) ioctl$SNDCTL_DSP_GETFMTS(r2, 0x8004500b, &(0x7f0000000240)=0x8) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x1400200) r3 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockname$packet(r5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYRES64, @ANYRES32=r6, @ANYBLOB="14000100fc0200"/20], 0x2c}}, 0x1) ioctl$EVIOCGSND(r1, 0x8040451a, &(0x7f00000002c0)=""/249) r7 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000440)='/dev/vcsa\x00', 0x20000, 0x0) ioctl$SCSI_IOCTL_START_UNIT(r7, 0x5) r8 = accept4(r3, &(0x7f0000000040)=@xdp, &(0x7f0000000180)=0x80, 0x80000) accept4(r8, &(0x7f00000003c0)=@rc, &(0x7f00000001c0)=0x80, 0x80000) 05:28:27 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700000000000000", @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:28:27 executing program 5: 05:28:27 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r1, 0xc008ae88, &(0x7f00000000c0)={0x3, 0x0, [0x175, 0x0, 0x3, 0x8, 0x639]}) [ 565.400114][T14246] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'. [ 565.456289][T14246] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:28:27 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/18, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 565.707826][T14233] not chained 770000 origins [ 565.712471][T14233] CPU: 1 PID: 14233 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 565.721402][T14233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 565.731547][T14233] Call Trace: [ 565.734857][T14233] dump_stack+0x1df/0x240 [ 565.739627][T14233] kmsan_internal_chain_origin+0x6f/0x130 [ 565.745341][T14233] ? kmsan_get_metadata+0x4f/0x180 [ 565.750440][T14233] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 565.756515][T14233] ? __msan_poison_alloca+0xf0/0x120 [ 565.761791][T14233] ? kmsan_get_metadata+0x11d/0x180 [ 565.767082][T14233] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 565.772883][T14233] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 565.779024][T14233] ? kfree+0x61/0x30f0 [ 565.783208][T14233] ? kmsan_get_metadata+0x4f/0x180 [ 565.788394][T14233] ? kmsan_set_origin_checked+0x95/0xf0 [ 565.793929][T14233] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 565.799990][T14233] ? _copy_from_user+0x15b/0x260 [ 565.804923][T14233] ? kmsan_get_metadata+0x4f/0x180 [ 565.810021][T14233] __msan_chain_origin+0x50/0x90 [ 565.815124][T14233] do_recvmmsg+0x105a/0x1ee0 [ 565.823257][T14233] ? __msan_poison_alloca+0xf0/0x120 [ 565.828560][T14233] ? __se_sys_recvmmsg+0xac/0x350 [ 565.833584][T14233] ? __se_sys_recvmmsg+0xac/0x350 [ 565.838608][T14233] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 565.844494][T14233] __se_sys_recvmmsg+0x1d1/0x350 [ 565.849428][T14233] __x64_sys_recvmmsg+0x62/0x80 [ 565.854283][T14233] do_syscall_64+0xb0/0x150 [ 565.858815][T14233] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 565.864700][T14233] RIP: 0033:0x45c1d9 [ 565.868709][T14233] Code: Bad RIP value. [ 565.872774][T14233] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 565.881182][T14233] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 565.889149][T14233] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 565.897105][T14233] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 565.905064][T14233] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 565.913455][T14233] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 565.921507][T14233] Uninit was stored to memory at: [ 565.926525][T14233] kmsan_internal_chain_origin+0xad/0x130 [ 565.932232][T14233] __msan_chain_origin+0x50/0x90 [ 565.937173][T14233] do_recvmmsg+0x105a/0x1ee0 [ 565.941751][T14233] __se_sys_recvmmsg+0x1d1/0x350 [ 565.946704][T14233] __x64_sys_recvmmsg+0x62/0x80 [ 565.951571][T14233] do_syscall_64+0xb0/0x150 [ 565.956067][T14233] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 565.962026][T14233] [ 565.964339][T14233] Uninit was stored to memory at: [ 565.969799][T14233] kmsan_internal_chain_origin+0xad/0x130 [ 565.975533][T14233] __msan_chain_origin+0x50/0x90 [ 565.980502][T14233] do_recvmmsg+0x105a/0x1ee0 [ 565.985086][T14233] __se_sys_recvmmsg+0x1d1/0x350 [ 565.990104][T14233] __x64_sys_recvmmsg+0x62/0x80 [ 565.994947][T14233] do_syscall_64+0xb0/0x150 [ 565.999636][T14233] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 566.005524][T14233] [ 566.007852][T14233] Uninit was stored to memory at: [ 566.012865][T14233] kmsan_internal_chain_origin+0xad/0x130 [ 566.018588][T14233] __msan_chain_origin+0x50/0x90 [ 566.023692][T14233] do_recvmmsg+0x105a/0x1ee0 [ 566.028268][T14233] __se_sys_recvmmsg+0x1d1/0x350 [ 566.033192][T14233] __x64_sys_recvmmsg+0x62/0x80 [ 566.038032][T14233] do_syscall_64+0xb0/0x150 [ 566.042535][T14233] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 566.048405][T14233] [ 566.050715][T14233] Uninit was stored to memory at: [ 566.055816][T14233] kmsan_internal_chain_origin+0xad/0x130 [ 566.061606][T14233] __msan_chain_origin+0x50/0x90 [ 566.066529][T14233] do_recvmmsg+0x105a/0x1ee0 [ 566.071106][T14233] __se_sys_recvmmsg+0x1d1/0x350 [ 566.076116][T14233] __x64_sys_recvmmsg+0x62/0x80 [ 566.081067][T14233] do_syscall_64+0xb0/0x150 [ 566.085563][T14233] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 566.091432][T14233] [ 566.093739][T14233] Uninit was stored to memory at: [ 566.098777][T14233] kmsan_internal_chain_origin+0xad/0x130 [ 566.104660][T14233] __msan_chain_origin+0x50/0x90 [ 566.109589][T14233] do_recvmmsg+0x105a/0x1ee0 [ 566.114166][T14233] __se_sys_recvmmsg+0x1d1/0x350 [ 566.119090][T14233] __x64_sys_recvmmsg+0x62/0x80 [ 566.123927][T14233] do_syscall_64+0xb0/0x150 [ 566.128439][T14233] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 566.134312][T14233] [ 566.136628][T14233] Uninit was stored to memory at: [ 566.141644][T14233] kmsan_internal_chain_origin+0xad/0x130 [ 566.147351][T14233] __msan_chain_origin+0x50/0x90 [ 566.152276][T14233] do_recvmmsg+0x105a/0x1ee0 [ 566.156857][T14233] __se_sys_recvmmsg+0x1d1/0x350 [ 566.161790][T14233] __x64_sys_recvmmsg+0x62/0x80 [ 566.166625][T14233] do_syscall_64+0xb0/0x150 [ 566.171145][T14233] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 566.177031][T14233] [ 566.179339][T14233] Uninit was stored to memory at: [ 566.184350][T14233] kmsan_internal_chain_origin+0xad/0x130 [ 566.190054][T14233] __msan_chain_origin+0x50/0x90 [ 566.194991][T14233] do_recvmmsg+0x105a/0x1ee0 [ 566.199565][T14233] __se_sys_recvmmsg+0x1d1/0x350 [ 566.204486][T14233] __x64_sys_recvmmsg+0x62/0x80 [ 566.209329][T14233] do_syscall_64+0xb0/0x150 [ 566.213820][T14233] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 566.219718][T14233] [ 566.222036][T14233] Local variable ----msg_sys@do_recvmmsg created at: [ 566.228717][T14233] do_recvmmsg+0xc5/0x1ee0 [ 566.233117][T14233] do_recvmmsg+0xc5/0x1ee0 [ 567.357059][T14263] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 567.408747][T14263] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 567.656885][T14233] not chained 780000 origins [ 567.661527][T14233] CPU: 1 PID: 14233 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 567.670292][T14233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 567.680353][T14233] Call Trace: [ 567.683655][T14233] dump_stack+0x1df/0x240 [ 567.688008][T14233] kmsan_internal_chain_origin+0x6f/0x130 [ 567.693745][T14233] ? kmsan_get_metadata+0x4f/0x180 [ 567.698880][T14233] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 567.704787][T14233] ? __msan_poison_alloca+0xf0/0x120 [ 567.710088][T14233] ? kmsan_get_metadata+0x11d/0x180 [ 567.715298][T14233] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 567.721116][T14233] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 567.727198][T14233] ? kfree+0x61/0x30f0 [ 567.731341][T14233] ? kmsan_get_metadata+0x4f/0x180 [ 567.736460][T14233] ? kmsan_set_origin_checked+0x95/0xf0 [ 567.742015][T14233] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 567.748074][T14233] ? _copy_from_user+0x15b/0x260 [ 567.753434][T14233] ? kmsan_get_metadata+0x4f/0x180 [ 567.758541][T14233] __msan_chain_origin+0x50/0x90 [ 567.763471][T14233] do_recvmmsg+0x105a/0x1ee0 [ 567.768100][T14233] ? __msan_poison_alloca+0xf0/0x120 [ 567.773384][T14233] ? __se_sys_recvmmsg+0xac/0x350 [ 567.778405][T14233] ? __se_sys_recvmmsg+0xac/0x350 [ 567.783697][T14233] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 567.789583][T14233] __se_sys_recvmmsg+0x1d1/0x350 [ 567.794518][T14233] __x64_sys_recvmmsg+0x62/0x80 [ 567.799445][T14233] do_syscall_64+0xb0/0x150 [ 567.803937][T14233] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 567.809916][T14233] RIP: 0033:0x45c1d9 [ 567.813793][T14233] Code: Bad RIP value. [ 567.817856][T14233] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 567.826248][T14233] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 567.834203][T14233] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 567.842160][T14233] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 567.850114][T14233] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 567.858083][T14233] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 567.866143][T14233] Uninit was stored to memory at: [ 567.871154][T14233] kmsan_internal_chain_origin+0xad/0x130 [ 567.876859][T14233] __msan_chain_origin+0x50/0x90 [ 567.881796][T14233] do_recvmmsg+0x105a/0x1ee0 [ 567.886378][T14233] __se_sys_recvmmsg+0x1d1/0x350 [ 567.891392][T14233] __x64_sys_recvmmsg+0x62/0x80 [ 567.896236][T14233] do_syscall_64+0xb0/0x150 [ 567.900741][T14233] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 567.906873][T14233] [ 567.909292][T14233] Uninit was stored to memory at: [ 567.914322][T14233] kmsan_internal_chain_origin+0xad/0x130 [ 567.920038][T14233] __msan_chain_origin+0x50/0x90 [ 567.924960][T14233] do_recvmmsg+0x105a/0x1ee0 [ 567.929535][T14233] __se_sys_recvmmsg+0x1d1/0x350 [ 567.934456][T14233] __x64_sys_recvmmsg+0x62/0x80 [ 567.939314][T14233] do_syscall_64+0xb0/0x150 [ 567.943815][T14233] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 567.949809][T14233] [ 567.952138][T14233] Uninit was stored to memory at: [ 567.957157][T14233] kmsan_internal_chain_origin+0xad/0x130 [ 567.962890][T14233] __msan_chain_origin+0x50/0x90 [ 567.967823][T14233] do_recvmmsg+0x105a/0x1ee0 [ 567.972483][T14233] __se_sys_recvmmsg+0x1d1/0x350 [ 567.977406][T14233] __x64_sys_recvmmsg+0x62/0x80 [ 567.982245][T14233] do_syscall_64+0xb0/0x150 [ 567.986753][T14233] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 567.992620][T14233] [ 567.994930][T14233] Uninit was stored to memory at: [ 567.999963][T14233] kmsan_internal_chain_origin+0xad/0x130 [ 568.005757][T14233] __msan_chain_origin+0x50/0x90 [ 568.010717][T14233] do_recvmmsg+0x105a/0x1ee0 [ 568.015300][T14233] __se_sys_recvmmsg+0x1d1/0x350 [ 568.020223][T14233] __x64_sys_recvmmsg+0x62/0x80 [ 568.025103][T14233] do_syscall_64+0xb0/0x150 [ 568.029590][T14233] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 568.035454][T14233] [ 568.037761][T14233] Uninit was stored to memory at: [ 568.042769][T14233] kmsan_internal_chain_origin+0xad/0x130 [ 568.048471][T14233] __msan_chain_origin+0x50/0x90 [ 568.053487][T14233] do_recvmmsg+0x105a/0x1ee0 [ 568.058060][T14233] __se_sys_recvmmsg+0x1d1/0x350 [ 568.063011][T14233] __x64_sys_recvmmsg+0x62/0x80 [ 568.067893][T14233] do_syscall_64+0xb0/0x150 [ 568.073089][T14233] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 568.078962][T14233] [ 568.081282][T14233] Uninit was stored to memory at: [ 568.086295][T14233] kmsan_internal_chain_origin+0xad/0x130 [ 568.092018][T14233] __msan_chain_origin+0x50/0x90 [ 568.096950][T14233] do_recvmmsg+0x105a/0x1ee0 [ 568.101791][T14233] __se_sys_recvmmsg+0x1d1/0x350 [ 568.107215][T14233] __x64_sys_recvmmsg+0x62/0x80 [ 568.112775][T14233] do_syscall_64+0xb0/0x150 [ 568.117272][T14233] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 568.123314][T14233] [ 568.125632][T14233] Uninit was stored to memory at: [ 568.130642][T14233] kmsan_internal_chain_origin+0xad/0x130 [ 568.136342][T14233] __msan_chain_origin+0x50/0x90 [ 568.141274][T14233] do_recvmmsg+0x105a/0x1ee0 [ 568.145849][T14233] __se_sys_recvmmsg+0x1d1/0x350 [ 568.150770][T14233] __x64_sys_recvmmsg+0x62/0x80 [ 568.155778][T14233] do_syscall_64+0xb0/0x150 [ 568.160264][T14233] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 568.166135][T14233] [ 568.169050][T14233] Local variable ----msg_sys@do_recvmmsg created at: [ 568.175723][T14233] do_recvmmsg+0xc5/0x1ee0 [ 568.180125][T14233] do_recvmmsg+0xc5/0x1ee0 [ 569.237608][T14233] not chained 790000 origins [ 569.242243][T14233] CPU: 1 PID: 14233 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 569.250911][T14233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 569.260970][T14233] Call Trace: [ 569.264286][T14233] dump_stack+0x1df/0x240 [ 569.268911][T14233] kmsan_internal_chain_origin+0x6f/0x130 [ 569.274641][T14233] ? kmsan_get_metadata+0x4f/0x180 [ 569.279760][T14233] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 569.285665][T14233] ? __msan_poison_alloca+0xf0/0x120 [ 569.290961][T14233] ? kmsan_get_metadata+0x11d/0x180 [ 569.296178][T14233] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 569.302003][T14233] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 569.308342][T14233] ? kfree+0x61/0x30f0 [ 569.312425][T14233] ? kmsan_get_metadata+0x4f/0x180 [ 569.318010][T14233] ? kmsan_set_origin_checked+0x95/0xf0 [ 569.323670][T14233] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 569.329751][T14233] ? _copy_from_user+0x15b/0x260 [ 569.334697][T14233] ? kmsan_get_metadata+0x4f/0x180 [ 569.339821][T14233] __msan_chain_origin+0x50/0x90 [ 569.344947][T14233] do_recvmmsg+0x105a/0x1ee0 [ 569.349583][T14233] ? __msan_poison_alloca+0xf0/0x120 [ 569.354913][T14233] ? __se_sys_recvmmsg+0xac/0x350 [ 569.359949][T14233] ? __se_sys_recvmmsg+0xac/0x350 [ 569.364997][T14233] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 569.371695][T14233] __se_sys_recvmmsg+0x1d1/0x350 [ 569.376657][T14233] __x64_sys_recvmmsg+0x62/0x80 [ 569.381611][T14233] do_syscall_64+0xb0/0x150 [ 569.386395][T14233] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 569.392292][T14233] RIP: 0033:0x45c1d9 [ 569.396179][T14233] Code: Bad RIP value. [ 569.400246][T14233] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 569.408751][T14233] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 569.416735][T14233] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 569.424719][T14233] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 569.432790][T14233] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 569.440915][T14233] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 569.448911][T14233] Uninit was stored to memory at: [ 569.453965][T14233] kmsan_internal_chain_origin+0xad/0x130 [ 569.459753][T14233] __msan_chain_origin+0x50/0x90 [ 569.464705][T14233] do_recvmmsg+0x105a/0x1ee0 [ 569.469312][T14233] __se_sys_recvmmsg+0x1d1/0x350 [ 569.474272][T14233] __x64_sys_recvmmsg+0x62/0x80 [ 569.479225][T14233] do_syscall_64+0xb0/0x150 [ 569.483746][T14233] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 569.489634][T14233] [ 569.491972][T14233] Uninit was stored to memory at: [ 569.497028][T14233] kmsan_internal_chain_origin+0xad/0x130 [ 569.502760][T14233] __msan_chain_origin+0x50/0x90 [ 569.507714][T14233] do_recvmmsg+0x105a/0x1ee0 [ 569.512320][T14233] __se_sys_recvmmsg+0x1d1/0x350 [ 569.517270][T14233] __x64_sys_recvmmsg+0x62/0x80 [ 569.522223][T14233] do_syscall_64+0xb0/0x150 [ 569.526735][T14233] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 569.532619][T14233] [ 569.534946][T14233] Uninit was stored to memory at: [ 569.539987][T14233] kmsan_internal_chain_origin+0xad/0x130 [ 569.545721][T14233] __msan_chain_origin+0x50/0x90 [ 569.550674][T14233] do_recvmmsg+0x105a/0x1ee0 [ 569.555327][T14233] __se_sys_recvmmsg+0x1d1/0x350 [ 569.560935][T14233] __x64_sys_recvmmsg+0x62/0x80 [ 569.565801][T14233] do_syscall_64+0xb0/0x150 [ 569.570316][T14233] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 569.576212][T14233] [ 569.578542][T14233] Uninit was stored to memory at: [ 569.583578][T14233] kmsan_internal_chain_origin+0xad/0x130 [ 569.589305][T14233] __msan_chain_origin+0x50/0x90 [ 569.594257][T14233] do_recvmmsg+0x105a/0x1ee0 [ 569.598856][T14233] __se_sys_recvmmsg+0x1d1/0x350 [ 569.603806][T14233] __x64_sys_recvmmsg+0x62/0x80 [ 569.608678][T14233] do_syscall_64+0xb0/0x150 [ 569.613194][T14233] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 569.619172][T14233] [ 569.621499][T14233] Uninit was stored to memory at: [ 569.626530][T14233] kmsan_internal_chain_origin+0xad/0x130 [ 569.632254][T14233] __msan_chain_origin+0x50/0x90 [ 569.637199][T14233] do_recvmmsg+0x105a/0x1ee0 [ 569.641797][T14233] __se_sys_recvmmsg+0x1d1/0x350 [ 569.646768][T14233] __x64_sys_recvmmsg+0x62/0x80 [ 569.651629][T14233] do_syscall_64+0xb0/0x150 [ 569.656235][T14233] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 569.662116][T14233] [ 569.664439][T14233] Uninit was stored to memory at: [ 569.669486][T14233] kmsan_internal_chain_origin+0xad/0x130 [ 569.675215][T14233] __msan_chain_origin+0x50/0x90 [ 569.680166][T14233] do_recvmmsg+0x105a/0x1ee0 [ 569.684862][T14233] __se_sys_recvmmsg+0x1d1/0x350 [ 569.689820][T14233] __x64_sys_recvmmsg+0x62/0x80 [ 569.694679][T14233] do_syscall_64+0xb0/0x150 [ 569.699213][T14233] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 569.705101][T14233] [ 569.707437][T14233] Uninit was stored to memory at: [ 569.712473][T14233] kmsan_internal_chain_origin+0xad/0x130 [ 569.718248][T14233] __msan_chain_origin+0x50/0x90 [ 569.723196][T14233] do_recvmmsg+0x105a/0x1ee0 [ 569.727796][T14233] __se_sys_recvmmsg+0x1d1/0x350 [ 569.732846][T14233] __x64_sys_recvmmsg+0x62/0x80 [ 569.737709][T14233] do_syscall_64+0xb0/0x150 [ 569.742219][T14233] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 569.748103][T14233] [ 569.750430][T14233] Local variable ----msg_sys@do_recvmmsg created at: [ 569.757119][T14233] do_recvmmsg+0xc5/0x1ee0 [ 569.761544][T14233] do_recvmmsg+0xc5/0x1ee0 05:28:32 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:28:32 executing program 5: 05:28:32 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r1, 0xc008ae88, &(0x7f00000000c0)={0x3, 0x0, [0x175, 0x0, 0x3, 0x8, 0x639]}) 05:28:32 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/18, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:28:32 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) [ 570.258870][T14274] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 570.336209][T14274] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:28:32 executing program 5: 05:28:32 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(0xffffffffffffffff, 0xc008ae88, &(0x7f00000000c0)={0x3, 0x0, [0x175, 0x0, 0x3, 0x8, 0x639]}) 05:28:32 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/18, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:28:32 executing program 5: [ 570.800683][T14277] not chained 800000 origins [ 570.805409][T14277] CPU: 0 PID: 14277 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 570.814177][T14277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 570.824247][T14277] Call Trace: [ 570.827553][T14277] dump_stack+0x1df/0x240 [ 570.831995][T14277] kmsan_internal_chain_origin+0x6f/0x130 [ 570.837728][T14277] ? kmsan_get_metadata+0x4f/0x180 [ 570.842853][T14277] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 570.848767][T14277] ? __msan_poison_alloca+0xf0/0x120 [ 570.854174][T14277] ? kmsan_get_metadata+0x11d/0x180 [ 570.859458][T14277] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 570.865264][T14277] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 570.871320][T14277] ? kfree+0x61/0x30f0 [ 570.875384][T14277] ? kmsan_get_metadata+0x4f/0x180 [ 570.880491][T14277] ? kmsan_set_origin_checked+0x95/0xf0 [ 570.886049][T14277] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 570.892108][T14277] ? _copy_from_user+0x15b/0x260 [ 570.897045][T14277] ? kmsan_get_metadata+0x4f/0x180 [ 570.902163][T14277] __msan_chain_origin+0x50/0x90 [ 570.907122][T14277] do_recvmmsg+0x105a/0x1ee0 [ 570.911731][T14277] ? __msan_poison_alloca+0xf0/0x120 [ 570.917012][T14277] ? __se_sys_recvmmsg+0xac/0x350 [ 570.922046][T14277] ? __se_sys_recvmmsg+0xac/0x350 [ 570.927060][T14277] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 570.932946][T14277] __se_sys_recvmmsg+0x1d1/0x350 [ 570.937967][T14277] __x64_sys_recvmmsg+0x62/0x80 [ 570.942832][T14277] do_syscall_64+0xb0/0x150 [ 570.947327][T14277] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 570.954226][T14277] RIP: 0033:0x45c1d9 [ 570.958123][T14277] Code: Bad RIP value. [ 570.962190][T14277] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 570.970601][T14277] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 570.978751][T14277] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 570.986794][T14277] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 570.994773][T14277] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 571.002740][T14277] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 571.011140][T14277] Uninit was stored to memory at: [ 571.016242][T14277] kmsan_internal_chain_origin+0xad/0x130 [ 571.021949][T14277] __msan_chain_origin+0x50/0x90 [ 571.026875][T14277] do_recvmmsg+0x105a/0x1ee0 [ 571.031451][T14277] __se_sys_recvmmsg+0x1d1/0x350 [ 571.036374][T14277] __x64_sys_recvmmsg+0x62/0x80 [ 571.041210][T14277] do_syscall_64+0xb0/0x150 [ 571.045791][T14277] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 571.052008][T14277] [ 571.054407][T14277] Uninit was stored to memory at: [ 571.059437][T14277] kmsan_internal_chain_origin+0xad/0x130 [ 571.065152][T14277] __msan_chain_origin+0x50/0x90 [ 571.070081][T14277] do_recvmmsg+0x105a/0x1ee0 [ 571.074660][T14277] __se_sys_recvmmsg+0x1d1/0x350 [ 571.079585][T14277] __x64_sys_recvmmsg+0x62/0x80 [ 571.084433][T14277] do_syscall_64+0xb0/0x150 [ 571.088942][T14277] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 571.094824][T14277] [ 571.097143][T14277] Uninit was stored to memory at: [ 571.102598][T14277] kmsan_internal_chain_origin+0xad/0x130 [ 571.108305][T14277] __msan_chain_origin+0x50/0x90 [ 571.113253][T14277] do_recvmmsg+0x105a/0x1ee0 [ 571.117838][T14277] __se_sys_recvmmsg+0x1d1/0x350 [ 571.122776][T14277] __x64_sys_recvmmsg+0x62/0x80 [ 571.127790][T14277] do_syscall_64+0xb0/0x150 [ 571.132298][T14277] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 571.138168][T14277] [ 571.140480][T14277] Uninit was stored to memory at: [ 571.145491][T14277] kmsan_internal_chain_origin+0xad/0x130 [ 571.151194][T14277] __msan_chain_origin+0x50/0x90 [ 571.156135][T14277] do_recvmmsg+0x105a/0x1ee0 [ 571.160711][T14277] __se_sys_recvmmsg+0x1d1/0x350 [ 571.165642][T14277] __x64_sys_recvmmsg+0x62/0x80 [ 571.170476][T14277] do_syscall_64+0xb0/0x150 [ 571.174974][T14277] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 571.180844][T14277] [ 571.183155][T14277] Uninit was stored to memory at: [ 571.188183][T14277] kmsan_internal_chain_origin+0xad/0x130 [ 571.193894][T14277] __msan_chain_origin+0x50/0x90 [ 571.198819][T14277] do_recvmmsg+0x105a/0x1ee0 [ 571.203398][T14277] __se_sys_recvmmsg+0x1d1/0x350 [ 571.208320][T14277] __x64_sys_recvmmsg+0x62/0x80 [ 571.213160][T14277] do_syscall_64+0xb0/0x150 [ 571.217666][T14277] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 571.223542][T14277] [ 571.225853][T14277] Uninit was stored to memory at: [ 571.230869][T14277] kmsan_internal_chain_origin+0xad/0x130 [ 571.236580][T14277] __msan_chain_origin+0x50/0x90 [ 571.241507][T14277] do_recvmmsg+0x105a/0x1ee0 [ 571.246084][T14277] __se_sys_recvmmsg+0x1d1/0x350 [ 571.251027][T14277] __x64_sys_recvmmsg+0x62/0x80 [ 571.255876][T14277] do_syscall_64+0xb0/0x150 [ 571.260377][T14277] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 571.266251][T14277] [ 571.268925][T14277] Uninit was stored to memory at: [ 571.273942][T14277] kmsan_internal_chain_origin+0xad/0x130 [ 571.279648][T14277] __msan_chain_origin+0x50/0x90 [ 571.284661][T14277] do_recvmmsg+0x105a/0x1ee0 [ 571.289235][T14277] __se_sys_recvmmsg+0x1d1/0x350 [ 571.294159][T14277] __x64_sys_recvmmsg+0x62/0x80 05:28:33 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(0xffffffffffffffff, 0xc008ae88, &(0x7f00000000c0)={0x3, 0x0, [0x175, 0x0, 0x3, 0x8, 0x639]}) [ 571.299011][T14277] do_syscall_64+0xb0/0x150 [ 571.303500][T14277] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 571.309367][T14277] [ 571.311693][T14277] Local variable ----msg_sys@do_recvmmsg created at: [ 571.318489][T14277] do_recvmmsg+0xc5/0x1ee0 [ 571.322892][T14277] do_recvmmsg+0xc5/0x1ee0 [ 571.377596][T14292] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 571.389758][T14291] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:28:33 executing program 5: 05:28:33 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/19, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 572.160520][ T1] systemd[1]: systemd-journald.service: Main process exited, code=killed, status=6/ABRT [ 572.189235][ T1] systemd[1]: systemd-journald.service: Unit entered failed state. [ 572.220445][ T1] systemd[1]: systemd-journald.service: Failed with result 'watchdog'. [ 572.256501][ T1] systemd[1]: systemd-journald.service: Service has no hold-off time, scheduling restart. [ 572.395572][ T1] systemd[1]: Stopped Flush Journal to Persistent Storage. [ 572.443134][ T1] systemd[1]: Stopping Flush Journal to Persistent Storage... [ 572.487530][T14309] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'. [ 572.490941][ T1] systemd[1]: Stopped Journal Service. [ 572.540245][T14309] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 572.688042][ T1] systemd[1]: Starting Journal Service... [ 572.917310][T14277] not chained 810000 origins [ 572.921971][T14277] CPU: 1 PID: 14277 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 572.930644][T14277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 572.940707][T14277] Call Trace: [ 572.944015][T14277] dump_stack+0x1df/0x240 [ 572.948343][T14277] kmsan_internal_chain_origin+0x6f/0x130 [ 572.954202][T14277] ? kmsan_get_metadata+0x4f/0x180 [ 572.959308][T14277] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 572.965217][T14277] ? __msan_poison_alloca+0xf0/0x120 [ 572.970496][T14277] ? kmsan_get_metadata+0x11d/0x180 [ 572.975686][T14277] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 572.981482][T14277] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 572.987546][T14277] ? kfree+0x61/0x30f0 [ 572.991603][T14277] ? kmsan_get_metadata+0x4f/0x180 [ 572.996701][T14277] ? kmsan_set_origin_checked+0x95/0xf0 [ 573.002324][T14277] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 573.008399][T14277] ? _copy_from_user+0x15b/0x260 [ 573.013325][T14277] ? kmsan_get_metadata+0x4f/0x180 [ 573.018511][T14277] __msan_chain_origin+0x50/0x90 [ 573.023450][T14277] do_recvmmsg+0x105a/0x1ee0 [ 573.028058][T14277] ? __msan_poison_alloca+0xf0/0x120 [ 573.033332][T14277] ? __se_sys_recvmmsg+0xac/0x350 [ 573.038341][T14277] ? __se_sys_recvmmsg+0xac/0x350 [ 573.043852][T14277] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 573.050791][T14277] __se_sys_recvmmsg+0x1d1/0x350 [ 573.055725][T14277] __x64_sys_recvmmsg+0x62/0x80 [ 573.060744][T14277] do_syscall_64+0xb0/0x150 [ 573.065239][T14277] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 573.071115][T14277] RIP: 0033:0x45c1d9 [ 573.074989][T14277] Code: Bad RIP value. [ 573.079049][T14277] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 573.087463][T14277] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 573.095426][T14277] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 573.103509][T14277] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 573.111468][T14277] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 573.119425][T14277] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 573.127394][T14277] Uninit was stored to memory at: [ 573.132498][T14277] kmsan_internal_chain_origin+0xad/0x130 [ 573.138202][T14277] __msan_chain_origin+0x50/0x90 [ 573.143229][T14277] do_recvmmsg+0x105a/0x1ee0 [ 573.147893][T14277] __se_sys_recvmmsg+0x1d1/0x350 [ 573.152818][T14277] __x64_sys_recvmmsg+0x62/0x80 [ 573.157915][T14277] do_syscall_64+0xb0/0x150 [ 573.162429][T14277] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 573.168470][T14277] [ 573.170781][T14277] Uninit was stored to memory at: [ 573.175793][T14277] kmsan_internal_chain_origin+0xad/0x130 [ 573.181500][T14277] __msan_chain_origin+0x50/0x90 [ 573.186424][T14277] do_recvmmsg+0x105a/0x1ee0 [ 573.190996][T14277] __se_sys_recvmmsg+0x1d1/0x350 [ 573.195923][T14277] __x64_sys_recvmmsg+0x62/0x80 [ 573.200777][T14277] do_syscall_64+0xb0/0x150 [ 573.205270][T14277] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 573.211140][T14277] [ 573.213458][T14277] Uninit was stored to memory at: [ 573.218471][T14277] kmsan_internal_chain_origin+0xad/0x130 [ 573.224192][T14277] __msan_chain_origin+0x50/0x90 [ 573.229133][T14277] do_recvmmsg+0x105a/0x1ee0 [ 573.233729][T14277] __se_sys_recvmmsg+0x1d1/0x350 [ 573.238661][T14277] __x64_sys_recvmmsg+0x62/0x80 [ 573.243499][T14277] do_syscall_64+0xb0/0x150 [ 573.247991][T14277] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 573.253859][T14277] [ 573.256304][T14277] Uninit was stored to memory at: [ 573.261318][T14277] kmsan_internal_chain_origin+0xad/0x130 [ 573.267022][T14277] __msan_chain_origin+0x50/0x90 [ 573.271949][T14277] do_recvmmsg+0x105a/0x1ee0 [ 573.276526][T14277] __se_sys_recvmmsg+0x1d1/0x350 [ 573.281446][T14277] __x64_sys_recvmmsg+0x62/0x80 [ 573.286282][T14277] do_syscall_64+0xb0/0x150 [ 573.290774][T14277] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 573.296670][T14277] [ 573.298996][T14277] Uninit was stored to memory at: [ 573.304016][T14277] kmsan_internal_chain_origin+0xad/0x130 [ 573.309728][T14277] __msan_chain_origin+0x50/0x90 [ 573.314757][T14277] do_recvmmsg+0x105a/0x1ee0 [ 573.319418][T14277] __se_sys_recvmmsg+0x1d1/0x350 [ 573.324413][T14277] __x64_sys_recvmmsg+0x62/0x80 [ 573.329249][T14277] do_syscall_64+0xb0/0x150 [ 573.333739][T14277] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 573.339605][T14277] [ 573.341928][T14277] Uninit was stored to memory at: [ 573.347896][T14277] kmsan_internal_chain_origin+0xad/0x130 [ 573.353599][T14277] __msan_chain_origin+0x50/0x90 [ 573.358521][T14277] do_recvmmsg+0x105a/0x1ee0 [ 573.363098][T14277] __se_sys_recvmmsg+0x1d1/0x350 [ 573.368022][T14277] __x64_sys_recvmmsg+0x62/0x80 [ 573.372859][T14277] do_syscall_64+0xb0/0x150 [ 573.377351][T14277] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 573.383234][T14277] [ 573.385547][T14277] Uninit was stored to memory at: [ 573.390557][T14277] kmsan_internal_chain_origin+0xad/0x130 [ 573.396278][T14277] __msan_chain_origin+0x50/0x90 [ 573.401199][T14277] do_recvmmsg+0x105a/0x1ee0 [ 573.406383][T14277] __se_sys_recvmmsg+0x1d1/0x350 [ 573.411304][T14277] __x64_sys_recvmmsg+0x62/0x80 [ 573.416141][T14277] do_syscall_64+0xb0/0x150 [ 573.420629][T14277] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 573.426511][T14277] [ 573.428822][T14277] Local variable ----msg_sys@do_recvmmsg created at: [ 573.435483][T14277] do_recvmmsg+0xc5/0x1ee0 [ 573.439888][T14277] do_recvmmsg+0xc5/0x1ee0 [ 573.701173][T14277] not chained 820000 origins [ 573.705814][T14277] CPU: 0 PID: 14277 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 573.714485][T14277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 573.724549][T14277] Call Trace: [ 573.727847][T14277] dump_stack+0x1df/0x240 [ 573.732193][T14277] kmsan_internal_chain_origin+0x6f/0x130 [ 573.737933][T14277] ? __msan_get_context_state+0x9/0x20 [ 573.743405][T14277] ? idtentry_exit_cond_rcu+0x12/0x50 [ 573.748868][T14277] ? __exc_page_fault+0xf6/0x390 [ 573.753817][T14277] ? exc_page_fault+0x45/0x50 [ 573.758501][T14277] ? kmsan_get_metadata+0x4f/0x180 [ 573.763705][T14277] ? kmsan_set_origin_checked+0x95/0xf0 [ 573.769259][T14277] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 573.775342][T14277] ? _copy_from_user+0x15b/0x260 [ 573.780284][T14277] ? kmsan_get_metadata+0x4f/0x180 [ 573.785402][T14277] __msan_chain_origin+0x50/0x90 [ 573.790361][T14277] do_recvmmsg+0x105a/0x1ee0 [ 573.794998][T14277] ? __msan_poison_alloca+0xf0/0x120 [ 573.800390][T14277] ? __se_sys_recvmmsg+0xac/0x350 [ 573.805430][T14277] ? __se_sys_recvmmsg+0xac/0x350 [ 573.810463][T14277] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 573.816372][T14277] __se_sys_recvmmsg+0x1d1/0x350 [ 573.821324][T14277] __x64_sys_recvmmsg+0x62/0x80 [ 573.826181][T14277] do_syscall_64+0xb0/0x150 [ 573.830694][T14277] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 573.836583][T14277] RIP: 0033:0x45c1d9 [ 573.840480][T14277] Code: Bad RIP value. [ 573.844549][T14277] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 573.853049][T14277] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 573.861371][T14277] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 573.869345][T14277] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 573.877319][T14277] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 573.885293][T14277] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 573.893392][T14277] Uninit was stored to memory at: [ 573.898428][T14277] kmsan_internal_chain_origin+0xad/0x130 [ 573.904161][T14277] __msan_chain_origin+0x50/0x90 [ 573.909102][T14277] do_recvmmsg+0x105a/0x1ee0 [ 573.913716][T14277] __se_sys_recvmmsg+0x1d1/0x350 [ 573.918657][T14277] __x64_sys_recvmmsg+0x62/0x80 [ 573.923525][T14277] do_syscall_64+0xb0/0x150 [ 573.928032][T14277] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 573.934088][T14277] [ 573.936411][T14277] Uninit was stored to memory at: [ 573.941448][T14277] kmsan_internal_chain_origin+0xad/0x130 [ 573.947179][T14277] __msan_chain_origin+0x50/0x90 [ 573.952127][T14277] do_recvmmsg+0x105a/0x1ee0 [ 573.956725][T14277] __se_sys_recvmmsg+0x1d1/0x350 [ 573.961669][T14277] __x64_sys_recvmmsg+0x62/0x80 [ 573.966529][T14277] do_syscall_64+0xb0/0x150 [ 573.971041][T14277] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 573.977100][T14277] [ 573.979430][T14277] Uninit was stored to memory at: [ 573.984469][T14277] kmsan_internal_chain_origin+0xad/0x130 [ 573.990195][T14277] __msan_chain_origin+0x50/0x90 [ 573.995137][T14277] do_recvmmsg+0x105a/0x1ee0 [ 573.999732][T14277] __se_sys_recvmmsg+0x1d1/0x350 [ 574.004680][T14277] __x64_sys_recvmmsg+0x62/0x80 [ 574.009538][T14277] do_syscall_64+0xb0/0x150 [ 574.014080][T14277] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 574.019971][T14277] [ 574.022293][T14277] Uninit was stored to memory at: [ 574.027322][T14277] kmsan_internal_chain_origin+0xad/0x130 [ 574.033042][T14277] __msan_chain_origin+0x50/0x90 [ 574.037988][T14277] do_recvmmsg+0x105a/0x1ee0 [ 574.042584][T14277] __se_sys_recvmmsg+0x1d1/0x350 [ 574.047529][T14277] __x64_sys_recvmmsg+0x62/0x80 [ 574.052397][T14277] do_syscall_64+0xb0/0x150 [ 574.056897][T14277] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 574.062761][T14277] [ 574.065194][T14277] Uninit was stored to memory at: [ 574.070196][T14277] kmsan_internal_chain_origin+0xad/0x130 [ 574.076098][T14277] __msan_chain_origin+0x50/0x90 [ 574.081041][T14277] do_recvmmsg+0x105a/0x1ee0 [ 574.085646][T14277] __se_sys_recvmmsg+0x1d1/0x350 [ 574.090588][T14277] __x64_sys_recvmmsg+0x62/0x80 [ 574.095445][T14277] do_syscall_64+0xb0/0x150 [ 574.096653][T14313] systemd-journald[14313]: File /run/log/journal/64dd78f1a75445a997c532444ad0f085/system.journal corrupted or uncleanly shut down, renaming and replacing. [ 574.099947][T14277] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 574.099981][T14277] [ 574.123928][T14277] Uninit was stored to memory at: [ 574.128983][T14277] kmsan_internal_chain_origin+0xad/0x130 [ 574.134710][T14277] __msan_chain_origin+0x50/0x90 [ 574.139655][T14277] do_recvmmsg+0x105a/0x1ee0 [ 574.144255][T14277] __se_sys_recvmmsg+0x1d1/0x350 [ 574.149198][T14277] __x64_sys_recvmmsg+0x62/0x80 [ 574.154056][T14277] do_syscall_64+0xb0/0x150 [ 574.158564][T14277] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 574.164464][T14277] [ 574.166786][T14277] Uninit was stored to memory at: [ 574.171812][T14277] kmsan_internal_chain_origin+0xad/0x130 [ 574.177537][T14277] __msan_chain_origin+0x50/0x90 [ 574.182491][T14277] do_recvmmsg+0x105a/0x1ee0 [ 574.187087][T14277] __se_sys_recvmmsg+0x1d1/0x350 [ 574.192026][T14277] __x64_sys_recvmmsg+0x62/0x80 [ 574.196877][T14277] do_syscall_64+0xb0/0x150 [ 574.201391][T14277] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 574.207275][T14277] [ 574.209600][T14277] Local variable ----msg_sys@do_recvmmsg created at: [ 574.216384][T14277] do_recvmmsg+0xc5/0x1ee0 [ 574.220803][T14277] do_recvmmsg+0xc5/0x1ee0 05:28:36 executing program 5: 05:28:36 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(0xffffffffffffffff, 0xc008ae88, &(0x7f00000000c0)={0x3, 0x0, [0x175, 0x0, 0x3, 0x8, 0x639]}) 05:28:36 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/19, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:28:36 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:28:36 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = dup(0xffffffffffffffff) getsockname$packet(r3, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r4}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000002200)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000021c0)={&(0x7f0000000b40)={0x7ac, 0x0, 0x300, 0x70bd25, 0x25dfdbfe}, 0x7ac}, 0x1, 0x0, 0x0, 0x8000}, 0x20000000) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) r7 = creat(&(0x7f00000000c0)='./file0\x00', 0x51f) write$binfmt_script(r7, &(0x7f0000002300)={'#! ', './file0'}, 0xb) r8 = creat(&(0x7f00000000c0)='./file0\x00', 0x51f) write$binfmt_script(r8, &(0x7f0000002300)={'#! ', './file0'}, 0xb) close(r8) setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r8, 0x84, 0x8, &(0x7f0000000180)=0x6, 0x4) close(r7) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r7, 0x0, 0x61, &(0x7f0000000040)={'filter\x00', 0x4}, 0x68) getsockname$packet(r6, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r9}, [@IFA_ADDRESS={0x14, 0x1, @private2}]}, 0x2c}}, 0x0) 05:28:36 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) [ 574.408318][T14317] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'. [ 574.460640][T14317] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:28:36 executing program 5: 05:28:36 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc008ae88, 0x0) 05:28:36 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/19, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 574.778136][T14321] not chained 830000 origins [ 574.782777][T14321] CPU: 0 PID: 14321 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 574.791451][T14321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 574.801513][T14321] Call Trace: [ 574.804820][T14321] dump_stack+0x1df/0x240 [ 574.809275][T14321] kmsan_internal_chain_origin+0x6f/0x130 [ 574.815015][T14321] ? kmsan_get_metadata+0x4f/0x180 [ 574.820169][T14321] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 574.826075][T14321] ? __msan_poison_alloca+0xf0/0x120 [ 574.831447][T14321] ? kmsan_get_metadata+0x11d/0x180 [ 574.836635][T14321] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 574.843251][T14321] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 574.849477][T14321] ? kfree+0x61/0x30f0 [ 574.853572][T14321] ? kmsan_get_metadata+0x4f/0x180 [ 574.858672][T14321] ? kmsan_set_origin_checked+0x95/0xf0 [ 574.864382][T14321] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 574.870449][T14321] ? _copy_from_user+0x15b/0x260 [ 574.875374][T14321] ? kmsan_get_metadata+0x4f/0x180 [ 574.880470][T14321] __msan_chain_origin+0x50/0x90 [ 574.885919][T14321] do_recvmmsg+0x105a/0x1ee0 [ 574.890523][T14321] ? __msan_poison_alloca+0xf0/0x120 [ 574.895798][T14321] ? __se_sys_recvmmsg+0xac/0x350 [ 574.900808][T14321] ? __se_sys_recvmmsg+0xac/0x350 [ 574.905823][T14321] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 574.911702][T14321] __se_sys_recvmmsg+0x1d1/0x350 [ 574.916631][T14321] __x64_sys_recvmmsg+0x62/0x80 [ 574.921472][T14321] do_syscall_64+0xb0/0x150 [ 574.925964][T14321] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 574.931928][T14321] RIP: 0033:0x45c1d9 [ 574.935804][T14321] Code: Bad RIP value. [ 574.939853][T14321] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 574.948245][T14321] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 574.956215][T14321] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 574.964180][T14321] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 574.972428][T14321] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 574.980562][T14321] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 574.988633][T14321] Uninit was stored to memory at: [ 574.993648][T14321] kmsan_internal_chain_origin+0xad/0x130 [ 574.999348][T14321] __msan_chain_origin+0x50/0x90 [ 575.004270][T14321] do_recvmmsg+0x105a/0x1ee0 [ 575.008872][T14321] __se_sys_recvmmsg+0x1d1/0x350 [ 575.013818][T14321] __x64_sys_recvmmsg+0x62/0x80 [ 575.018662][T14321] do_syscall_64+0xb0/0x150 [ 575.023149][T14321] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 575.029020][T14321] [ 575.031425][T14321] Uninit was stored to memory at: [ 575.036436][T14321] kmsan_internal_chain_origin+0xad/0x130 [ 575.042139][T14321] __msan_chain_origin+0x50/0x90 [ 575.047061][T14321] do_recvmmsg+0x105a/0x1ee0 [ 575.051634][T14321] __se_sys_recvmmsg+0x1d1/0x350 [ 575.056653][T14321] __x64_sys_recvmmsg+0x62/0x80 [ 575.061488][T14321] do_syscall_64+0xb0/0x150 [ 575.066009][T14321] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 575.071876][T14321] [ 575.074187][T14321] Uninit was stored to memory at: [ 575.079197][T14321] kmsan_internal_chain_origin+0xad/0x130 [ 575.084898][T14321] __msan_chain_origin+0x50/0x90 [ 575.090183][T14321] do_recvmmsg+0x105a/0x1ee0 [ 575.094767][T14321] __se_sys_recvmmsg+0x1d1/0x350 [ 575.099729][T14321] __x64_sys_recvmmsg+0x62/0x80 [ 575.104573][T14321] do_syscall_64+0xb0/0x150 [ 575.109066][T14321] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 575.114944][T14321] [ 575.117253][T14321] Uninit was stored to memory at: [ 575.122264][T14321] kmsan_internal_chain_origin+0xad/0x130 [ 575.127966][T14321] __msan_chain_origin+0x50/0x90 [ 575.132889][T14321] do_recvmmsg+0x105a/0x1ee0 [ 575.137468][T14321] __se_sys_recvmmsg+0x1d1/0x350 [ 575.142394][T14321] __x64_sys_recvmmsg+0x62/0x80 [ 575.147231][T14321] do_syscall_64+0xb0/0x150 [ 575.151719][T14321] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 575.157588][T14321] [ 575.159900][T14321] Uninit was stored to memory at: [ 575.164927][T14321] kmsan_internal_chain_origin+0xad/0x130 [ 575.170644][T14321] __msan_chain_origin+0x50/0x90 [ 575.175593][T14321] do_recvmmsg+0x105a/0x1ee0 [ 575.180173][T14321] __se_sys_recvmmsg+0x1d1/0x350 [ 575.185122][T14321] __x64_sys_recvmmsg+0x62/0x80 [ 575.189961][T14321] do_syscall_64+0xb0/0x150 [ 575.194451][T14321] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 575.200321][T14321] [ 575.202639][T14321] Uninit was stored to memory at: [ 575.207649][T14321] kmsan_internal_chain_origin+0xad/0x130 [ 575.213353][T14321] __msan_chain_origin+0x50/0x90 [ 575.218450][T14321] do_recvmmsg+0x105a/0x1ee0 [ 575.223025][T14321] __se_sys_recvmmsg+0x1d1/0x350 [ 575.228048][T14321] __x64_sys_recvmmsg+0x62/0x80 [ 575.232888][T14321] do_syscall_64+0xb0/0x150 [ 575.237383][T14321] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 575.243298][T14321] [ 575.245608][T14321] Uninit was stored to memory at: [ 575.250740][T14321] kmsan_internal_chain_origin+0xad/0x130 [ 575.256442][T14321] __msan_chain_origin+0x50/0x90 [ 575.261388][T14321] do_recvmmsg+0x105a/0x1ee0 [ 575.266917][T14321] __se_sys_recvmmsg+0x1d1/0x350 [ 575.271842][T14321] __x64_sys_recvmmsg+0x62/0x80 [ 575.276684][T14321] do_syscall_64+0xb0/0x150 [ 575.281174][T14321] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 575.287203][T14321] [ 575.289522][T14321] Local variable ----msg_sys@do_recvmmsg created at: [ 575.296197][T14321] do_recvmmsg+0xc5/0x1ee0 [ 575.300604][T14321] do_recvmmsg+0xc5/0x1ee0 05:28:37 executing program 0: [ 575.483374][T14341] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'. 05:28:37 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc008ae88, 0x0) 05:28:37 executing program 5: [ 575.574495][T14341] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:28:37 executing program 0: [ 576.998449][T14321] not chained 840000 origins [ 577.003083][T14321] CPU: 0 PID: 14321 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 577.011758][T14321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 577.021997][T14321] Call Trace: [ 577.025303][T14321] dump_stack+0x1df/0x240 [ 577.029652][T14321] kmsan_internal_chain_origin+0x6f/0x130 [ 577.035381][T14321] ? kmsan_get_metadata+0x4f/0x180 [ 577.040495][T14321] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 577.046397][T14321] ? __msan_poison_alloca+0xf0/0x120 [ 577.051696][T14321] ? kmsan_get_metadata+0x11d/0x180 [ 577.057001][T14321] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 577.062810][T14321] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 577.068965][T14321] ? kfree+0x61/0x30f0 [ 577.073041][T14321] ? kmsan_get_metadata+0x4f/0x180 [ 577.078156][T14321] ? kmsan_set_origin_checked+0x95/0xf0 [ 577.083881][T14321] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 577.089959][T14321] ? _copy_from_user+0x15b/0x260 [ 577.094914][T14321] ? kmsan_get_metadata+0x4f/0x180 [ 577.100028][T14321] __msan_chain_origin+0x50/0x90 [ 577.104973][T14321] do_recvmmsg+0x105a/0x1ee0 [ 577.109596][T14321] ? __msan_poison_alloca+0xf0/0x120 [ 577.114888][T14321] ? __se_sys_recvmmsg+0xac/0x350 [ 577.119910][T14321] ? __se_sys_recvmmsg+0xac/0x350 [ 577.125072][T14321] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 577.130977][T14321] __se_sys_recvmmsg+0x1d1/0x350 [ 577.135968][T14321] __x64_sys_recvmmsg+0x62/0x80 [ 577.140826][T14321] do_syscall_64+0xb0/0x150 [ 577.145334][T14321] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 577.151221][T14321] RIP: 0033:0x45c1d9 [ 577.155104][T14321] Code: Bad RIP value. [ 577.159164][T14321] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 577.167569][T14321] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 577.175607][T14321] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 577.183574][T14321] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 577.191761][T14321] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 577.199733][T14321] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 577.207897][T14321] Uninit was stored to memory at: [ 577.212926][T14321] kmsan_internal_chain_origin+0xad/0x130 [ 577.218641][T14321] __msan_chain_origin+0x50/0x90 [ 577.223575][T14321] do_recvmmsg+0x105a/0x1ee0 [ 577.228161][T14321] __se_sys_recvmmsg+0x1d1/0x350 [ 577.233096][T14321] __x64_sys_recvmmsg+0x62/0x80 [ 577.237943][T14321] do_syscall_64+0xb0/0x150 [ 577.242444][T14321] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 577.248331][T14321] [ 577.250662][T14321] Uninit was stored to memory at: [ 577.255695][T14321] kmsan_internal_chain_origin+0xad/0x130 [ 577.261412][T14321] __msan_chain_origin+0x50/0x90 [ 577.266348][T14321] do_recvmmsg+0x105a/0x1ee0 [ 577.270942][T14321] __se_sys_recvmmsg+0x1d1/0x350 [ 577.275882][T14321] __x64_sys_recvmmsg+0x62/0x80 [ 577.280737][T14321] do_syscall_64+0xb0/0x150 [ 577.285237][T14321] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 577.291116][T14321] [ 577.293437][T14321] Uninit was stored to memory at: [ 577.298477][T14321] kmsan_internal_chain_origin+0xad/0x130 [ 577.304225][T14321] __msan_chain_origin+0x50/0x90 [ 577.309156][T14321] do_recvmmsg+0x105a/0x1ee0 [ 577.313748][T14321] __se_sys_recvmmsg+0x1d1/0x350 [ 577.318683][T14321] __x64_sys_recvmmsg+0x62/0x80 [ 577.323573][T14321] do_syscall_64+0xb0/0x150 [ 577.328084][T14321] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 577.333967][T14321] [ 577.336292][T14321] Uninit was stored to memory at: [ 577.341318][T14321] kmsan_internal_chain_origin+0xad/0x130 [ 577.347122][T14321] __msan_chain_origin+0x50/0x90 [ 577.352233][T14321] do_recvmmsg+0x105a/0x1ee0 [ 577.356823][T14321] __se_sys_recvmmsg+0x1d1/0x350 [ 577.361759][T14321] __x64_sys_recvmmsg+0x62/0x80 [ 577.366792][T14321] do_syscall_64+0xb0/0x150 [ 577.371315][T14321] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 577.377202][T14321] [ 577.379530][T14321] Uninit was stored to memory at: [ 577.384569][T14321] kmsan_internal_chain_origin+0xad/0x130 [ 577.390291][T14321] __msan_chain_origin+0x50/0x90 [ 577.395236][T14321] do_recvmmsg+0x105a/0x1ee0 [ 577.399915][T14321] __se_sys_recvmmsg+0x1d1/0x350 [ 577.404859][T14321] __x64_sys_recvmmsg+0x62/0x80 [ 577.409710][T14321] do_syscall_64+0xb0/0x150 [ 577.414214][T14321] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 577.420095][T14321] [ 577.422420][T14321] Uninit was stored to memory at: [ 577.427554][T14321] kmsan_internal_chain_origin+0xad/0x130 [ 577.433363][T14321] __msan_chain_origin+0x50/0x90 [ 577.438299][T14321] do_recvmmsg+0x105a/0x1ee0 [ 577.442894][T14321] __se_sys_recvmmsg+0x1d1/0x350 [ 577.447832][T14321] __x64_sys_recvmmsg+0x62/0x80 [ 577.452774][T14321] do_syscall_64+0xb0/0x150 [ 577.457277][T14321] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 577.463178][T14321] [ 577.465495][T14321] Uninit was stored to memory at: [ 577.470515][T14321] kmsan_internal_chain_origin+0xad/0x130 [ 577.476335][T14321] __msan_chain_origin+0x50/0x90 [ 577.481269][T14321] do_recvmmsg+0x105a/0x1ee0 [ 577.485862][T14321] __se_sys_recvmmsg+0x1d1/0x350 [ 577.490826][T14321] __x64_sys_recvmmsg+0x62/0x80 [ 577.495681][T14321] do_syscall_64+0xb0/0x150 [ 577.500181][T14321] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 577.506065][T14321] [ 577.508386][T14321] Local variable ----msg_sys@do_recvmmsg created at: [ 577.515061][T14321] do_recvmmsg+0xc5/0x1ee0 [ 577.519543][T14321] do_recvmmsg+0xc5/0x1ee0 [ 577.748557][T14321] not chained 850000 origins [ 577.753280][T14321] CPU: 0 PID: 14321 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 577.761943][T14321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 577.771993][T14321] Call Trace: [ 577.775288][T14321] dump_stack+0x1df/0x240 [ 577.779626][T14321] kmsan_internal_chain_origin+0x6f/0x130 [ 577.785873][T14321] ? kmsan_get_metadata+0x4f/0x180 [ 577.790990][T14321] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 577.796885][T14321] ? __msan_poison_alloca+0xf0/0x120 [ 577.802172][T14321] ? kmsan_get_metadata+0x11d/0x180 [ 577.807376][T14321] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 577.813192][T14321] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 577.819261][T14321] ? kfree+0x61/0x30f0 [ 577.823340][T14321] ? kmsan_get_metadata+0x4f/0x180 [ 577.829159][T14321] ? kmsan_set_origin_checked+0x95/0xf0 [ 577.834721][T14321] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 577.840820][T14321] ? _copy_from_user+0x15b/0x260 [ 577.845773][T14321] ? kmsan_get_metadata+0x4f/0x180 [ 577.851006][T14321] __msan_chain_origin+0x50/0x90 [ 577.855956][T14321] do_recvmmsg+0x105a/0x1ee0 [ 577.860589][T14321] ? __msan_poison_alloca+0xf0/0x120 [ 577.865892][T14321] ? __se_sys_recvmmsg+0xac/0x350 [ 577.870921][T14321] ? __se_sys_recvmmsg+0xac/0x350 [ 577.875946][T14321] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 577.881848][T14321] __se_sys_recvmmsg+0x1d1/0x350 [ 577.886799][T14321] __x64_sys_recvmmsg+0x62/0x80 [ 577.891656][T14321] do_syscall_64+0xb0/0x150 [ 577.896283][T14321] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 577.902178][T14321] RIP: 0033:0x45c1d9 [ 577.906210][T14321] Code: Bad RIP value. [ 577.910283][T14321] RSP: 002b:00007f98b758ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 577.918706][T14321] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 577.926683][T14321] RDX: 0000000000008001 RSI: 0000000020000200 RDI: 0000000000000003 [ 577.934661][T14321] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 577.942640][T14321] R10: 0000000000000043 R11: 0000000000000246 R12: 000000000078bf0c [ 577.950613][T14321] R13: 0000000000c9fb6f R14: 00007f98b758f9c0 R15: 000000000078bf0c [ 577.958602][T14321] Uninit was stored to memory at: [ 577.963633][T14321] kmsan_internal_chain_origin+0xad/0x130 [ 577.969354][T14321] __msan_chain_origin+0x50/0x90 [ 577.974300][T14321] do_recvmmsg+0x105a/0x1ee0 [ 577.978975][T14321] __se_sys_recvmmsg+0x1d1/0x350 [ 577.983913][T14321] __x64_sys_recvmmsg+0x62/0x80 [ 577.988767][T14321] do_syscall_64+0xb0/0x150 [ 577.993271][T14321] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 577.999233][T14321] [ 578.001553][T14321] Uninit was stored to memory at: [ 578.006579][T14321] kmsan_internal_chain_origin+0xad/0x130 [ 578.012295][T14321] __msan_chain_origin+0x50/0x90 [ 578.017232][T14321] do_recvmmsg+0x105a/0x1ee0 [ 578.021817][T14321] __se_sys_recvmmsg+0x1d1/0x350 [ 578.026752][T14321] __x64_sys_recvmmsg+0x62/0x80 [ 578.031602][T14321] do_syscall_64+0xb0/0x150 [ 578.036104][T14321] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 578.041980][T14321] [ 578.044299][T14321] Uninit was stored to memory at: [ 578.049326][T14321] kmsan_internal_chain_origin+0xad/0x130 [ 578.055044][T14321] __msan_chain_origin+0x50/0x90 [ 578.061976][T14321] do_recvmmsg+0x105a/0x1ee0 [ 578.066570][T14321] __se_sys_recvmmsg+0x1d1/0x350 [ 578.071525][T14321] __x64_sys_recvmmsg+0x62/0x80 [ 578.076381][T14321] do_syscall_64+0xb0/0x150 [ 578.080890][T14321] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 578.086863][T14321] [ 578.089187][T14321] Uninit was stored to memory at: [ 578.094220][T14321] kmsan_internal_chain_origin+0xad/0x130 [ 578.099939][T14321] __msan_chain_origin+0x50/0x90 [ 578.105074][T14321] do_recvmmsg+0x105a/0x1ee0 [ 578.109671][T14321] __se_sys_recvmmsg+0x1d1/0x350 [ 578.114613][T14321] __x64_sys_recvmmsg+0x62/0x80 [ 578.119553][T14321] do_syscall_64+0xb0/0x150 [ 578.124235][T14321] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 578.130118][T14321] [ 578.132443][T14321] Uninit was stored to memory at: [ 578.137477][T14321] kmsan_internal_chain_origin+0xad/0x130 [ 578.143208][T14321] __msan_chain_origin+0x50/0x90 [ 578.148153][T14321] do_recvmmsg+0x105a/0x1ee0 [ 578.152778][T14321] __se_sys_recvmmsg+0x1d1/0x350 [ 578.157729][T14321] __x64_sys_recvmmsg+0x62/0x80 [ 578.162587][T14321] do_syscall_64+0xb0/0x150 [ 578.167404][T14321] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 578.173380][T14321] [ 578.175706][T14321] Uninit was stored to memory at: [ 578.180742][T14321] kmsan_internal_chain_origin+0xad/0x130 [ 578.186475][T14321] __msan_chain_origin+0x50/0x90 [ 578.191419][T14321] do_recvmmsg+0x105a/0x1ee0 [ 578.196016][T14321] __se_sys_recvmmsg+0x1d1/0x350 [ 578.200959][T14321] __x64_sys_recvmmsg+0x62/0x80 [ 578.205830][T14321] do_syscall_64+0xb0/0x150 [ 578.210335][T14321] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 578.216219][T14321] [ 578.218548][T14321] Uninit was stored to memory at: [ 578.223582][T14321] kmsan_internal_chain_origin+0xad/0x130 [ 578.229334][T14321] __msan_chain_origin+0x50/0x90 [ 578.234276][T14321] do_recvmmsg+0x105a/0x1ee0 [ 578.238872][T14321] __se_sys_recvmmsg+0x1d1/0x350 [ 578.243814][T14321] __x64_sys_recvmmsg+0x62/0x80 [ 578.248666][T14321] do_syscall_64+0xb0/0x150 [ 578.253167][T14321] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 578.259042][T14321] [ 578.261360][T14321] Local variable ----msg_sys@do_recvmmsg created at: [ 578.268033][T14321] do_recvmmsg+0xc5/0x1ee0 [ 578.272449][T14321] do_recvmmsg+0xc5/0x1ee0 05:28:40 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:28:40 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 05:28:40 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc008ae88, 0x0) 05:28:40 executing program 5: 05:28:40 executing program 0: 05:28:40 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:28:40 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) [ 578.538544][T14365] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 578.599831][T14377] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:28:40 executing program 5: 05:28:40 executing program 0: 05:28:40 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:28:40 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc008ae88, &(0x7f00000000c0)={0x0, 0x0, [0x175, 0x0, 0x3, 0x8, 0x639]}) 05:28:41 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:28:41 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0x0, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:28:41 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 05:28:41 executing program 5: 05:28:41 executing program 0: 05:28:41 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc008ae88, &(0x7f00000000c0)={0x0, 0x0, [0x175, 0x0, 0x3, 0x8, 0x639]}) [ 579.312673][T14407] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 579.386206][T14414] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:28:41 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0x0, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:28:41 executing program 0: 05:28:41 executing program 5: 05:28:41 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc008ae88, &(0x7f00000000c0)={0x0, 0x0, [0x175, 0x0, 0x3, 0x8, 0x639]}) 05:28:41 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 05:28:41 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0x0, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) [ 580.004960][T14438] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 580.067748][T14445] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:28:44 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:28:44 executing program 0: 05:28:44 executing program 5: 05:28:44 executing program 1: 05:28:44 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:28:44 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 582.178291][T14469] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 582.250075][T14476] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:28:44 executing program 5: 05:28:44 executing program 1: 05:28:44 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = dup2(r0, r0) sendmsg$inet_sctp(r1, &(0x7f0000001780)={&(0x7f0000000280)=@in6={0x1c, 0x1c, 0x3}, 0x1c, 0x0, 0x0, &(0x7f00000018c0)=ANY=[@ANYBLOB="1c000000840000000a000000000000000000000000000000000000012c00000084"], 0x8c}, 0x0) 05:28:44 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:28:44 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:28:44 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) r1 = dup2(r0, r0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0x101, &(0x7f0000000340), &(0x7f0000000180)=0x98) [ 582.845259][T14497] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 582.913863][T14503] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:28:47 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:28:47 executing program 5: r0 = socket$inet(0x2, 0x5, 0x0) r1 = socket$inet6_sctp(0x1c, 0x1, 0x84) dup2(r1, r0) 05:28:47 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:28:47 executing program 0: pipe2(&(0x7f0000000100)={0xffffffffffffffff}, 0x0) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) dup2(r1, r0) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x10, 0x2}, 0x10) 05:28:47 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:28:47 executing program 1: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0xf, &(0x7f0000000000), &(0x7f0000000040)=0xc) [ 585.402502][T14530] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 585.510509][T14538] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:28:47 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, 0x0) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080), 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:28:47 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) connect$inet(r0, &(0x7f0000000100)={0x2, 0x2}, 0x10) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0x100, &(0x7f0000000180), &(0x7f0000000040)=0xb0) 05:28:47 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) readv(r0, &(0x7f0000000700)=[{&(0x7f0000000380)=""/82, 0x52}], 0x1) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0xcf1c, 0x0, 0x0, 0x800e00551) r2 = socket$inet_udplite(0x2, 0x2, 0x88) readv(r2, &(0x7f0000000240)=[{&(0x7f0000000180)=""/44, 0x2c}], 0x1) r3 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r3, 0x0, 0x73a0b1b, 0x0, 0x0, 0x800e00549) shutdown(r2, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000480)=""/186, 0xba}, {0x0}], 0x2}, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r5, 0x0, 0xccf3, 0x0, 0x0, 0x800e00545) shutdown(r4, 0x0) read(r3, &(0x7f0000000000)=""/85, 0x55) shutdown(r5, 0x0) r6 = dup(r3) shutdown(r6, 0x0) 05:28:47 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) sendto(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=@in={0x10, 0x2}, 0x10) getsockname(r0, 0x0, &(0x7f0000000080)) 05:28:48 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:28:48 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, 0x0) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080), 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) [ 586.039217][T14565] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 586.080480][T14565] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:28:50 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:28:50 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect(r0, &(0x7f00000000c0)=@in={0x10, 0x2}, 0x10) 05:28:50 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = dup2(r0, r0) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x22, &(0x7f0000000040)={0xf}, 0xc) 05:28:50 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:28:50 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, 0x0) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080), 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:28:50 executing program 0: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) setsockopt$inet_sctp_SCTP_NODELAY(r0, 0x84, 0x4, &(0x7f0000000000), 0x4) [ 588.452385][T14594] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 588.534650][T14606] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:28:50 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:28:50 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) bind$inet(r0, &(0x7f0000000080)={0x10, 0x2}, 0x10) connect$inet(r0, &(0x7f0000000100)={0x10, 0x2}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x10, 0x2}, 0x10) 05:28:50 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:28:51 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:28:51 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:28:51 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000300)={0xffffffffffffff4f, 0x1c, 0x3}, 0x19) 05:28:51 executing program 5: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) getsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xe, &(0x7f0000000000), &(0x7f0000000040)=0x8) 05:28:51 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x2) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, 0x0, 0x0, 0x0) [ 589.037778][T14635] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 589.120683][T14643] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:28:51 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x2) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, 0x0, 0x0, 0x0) 05:28:51 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = fcntl$dupfd(r0, 0x0, r1) setsockopt$inet_sctp_SCTP_EVENTS(r2, 0x84, 0xc, &(0x7f0000000000), 0xb) 05:28:51 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:28:51 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x2) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, 0x0, 0x0, 0x0) 05:28:51 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000100)={0x1c, 0x1c, 0x2}, 0x1c) 05:28:51 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) r1 = dup2(r0, r0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0x101, &(0x7f0000000280), &(0x7f0000000180)=0x98) 05:28:51 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:28:51 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:28:51 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:28:51 executing program 0: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x23, &(0x7f0000000000), 0x8c) [ 589.797666][T14681] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 589.883728][T14688] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:28:52 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r0, 0x0, 0x22b41b9a8748b1b5, 0x0, 0x0, 0x800e00510) readv(r0, &(0x7f0000000000)=[{&(0x7f0000000200)=""/181, 0xf1}], 0x1) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, &(0x7f0000000600)=""/4096, 0x1000, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r2, 0x0, 0xfd1d, 0x0, 0x0, 0x800e00579) shutdown(r1, 0x0) shutdown(r2, 0x0) 05:28:52 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:28:52 executing program 1: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x9, &(0x7f0000000000), 0x4) 05:28:52 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00'}) sendmsg$can_raw(r1, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:28:52 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) r1 = dup2(r0, r0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x105, &(0x7f00000016c0)=ANY=[], &(0x7f0000001700)=0x8) r2 = socket$inet6_sctp(0x1c, 0x5, 0x84) r3 = dup2(r2, r2) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r1, 0x84, 0xf, &(0x7f0000000040), 0xc) 05:28:52 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:28:52 executing program 1: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) listen(r0, 0x0) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x18, &(0x7f0000000000), 0x4) 05:28:52 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) [ 590.473454][T14714] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 590.559259][T14722] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:28:52 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00'}) sendmsg$can_raw(r1, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:28:53 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) bind(r0, &(0x7f0000000000)=@in6={0x1c, 0x1c, 0x2}, 0x1c) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) bind(r1, &(0x7f0000000000)=@in6={0x1c, 0x1c, 0x2}, 0x1c) 05:28:53 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:28:53 executing program 0: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x22, &(0x7f0000000040), 0xc) [ 591.168058][T14750] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 591.229302][T14757] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:28:53 executing program 5: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x20, &(0x7f0000000000), &(0x7f0000000040)=0x4) 05:28:53 executing program 2: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:28:53 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00'}) sendmsg$can_raw(r1, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:28:53 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = fcntl$dupfd(r0, 0x0, r1) bind$inet(r2, &(0x7f0000000000)={0x10, 0x2}, 0x10) [ 591.460524][T14771] ptrace attach of "/root/syz-executor.2"[14770] was attempted by "/root/syz-executor.2"[14771] 05:28:53 executing program 2: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:28:53 executing program 1: r0 = socket$inet_sctp(0x2, 0x5, 0x84) bind$inet(r0, &(0x7f0000000080)={0x10, 0x2}, 0x10) connect$inet(0xffffffffffffffff, 0x0, 0x0) socket$inet6_sctp(0x1c, 0x0, 0x84) socket(0x1c, 0x1, 0x0) 05:28:53 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:28:53 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00'}) sendmsg$can_raw(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:28:53 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) readv(r0, &(0x7f0000000700)=[{&(0x7f0000000380)=""/82, 0x52}], 0x1) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0xcf1c, 0x0, 0x0, 0x800e00551) r2 = socket$inet_udplite(0x2, 0x2, 0x88) readv(r2, &(0x7f0000000240)=[{&(0x7f0000000180)=""/44, 0x2c}, {0x0}], 0x2) r3 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r3, 0x0, 0x73a0b1b, 0x0, 0x0, 0x800e00549) shutdown(r2, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000480)=""/186, 0xba}, {0x0}], 0x2}, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r5, 0x0, 0xccf3, 0x0, 0x0, 0x800e00545) shutdown(r4, 0x0) read(r3, &(0x7f0000000000)=""/85, 0x55) shutdown(r5, 0x0) r6 = dup(r3) shutdown(r6, 0x0) [ 591.766045][T14782] ptrace attach of "/root/syz-executor.2"[14780] was attempted by "/root/syz-executor.2"[14782] 05:28:53 executing program 2: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) [ 591.846077][T14788] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 591.961011][T14796] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 591.977217][T14788] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:28:54 executing program 0: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0x100, &(0x7f0000000000), &(0x7f00000000c0)=0xb8) [ 592.021082][T14806] ptrace attach of "/root/syz-executor.2"[14803] was attempted by "/root/syz-executor.2"[14806] 05:28:54 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:28:54 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) bind(r0, &(0x7f0000000140)=@in6={0x0, 0x1c}, 0x1c) connect$inet6(r0, &(0x7f0000000180)={0x1c, 0x1c, 0x2}, 0x1c) 05:28:54 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:28:54 executing program 0: r0 = msgget$private(0x0, 0x0) msgsnd(r0, &(0x7f00000008c0)=ANY=[@ANYRES32], 0x1, 0x2800) msgrcv(r0, &(0x7f0000000080)={0x0, ""/104}, 0x70, 0x1, 0x800) 05:28:54 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00'}) sendmsg$can_raw(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:28:54 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) [ 592.649704][T14837] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 592.701261][T14844] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. 05:28:54 executing program 1: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000), 0x8c) [ 592.773182][T14847] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:28:55 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) setsockopt$inet6_buf(r0, 0x29, 0x32, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) dup2(r1, r0) 05:28:55 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00'}) sendmsg$can_raw(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:28:55 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = dup2(r0, r0) sendmsg$inet_sctp(r1, &(0x7f0000001780)={&(0x7f0000000280)=@in6={0x1c, 0x1c, 0x3}, 0x1c, 0x0, 0x0, &(0x7f00000018c0)=ANY=[], 0x8c}, 0x0) 05:28:55 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:28:55 executing program 1: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f0000000000), &(0x7f00000000c0)=0xa0) 05:28:55 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:28:55 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00'}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080), 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:28:55 executing program 0: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x16, &(0x7f00000000c0)={0x0, 0x3}, 0x8) 05:28:55 executing program 1: r0 = socket$inet_sctp(0x2, 0x5, 0x84) bind(r0, &(0x7f0000000100)=@un=@file={0xa}, 0xa) 05:28:55 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:28:55 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:28:55 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) bind$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) 05:28:56 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00'}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080), 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:28:56 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) r1 = dup2(r0, r0) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x29, &(0x7f0000000040), 0x8) 05:28:56 executing program 1: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0xf, &(0x7f0000000000), 0xc) 05:28:56 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:28:56 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00'}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080), 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:28:56 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:28:56 executing program 5: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) sendto$inet(r0, &(0x7f00000000c0)="528ce1498238d615a41fc53968f7cabc8714f0be500f91", 0x17, 0x0, &(0x7f0000000100)={0x10, 0x2}, 0x10) socket$inet_udplite(0x2, 0x2, 0x88) 05:28:56 executing program 1: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x18, &(0x7f00000000c0), &(0x7f0000000100)=0x4) 05:28:56 executing program 0: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) sendmsg$inet_sctp(r0, &(0x7f00000001c0)={&(0x7f0000000080)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) 05:28:56 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:28:56 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, 0x0}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:28:57 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) readv(r0, &(0x7f0000000700)=[{&(0x7f0000000380)=""/82, 0x52}], 0x1) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0xcf1c, 0x0, 0x0, 0x800e00551) r2 = socket$inet_udplite(0x2, 0x2, 0x88) readv(r2, &(0x7f0000000240)=[{&(0x7f0000000180)=""/44, 0x2c}, {0x0}], 0x2) r3 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r3, 0x0, 0x73a0b1b, 0x0, 0x0, 0x800e00549) shutdown(r2, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000480)=""/186, 0xba}], 0x1}, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r5, 0x0, 0xccf3, 0x0, 0x0, 0x800e00545) shutdown(r4, 0x0) read(r3, &(0x7f0000000000)=""/85, 0x55) shutdown(r5, 0x0) r6 = dup(r3) shutdown(r6, 0x0) 05:28:57 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:28:57 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:28:57 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = dup2(r0, r0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0x101, &(0x7f0000000280), &(0x7f0000000180)=0x43) 05:28:57 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) sendto(r0, 0x0, 0x0, 0x0, &(0x7f0000000180)=@in6={0x1c, 0x1c}, 0x1c) 05:28:57 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, 0x0}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:28:57 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) bind$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) 05:28:57 executing program 1: r0 = socket(0x2, 0x1, 0x0) connect$unix(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="000200020f"], 0x10) sendto$unix(r0, &(0x7f0000000140)='X', 0x1, 0x98cffefbf143c925, &(0x7f0000000180)=@abs={0x8}, 0x8) 05:28:57 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:28:57 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, 0x0}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) [ 595.817450][T15000] __nla_validate_parse: 12 callbacks suppressed [ 595.817481][T15000] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 595.879658][T15008] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 595.947904][T15009] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:28:58 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0x1c, 0x1c}, 0x1c) r1 = dup2(r0, r0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) 05:28:58 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) connect$inet(r0, &(0x7f0000001280)={0x10, 0x2}, 0x10) 05:28:58 executing program 5: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x11, &(0x7f0000000000), 0x4) 05:29:00 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:29:00 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={0x0}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:29:00 executing program 0: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f00000003c0)=ANY=[@ANYBLOB="10024e22ffffffff00"/132, @ANYRES32, @ANYBLOB="0180000001"], 0xa0) 05:29:00 executing program 5: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f00000003c0)=ANY=[@ANYBLOB="10024e22ffffffff00"/127, @ANYRES32, @ANYBLOB="01800000010000000002"], 0xa0) 05:29:00 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) r1 = dup2(r0, r0) r2 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r2, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) r3 = dup2(r2, r2) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r1, 0x84, 0xf, &(0x7f0000000100), 0xc) 05:29:00 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 598.299459][T15040] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 598.363777][T15049] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 598.434848][T15052] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:00 executing program 0: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) getsockopt$inet_sctp_SCTP_HMAC_IDENT(r0, 0x84, 0x14, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)=0x10) 05:29:00 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={0x0}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:29:00 executing program 5: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x108, &(0x7f0000000080), &(0x7f00000000c0)=0x18) 05:29:00 executing program 1: r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = dup(r0) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x1203, &(0x7f0000000340), &(0x7f0000000380)=0x8) 05:29:01 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:29:01 executing program 0: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) setsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x2, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2, 0x7fff}, 0x14) [ 599.135051][T15073] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 599.180973][T15075] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 599.205734][T15073] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:03 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:29:03 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={0x0}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:29:03 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = dup2(r0, r0) r2 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r2, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) r3 = dup2(r2, r2) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x105, &(0x7f00000016c0)=ANY=[@ANYRES32=0x0], &(0x7f0000001700)=0x8) getsockopt$inet_sctp_SCTP_RTOINFO(r1, 0x84, 0x1, &(0x7f0000000040)={r4}, &(0x7f0000000080)=0x10) 05:29:03 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = dup2(r0, r0) bind$unix(r1, &(0x7f0000000040)=@file={0xa}, 0xa) 05:29:03 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = fcntl$dupfd(r0, 0x0, r1) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x15, &(0x7f00000000c0), &(0x7f0000000100)=0x8) 05:29:03 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 601.447447][T15101] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 601.499457][T15114] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 601.570834][T15117] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:03 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:29:03 executing program 0: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) setsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x901, &(0x7f0000000000), 0x8) 05:29:04 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = fcntl$dupfd(r0, 0x0, r1) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x21, &(0x7f0000000180), &(0x7f00000001c0)=0x10) 05:29:04 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) bind(r0, &(0x7f0000000000)=@in6={0x1c, 0x1c, 0x2}, 0x1c) connect$inet6(r0, &(0x7f0000000180)={0x1c, 0x1c, 0x2}, 0x1c) 05:29:04 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:29:04 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) [ 602.203235][T15143] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 602.271813][T15151] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 602.326292][T15153] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:06 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:29:06 executing program 0: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xb, &(0x7f0000000000), 0x20) 05:29:06 executing program 5: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x26, &(0x7f0000000000), &(0x7f0000000100)=0x8) 05:29:06 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) r1 = dup2(r0, r0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0x101, &(0x7f0000000280), &(0x7f0000000180)=0x98) 05:29:06 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x43, 0x0) 05:29:06 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 604.550281][T15178] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:06 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:29:06 executing program 0: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x900, &(0x7f0000000000), 0x8) [ 604.700300][T15183] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 604.734273][T15191] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:06 executing program 5: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f00000003c0)=ANY=[@ANYBLOB="10024e22ffffffff00"/128, @ANYRES32, @ANYBLOB="01800000010000000002"], 0xa0) 05:29:06 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, 0x0, 0x0, 0x43, 0x0) 05:29:07 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) connect$inet(r0, &(0x7f0000000100)={0x2, 0x2}, 0x10) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x103, &(0x7f0000000180)={0x0, 0x2, "fefd"}, &(0x7f0000000040)=0xa) 05:29:07 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x2}, 0x1c) r1 = dup2(r0, r0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x105, &(0x7f00000016c0)=ANY=[], &(0x7f0000001700)=0x8) 05:29:07 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, 0x0, 0x0, 0x43, 0x0) 05:29:07 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:29:07 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = fcntl$dupfd(r0, 0x0, r1) getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r2, 0x84, 0xd, &(0x7f0000000100), &(0x7f0000000180)=0x4) [ 605.343904][T15212] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:07 executing program 1: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) getsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x1a, &(0x7f0000000000), &(0x7f0000000040)=0x8) 05:29:07 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, 0x0, 0x0, 0x43, 0x0) 05:29:07 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) bind(r0, &(0x7f0000000000)=@in6={0x1c, 0x1c, 0x2}, 0x1c) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) bind(r1, &(0x7f0000000000)=@in6={0x1c, 0x1c, 0x2}, 0x1c) [ 606.292100][ T1] systemd[1]: Started Journal Service. 05:29:09 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:29:09 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:29:09 executing program 0: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r0, 0x84, 0x903, &(0x7f0000000300), 0x8) 05:29:09 executing program 1: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x901, &(0x7f0000000000), &(0x7f0000000040)=0x8) 05:29:09 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200), 0x0, 0x43, 0x0) 05:29:09 executing program 5: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) setsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xe, &(0x7f0000000080), 0x8) [ 607.907344][T15267] __nla_validate_parse: 2 callbacks suppressed [ 607.907375][T15267] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 607.961306][T15271] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 608.024905][T15274] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:10 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0x101, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)=0xa0) 05:29:10 executing program 1: r0 = socket$inet_sctp(0x2, 0x4000000000000005, 0x84) connect$inet(r0, &(0x7f0000001400)={0x10, 0x2}, 0x10) 05:29:10 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200), 0x0, 0x43, 0x0) 05:29:10 executing program 5: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x15, &(0x7f0000000240), 0x8) 05:29:10 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:29:10 executing program 1: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0xf, &(0x7f0000000000), 0xc) [ 608.496462][T15292] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 608.553138][T15297] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 608.587953][T15292] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:13 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:29:13 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200), 0x0, 0x43, 0x0) 05:29:13 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) r1 = dup2(r0, r0) r2 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r2, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) r3 = dup2(r2, r2) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r1, 0x84, 0xf, &(0x7f0000000100), 0xc) 05:29:13 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000340), 0x8c) 05:29:13 executing program 1: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x16, &(0x7f00000000c0), 0x8) 05:29:13 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 611.045328][T15314] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 611.120302][T15319] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:13 executing program 0: pipe2(&(0x7f0000000100)={0xffffffffffffffff}, 0x0) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) dup2(r1, r0) sendto$inet(r0, 0x0, 0x0, 0x184, &(0x7f0000000140)={0x10, 0x2}, 0x10) 05:29:13 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) r1 = dup2(r0, r0) r2 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r2, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) r3 = dup2(r2, r2) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) getsockopt$inet_sctp_SCTP_RTOINFO(r1, 0x84, 0x1, &(0x7f0000000040)={r4}, &(0x7f0000000080)=0x10) 05:29:13 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:29:13 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206, 0xce}}], 0x1, 0x43, 0x0) 05:29:13 executing program 5: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x22, &(0x7f0000000040), &(0x7f0000000140)=0xc) [ 611.636617][T15356] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 611.720846][T15366] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:13 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) r1 = dup2(r0, r0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x15, &(0x7f0000000040)={r2, 0x228}, 0x8) 05:29:16 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:29:16 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000040)={0x1c, 0x1c, 0x3}, 0x1c) r1 = dup2(r0, r0) listen(r1, 0x0) 05:29:16 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206, 0xce}}], 0x1, 0x43, 0x0) 05:29:16 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x2}, 0x1c) sendmsg(r0, &(0x7f00000007c0)={&(0x7f0000000180)=@in6={0x1c, 0x1c}, 0x1c, &(0x7f0000000640)=[{&(0x7f00000001c0)="14", 0x1}], 0x1, &(0x7f00000006c0)=[{0x10}], 0x10}, 0x0) 05:29:16 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:29:16 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) setsockopt$inet6_IPV6_RTHDR(r1, 0x29, 0x33, &(0x7f00000003c0)=ANY=[], 0x88) dup2(r0, r1) [ 614.266431][T15395] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 614.369085][T15411] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:16 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206, 0xce}}], 0x1, 0x43, 0x0) 05:29:16 executing program 1: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r0, 0x84, 0x12, &(0x7f00000000c0), 0x1) 05:29:16 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) sendmsg(r0, &(0x7f00000006c0)={&(0x7f0000000000)=@in6={0x1c, 0x1c, 0x2}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000000080)="e5", 0x1}], 0x1, &(0x7f0000000440)=[{0x10}, {0x10}], 0x20}, 0x0) 05:29:16 executing program 5: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) setsockopt$sock_int(r0, 0xffff, 0x8, &(0x7f0000000080), 0x4) 05:29:16 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:29:17 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x80, 0x0, 0x0, &(0x7f0000000300)=""/206, 0xce}}], 0x1, 0x43, 0x0) [ 615.025975][T15439] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 615.082554][T15445] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 615.137034][T15448] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:19 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:29:19 executing program 5: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) setsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xc, &(0x7f0000000140), 0x4) 05:29:19 executing program 1: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0x101, &(0x7f0000000200), &(0x7f0000000140)=0x98) 05:29:19 executing program 0: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x15, &(0x7f0000000240)={0x0, 0x7}, 0x8) 05:29:19 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x80, 0x0, 0x0, &(0x7f0000000300)=""/206, 0xce}}], 0x1, 0x43, 0x0) 05:29:19 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 617.455227][T15472] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:19 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) r1 = dup2(r0, r0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x15, &(0x7f0000000040)={r2}, 0x8) [ 617.536353][T15473] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 617.572717][T15478] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:19 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x80, 0x0, 0x0, &(0x7f0000000300)=""/206, 0xce}}], 0x1, 0x43, 0x0) 05:29:19 executing program 5: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x1202, &(0x7f0000000180), &(0x7f0000000140)=0x8) 05:29:19 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect(r0, &(0x7f0000000000)=@un=@abs={0x8}, 0x8) 05:29:20 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x80, &(0x7f0000000280)}}], 0x1, 0x43, 0x0) 05:29:20 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 618.097945][T15501] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 618.126819][T15501] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:22 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:29:22 executing program 5: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x8, &(0x7f0000000000), &(0x7f0000000040)=0x4) 05:29:22 executing program 0: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x26, &(0x7f0000000080), 0x8) 05:29:22 executing program 1: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) dup2(r1, r0) 05:29:22 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:29:22 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x80, &(0x7f0000000280)}}], 0x1, 0x43, 0x0) 05:29:22 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000080)={0x1c, 0x1c}, 0x1c) [ 620.500531][T15528] __nla_validate_parse: 1 callbacks suppressed [ 620.500563][T15528] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 620.571128][T15536] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:22 executing program 0: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) setsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x2, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x14) 05:29:22 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x80, &(0x7f0000000280)}}], 0x1, 0x43, 0x0) 05:29:22 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000300)={0xffffffffffffff4f, 0x1c, 0x3}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) 05:29:23 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:29:23 executing program 5: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f00000003c0)=ANY=[@ANYBLOB="10024e22ffffffff00"/135, @ANYRES32, @ANYBLOB="0180"], 0xa0) [ 621.065307][T15560] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 621.156356][T15565] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 622.416356][ T0] NOHZ: local_softirq_pending 08 05:29:25 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:29:25 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) getsockname$inet6(r0, 0x0, &(0x7f0000000100)) 05:29:25 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x0, 0x0) 05:29:25 executing program 5: r0 = socket$inet(0xa, 0x801, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000040)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c, &(0x7f0000000140)=[{&(0x7f0000000180)='#', 0x1}], 0x1, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000008400000000000000000000000000000020"], 0x38}, 0x0) 05:29:25 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x2, 0x3, 0x2f8, 0x188, 0x188, 0x0, 0x188, 0x0, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], 0x0, 0x120, 0x188, 0x0, {}, [@common=@unspec=@limit={{0x48, 'limit\x00'}, {0x0, 0x1}}, @common=@unspec=@physdev={{0x68, 'physdev\x00'}, {'bridge_slave_1\x00', {}, 'ip6erspan0\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}, {{@ip={@broadcast, @multicast1, 0x0, 0x0, 'hsr0\x00', 'geneve1\x00'}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x358) 05:29:25 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 623.580164][T15585] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 623.662273][T15597] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:25 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f00000002c0)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x2, 0x0, @rand_addr=0x8}, 0x10) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp1\x00', 0x10002, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x10, 0xffffffffffffffff, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 05:29:26 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f00000003c0)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108) 05:29:26 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:29:26 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000000)="290000002000190f41f4cbace7f9a7df020000006ce80001dd0000040d000d00ea1100000005000000", 0x29}], 0x1) 05:29:26 executing program 1: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x3) [ 624.073848][T15615] netlink: 'syz-executor.0': attribute type 13 has an invalid length. 05:29:26 executing program 5: [ 624.152693][T15617] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 624.226094][T15622] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 624.345816][T15624] netlink: 'syz-executor.0': attribute type 13 has an invalid length. 05:29:28 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:29:28 executing program 5: 05:29:28 executing program 1: 05:29:28 executing program 0: 05:29:28 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:29:28 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x0, 0x0) 05:29:28 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-aes-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f00000027c0)=[{0x0, 0x0, &(0x7f0000001380)=[{&(0x7f0000000080)="e146f20fe951cc571e8b98e660edeb2bae13cec4769efb", 0x17}, {&(0x7f00000000c0)="71a98c2bf388da2ccfee73d41f36370b3253e885e1db400e695b253069bb87ef67fa3e0b127e2e134a875389892287c0eb961ec161eec340c57f58fd337f302e4091276b51ade6e2c677dfe3905c4e91b2a9b41820ec84679cadb2f0ab046837ef8a96ee2fd40054cb717197251b171b73b8685fe19d4bcbc51010236566e9535bf1bbd6", 0x84}, {&(0x7f0000000180)="68d8a3a895cf1f009878ac7d8f7d2a150409fac147d611074c9e783fd6e0598b385858d8f7d92b61cc2b2ef84b29fd25032a7126d775b3c2b01d233279494740968b5d4205c1b1ffa5a345fd9767ad9607e910d2bcd658c0e5b6ed3958aad9f82159c5463722b8423c4ca84da3e2661186a2c5e5edcd259d7481cf47324791b2cf0889d201cfaf7977963feb8a97cd472bdb70f233ebee4a843c284ff52657220f3013d5df57d1f475dd4b7a9957237e2147af6618f3ef5df779c70af9a6f9b8f7e8ed00d7", 0xc5}, {&(0x7f0000000280)="62bbb28a867eaf4168629b174bde278628c0b40aa15a5afa2418dacb1182beb02f6910b4c96dd9cecf3ec030ad57b41f", 0x30}], 0x4, &(0x7f0000001400)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000040)={0x0, 0xfffffffffffffefb, &(0x7f000000b600)=[{&(0x7f0000002e80)=""/167, 0x190}], 0x1}, 0x0) [ 626.824404][T15647] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 626.940760][T15650] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:29 executing program 1: r0 = syz_open_dev$dri(&(0x7f00000001c0)='/dev/dri/card#\x00', 0x1, 0x0) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000000)={0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "0000001c00000000000000000000000000003f0000000080000000000400"}}) 05:29:29 executing program 5: 05:29:29 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:29:29 executing program 5: 05:29:29 executing program 1: [ 627.443860][T15676] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 627.506160][T15676] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:31 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e5", 0x7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:29:31 executing program 0: 05:29:31 executing program 5: 05:29:31 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f00000016c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$packet(0x11, 0xa, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000180), 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000300)=""/206}}], 0x8001, 0x0, 0x0) 05:29:31 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:29:31 executing program 1: [ 629.970321][T15705] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:32 executing program 0: [ 630.044515][T15710] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:32 executing program 5: 05:29:32 executing program 1: 05:29:32 executing program 0: 05:29:32 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:29:32 executing program 1: [ 630.587950][T15723] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 630.658679][T15723] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 632.016288][ T0] NOHZ: local_softirq_pending 08 05:29:35 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e5", 0x7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:29:35 executing program 5: 05:29:35 executing program 0: 05:29:35 executing program 1: 05:29:35 executing program 4: 05:29:35 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:29:35 executing program 0: [ 633.032813][T15741] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 633.095046][T15750] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:35 executing program 4: 05:29:35 executing program 5: 05:29:35 executing program 1: 05:29:35 executing program 0: 05:29:35 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 633.601609][T15765] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 633.651108][T15770] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 633.673510][T15765] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:38 executing program 4: 05:29:38 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e5", 0x7}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:29:38 executing program 5: 05:29:38 executing program 1: 05:29:38 executing program 0: 05:29:38 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:29:38 executing program 4: [ 636.261191][T15788] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 636.311464][T15794] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:38 executing program 0: [ 636.361176][T15788] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:38 executing program 1: 05:29:38 executing program 5: 05:29:38 executing program 4: 05:29:38 executing program 0: 05:29:38 executing program 1: 05:29:41 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed", 0xb}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:29:41 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:29:41 executing program 5: 05:29:41 executing program 4: 05:29:41 executing program 1: 05:29:41 executing program 0: [ 639.385257][T15819] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 639.437992][T15828] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:41 executing program 1: 05:29:41 executing program 5: [ 639.501717][T15828] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:41 executing program 4: 05:29:41 executing program 0: 05:29:41 executing program 1: 05:29:41 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 639.965129][T15845] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 640.019848][T15850] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 640.049704][T15845] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:44 executing program 4: 05:29:44 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:29:44 executing program 1: 05:29:44 executing program 5: 05:29:44 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed", 0xb}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:29:44 executing program 0: [ 642.598798][T15866] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 642.654714][T15874] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:44 executing program 1: 05:29:44 executing program 5: [ 642.707683][T15866] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:44 executing program 0: 05:29:44 executing program 4: 05:29:45 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:29:45 executing program 5: 05:29:45 executing program 1: [ 643.180861][T15891] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:47 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed", 0xb}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:29:47 executing program 0: 05:29:47 executing program 4: 05:29:47 executing program 5: 05:29:47 executing program 1: 05:29:47 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000500", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 645.754326][T15913] __nla_validate_parse: 2 callbacks suppressed [ 645.754357][T15913] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 645.838940][T15920] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:48 executing program 1: [ 645.894107][T15913] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:48 executing program 0: 05:29:48 executing program 4: 05:29:48 executing program 5: 05:29:48 executing program 0: 05:29:48 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000500", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 646.364885][T15937] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 646.426946][T15942] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 646.465419][T15937] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:51 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32", 0xd}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:29:51 executing program 4: 05:29:51 executing program 1: 05:29:51 executing program 5: 05:29:51 executing program 0: 05:29:51 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000500", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 648.978620][T15959] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 649.067089][T15967] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 649.109171][T15959] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:51 executing program 0: 05:29:51 executing program 1: 05:29:51 executing program 5: 05:29:51 executing program 4: 05:29:51 executing program 0: 05:29:51 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32", 0xd}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:29:51 executing program 5: 05:29:51 executing program 1: 05:29:51 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a300050000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:29:51 executing program 4: 05:29:51 executing program 0: 05:29:51 executing program 5: 05:29:51 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32", 0xd}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) [ 649.773987][T15988] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:52 executing program 1: 05:29:52 executing program 4: 05:29:52 executing program 0: 05:29:52 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a300050000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:29:52 executing program 5: 05:29:52 executing program 1: 05:29:52 executing program 4: 05:29:52 executing program 0: 05:29:52 executing program 5: 05:29:52 executing program 1: 05:29:52 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a300050000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 650.774220][T16027] __nla_validate_parse: 5 callbacks suppressed [ 650.774252][T16027] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 650.809898][T16027] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 650.831503][T16027] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 652.491244][ T0] NOHZ: local_softirq_pending 08 05:29:55 executing program 0: 05:29:55 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 05:29:55 executing program 4: 05:29:55 executing program 5: 05:29:55 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:29:55 executing program 1: 05:29:55 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) [ 653.083127][T16047] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:55 executing program 4: [ 653.186625][T16054] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:55 executing program 5: 05:29:55 executing program 1: 05:29:55 executing program 0: 05:29:55 executing program 4: 05:29:55 executing program 5: 05:29:55 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 05:29:55 executing program 1: 05:29:55 executing program 0: [ 653.633017][T16071] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:55 executing program 4: [ 653.723980][T16075] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:55 executing program 5: 05:29:58 executing program 0: 05:29:58 executing program 1: 05:29:58 executing program 5: 05:29:58 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:29:58 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 05:29:58 executing program 4: [ 656.308934][T16097] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 656.378441][T16105] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:29:58 executing program 4: 05:29:58 executing program 0: 05:29:58 executing program 1: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x50}}, 0x0) r0 = socket(0x10, 0x8000000000000003, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB='d\x00\x00\x00(\x009\r\x00'/20, @ANYRES32, @ANYBLOB="0009ffffe0ffffff0000000008000100627066003800020034000100300000000a00010070c2ba2e32f2b59ce51b838837"], 0x64}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001b00)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmmsg(r0, &(0x7f0000000000), 0x40000000000024a, 0x0) 05:29:58 executing program 5: 05:29:58 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:29:58 executing program 4: 05:29:59 executing program 5: [ 656.839217][T16123] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 656.905034][T16128] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:01 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:30:01 executing program 0: 05:30:01 executing program 1: 05:30:01 executing program 4: 05:30:01 executing program 5: 05:30:01 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 659.524948][T16148] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:01 executing program 4: [ 659.595121][T16149] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:01 executing program 5: 05:30:01 executing program 1: 05:30:01 executing program 0: 05:30:02 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:30:02 executing program 4: [ 660.101871][T16169] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 660.158694][T16174] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:04 executing program 5: 05:30:04 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:30:04 executing program 1: 05:30:04 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:30:04 executing program 0: 05:30:04 executing program 4: 05:30:04 executing program 1: [ 662.724115][T16192] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:04 executing program 4: [ 662.845919][T16198] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:05 executing program 0: 05:30:05 executing program 5: 05:30:05 executing program 1: 05:30:05 executing program 4: 05:30:05 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 663.369178][T16216] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 663.416041][T16216] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:07 executing program 5: r0 = socket(0x2, 0x5, 0x0) connect(r0, &(0x7f00000000c0)=@in6={0x1c, 0x1c, 0x2}, 0x1c) 05:30:07 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:30:07 executing program 0: 05:30:07 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:30:07 executing program 1: pipe2(&(0x7f0000000100)={0xffffffffffffffff}, 0x0) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) dup2(r1, r0) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x15, &(0x7f0000000000), 0x8) 05:30:07 executing program 4: pipe2(&(0x7f0000000100)={0xffffffffffffffff}, 0x0) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) dup2(r1, r0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x7, &(0x7f0000000000), &(0x7f0000000080)=0x80) [ 665.834605][T16238] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 665.955898][T16250] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:08 executing program 0: r0 = socket(0x2, 0x5, 0x0) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r1, &(0x7f0000000000)={0x1c, 0x1c, 0x2}, 0x1c) r2 = dup2(r1, r1) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x21, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r3}, &(0x7f00000000c0)=0x10) 05:30:08 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) setsockopt$inet_sctp_SCTP_ASSOCINFO(r2, 0x84, 0x2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1ff}, 0x14) 05:30:08 executing program 1: pipe2(&(0x7f0000000100)={0xffffffffffffffff}, 0x0) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) dup2(r1, r0) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x29, &(0x7f0000000000), &(0x7f0000000040)=0x8) 05:30:08 executing program 4: r0 = socket(0x2, 0x5, 0x0) r1 = dup(r0) recvmsg(r1, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=""/194, 0xc2}, 0xc3) 05:30:08 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:30:08 executing program 0: r0 = socket(0x2, 0x5, 0x0) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r1, &(0x7f0000000000)={0x1c, 0x1c, 0x2}, 0x1c) r2 = dup2(r1, r1) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x21, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r3}, &(0x7f00000000c0)=0x10) 05:30:08 executing program 5: r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f0000000040)={0x10, 0x2}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x10, 0x2}, 0x10) [ 666.616402][T16281] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 666.684574][T16288] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:11 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:30:11 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = dup2(r0, r0) setsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x2, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x9}, 0x14) 05:30:11 executing program 4: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = dup2(r0, r0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x105, &(0x7f00000016c0), &(0x7f0000000080)=0x4) 05:30:11 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x26, &(0x7f0000000200), &(0x7f0000000240)=0x8) 05:30:11 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:30:11 executing program 5: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_int(r0, 0x0, 0x0, 0x0, 0x0) [ 669.055137][T16316] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 669.119171][T16323] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:11 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = dup2(r0, r0) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x10, &(0x7f0000000080), 0x4) 05:30:11 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = dup2(r0, r0) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x10, &(0x7f0000000000)=0x7, 0x4) 05:30:11 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000100)={0x1c, 0x1c, 0x3}, 0x1c) 05:30:11 executing program 4: r0 = socket(0x2, 0x5, 0x0) bind$inet(r0, &(0x7f0000000040)={0x10, 0x2}, 0x10) 05:30:11 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 669.559126][T16353] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 669.642194][T16364] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:11 executing program 1: pipe2(&(0x7f0000000100)={0xffffffffffffffff}, 0x0) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) dup2(r1, r0) r2 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r2, &(0x7f0000000000)={0x1c, 0x1c, 0x2}, 0x1c) r3 = dup2(r2, r2) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x108, &(0x7f0000000000)={r4}, &(0x7f00000000c0)=0x18) 05:30:14 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:30:14 executing program 0: pipe2(&(0x7f0000000100)={0xffffffffffffffff}, 0x0) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) dup2(r1, r0) setsockopt$inet_sctp_SCTP_NODELAY(r0, 0x84, 0x4, &(0x7f0000000000), 0x4) 05:30:14 executing program 5: 05:30:14 executing program 4: r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10) listen(r0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r2, &(0x7f0000000040), 0x10) sendfile(r2, r1, 0x0, 0x8003) 05:30:14 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:30:14 executing program 1: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x11, &(0x7f0000000280), &(0x7f00000002c0)=0x4) [ 672.313405][T16397] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 672.407111][T16405] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:14 executing program 1: syz_emit_ethernet(0x34a, &(0x7f0000000540)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd60c49aeb031411ff20010000000000000000000000000002fe"], 0x0) 05:30:14 executing program 4: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) setsockopt$inet_sctp_SCTP_RECVNXTINFO(r2, 0x84, 0x20, &(0x7f0000000000), 0xfe49) 05:30:14 executing program 0: pipe2(&(0x7f0000000100)={0xffffffffffffffff}, 0x0) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) dup2(r1, r0) setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r0, 0x84, 0x12, &(0x7f0000000000), 0x1) 05:30:14 executing program 5: r0 = socket$inet_sctp(0x2, 0x1, 0x84) read(r0, &(0x7f0000000380)=""/4096, 0x1000) 05:30:14 executing program 1: r0 = socket$inet6_udp(0x1c, 0x2, 0x0) sendto(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)=@in6={0x1c, 0x1c, 0x3}, 0x1c) 05:30:14 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 673.306446][T16437] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 673.365833][T16444] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:17 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:30:17 executing program 5: r0 = socket(0x2, 0x5, 0x0) getsockopt$inet_sctp_SCTP_HMAC_IDENT(r0, 0x84, 0x14, &(0x7f0000000040), &(0x7f0000000080)=0x4) 05:30:17 executing program 4: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = dup2(r0, r0) setsockopt$inet_sctp_SCTP_MAXSEG(r1, 0x84, 0xe, &(0x7f0000000000), 0x8) 05:30:17 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = dup2(r0, r0) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xb, &(0x7f0000000000), &(0x7f0000000040)=0x20) 05:30:17 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) sendto(r0, &(0x7f0000000100)="0e", 0x1, 0x0, &(0x7f0000000180)=@in6={0x1c, 0x1c, 0x3}, 0x1c) 05:30:17 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 675.413468][T16459] sctp: [Deprecated]: syz-executor.5 (pid 16459) Use of int in max_burst socket option. [ 675.413468][T16459] Use struct sctp_assoc_value instead [ 675.451120][T16465] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 675.535289][T16476] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:17 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x23, &(0x7f0000000240)=ANY=[], 0x88) 05:30:17 executing program 1: r0 = socket(0x2, 0x5, 0x0) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0x100, &(0x7f0000000140), &(0x7f0000000200)=0xb8) 05:30:17 executing program 5: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_AUTH_KEY(r0, 0x84, 0x13, &(0x7f0000000000)=ANY=[@ANYRES32, @ANYBLOB="2000c0"], 0xc8) 05:30:18 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0xf, &(0x7f0000000140), 0xc) 05:30:18 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:30:18 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f0000000040)={0x10, 0x2}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x10, 0x2}, 0x10) sendmsg$inet_sctp(r0, &(0x7f0000002680)={0x0, 0x0, &(0x7f0000002300)=[{&(0x7f0000001100)='\n', 0x1}], 0x1}, 0x0) [ 676.127078][T16497] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 676.194711][T16497] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:20 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:30:20 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = socket$inet6_sctp(0x1c, 0x5, 0x84) dup2(r1, r2) 05:30:20 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) bind(r0, &(0x7f00000000c0)=@in={0x0, 0x2}, 0x8) 05:30:20 executing program 0: pipe2(&(0x7f0000000100)={0xffffffffffffffff}, 0x0) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) dup2(r1, r0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x901, &(0x7f0000000000), &(0x7f0000000040)=0x8) 05:30:20 executing program 4: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) bind(r0, &(0x7f0000000000)=@in6={0x1c, 0x1c, 0x2}, 0x1c) connect$inet6(r0, &(0x7f0000000180)={0x1c, 0x1c, 0x2}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0x1c, 0x1c, 0x2}, 0x1c) 05:30:20 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 678.514137][T16521] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:20 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) [ 678.649856][T16542] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:20 executing program 5: r0 = socket(0x2, 0x5, 0x0) getsockopt$inet_sctp_SCTP_HMAC_IDENT(r0, 0x84, 0x14, &(0x7f0000000040)={0x2, [0x0, 0x0]}, &(0x7f0000000080)=0x8) 05:30:21 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:30:21 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = dup2(r0, r0) r2 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r2, &(0x7f0000000000)={0x1c, 0x1c, 0x2}, 0x1c) r3 = dup2(r2, r2) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp_SCTP_MAXSEG(r1, 0x84, 0xe, &(0x7f0000000000), 0x8) 05:30:21 executing program 4: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) bind(r0, &(0x7f0000000100)=@in6={0x1c, 0x1c, 0x2}, 0x1c) 05:30:21 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f0000000040)={0x10, 0x2}, 0x10) 05:30:21 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:30:21 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:30:21 executing program 5: r0 = socket(0x2, 0x10000001, 0x84) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x7, &(0x7f0000000000), 0xd076) 05:30:21 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) [ 679.318325][T16583] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:21 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) getsockname$inet6(r0, 0x0, &(0x7f00000000c0)) 05:30:21 executing program 4: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f0000000140)={0x0, @in, 0x6}, 0xa0) [ 679.395891][T16591] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:21 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:30:21 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) sendto(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)=@un=@abs={0x8}, 0x8) 05:30:21 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:30:21 executing program 5: r0 = socket(0x2, 0x5, 0x0) setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x8, &(0x7f0000000000), 0x4) 05:30:21 executing program 4: r0 = socket$inet_sctp(0x2, 0x5, 0x84) connect$inet(r0, &(0x7f0000000000)={0x10, 0x2}, 0x10) 05:30:22 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000000)={0x8565edab3a8b398e, 0x1c, 0x3}, 0x1c) 05:30:22 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) [ 679.954392][T16621] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 680.043565][T16629] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:22 executing program 1: pipe2(&(0x7f0000000100)={0xffffffffffffffff}, 0x0) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) dup2(r1, r0) r2 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r2, &(0x7f0000000000)={0x1c, 0x1c, 0x2}, 0x1c) r3 = dup2(r2, r2) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x15, &(0x7f0000000000)={r4}, 0x8) 05:30:22 executing program 5: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) setsockopt$inet_sctp_SCTP_ASSOCINFO(r2, 0x84, 0x2, &(0x7f0000000000), 0x14) 05:30:22 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) connect(r0, &(0x7f00000001c0)=@un=@file={0xa}, 0xa) 05:30:22 executing program 4: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = dup2(r0, r0) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x10, &(0x7f0000000000), 0x4) 05:30:22 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:30:22 executing program 5: 05:30:22 executing program 1: 05:30:22 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0x101, &(0x7f0000000140), &(0x7f0000000000)=0xa0) [ 680.781890][T16672] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 680.833414][T16679] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:23 executing program 4: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c}, 0x1c) 05:30:23 executing program 5: r0 = socket(0x2, 0x5, 0x0) getsockname(r0, 0x0, &(0x7f0000000040)) 05:30:23 executing program 1: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) getsockopt$inet6_int(r0, 0x29, 0x27, 0x0, &(0x7f0000000200)) 05:30:25 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:30:25 executing program 0: 05:30:25 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:30:25 executing program 5: 05:30:25 executing program 4: 05:30:25 executing program 1: [ 683.284376][T16712] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:25 executing program 0: 05:30:25 executing program 1: 05:30:25 executing program 4: [ 683.383800][T16715] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:25 executing program 5: 05:30:25 executing program 1: 05:30:25 executing program 4: 05:30:28 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:30:28 executing program 0: 05:30:28 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:30:28 executing program 5: 05:30:28 executing program 4: 05:30:28 executing program 1: [ 686.405807][T16745] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 686.483501][T16752] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:28 executing program 5: 05:30:28 executing program 0: 05:30:28 executing program 1: 05:30:28 executing program 4: 05:30:28 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:30:28 executing program 5: [ 686.958452][T16766] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 687.042868][T16769] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:31 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:30:31 executing program 1: 05:30:31 executing program 0: 05:30:31 executing program 4: 05:30:31 executing program 5: 05:30:31 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 689.487728][T16790] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:31 executing program 0: [ 689.587058][T16794] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:31 executing program 4: 05:30:31 executing program 1: 05:30:31 executing program 5: 05:30:31 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:30:32 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}}, 0x24}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:30:32 executing program 0: 05:30:32 executing program 4: 05:30:32 executing program 1: 05:30:32 executing program 5: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_RECVRCVINFO(r0, 0x84, 0x1f, &(0x7f0000000000), &(0x7f00000000c0)=0x4) [ 690.242190][T16817] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:32 executing program 0: [ 690.316940][T16823] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:32 executing program 1: 05:30:32 executing program 4: 05:30:32 executing program 5: 05:30:32 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}}, 0x24}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:30:32 executing program 0: [ 691.005742][T16837] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 691.087664][T16842] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:35 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:30:35 executing program 5: 05:30:35 executing program 1: 05:30:35 executing program 4: 05:30:35 executing program 0: 05:30:35 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}}, 0x24}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:30:35 executing program 4: [ 693.195954][T16861] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 693.292625][T16866] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:35 executing program 0: 05:30:35 executing program 1: 05:30:35 executing program 5: 05:30:35 executing program 4: 05:30:35 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x30, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0x4}}]}, 0x30}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 693.817548][T16881] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 693.853986][T16881] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:38 executing program 4: 05:30:38 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x30, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0x4}}]}, 0x30}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:30:38 executing program 1: 05:30:38 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:30:38 executing program 5: 05:30:38 executing program 0: [ 696.303908][T16903] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:38 executing program 4: [ 696.394642][T16908] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:38 executing program 5: 05:30:38 executing program 0: 05:30:38 executing program 1: 05:30:38 executing program 4: 05:30:38 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x30, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0x4}}]}, 0x30}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 696.977524][T16924] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 697.043251][T16924] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:41 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:30:41 executing program 5: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.net/syz0\x00', 0x200002, 0x0) clone(0x2900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, 0x0) r0 = perf_event_open(&(0x7f0000000500)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1608}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x42000) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000580)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf67000000000000150600000fff07003506000043fe0000070600000ee60000bf050000000000001f650000000000006507000002000000460700004c0000000f75000000000000bf5400000000000007040000f0fff8ffad430100000000009500000000000000050000000000000095000000000000001c0a7900009d3c2792432a4fa650c512aee994a56462712cb064ecce5e7a9ce0a575a4f7952cb768637e60bd5d2e4b5992de991371274fdf535e001022e25659a7c85615c1b88bc894123cfe2314e887efecdcb7381ef4932cb0dcebea6d90e9c1677fbefd35893d883a2c559b7a34db461b1974af360eace66cec40d92706d0cc5bf6fec345ae9606c3c1a348f9b395592c1018e5e4b41b13000c94df1f2db24c67d4c7ba9ec035883e27b1a9e9dff3e8bfc7d1be00f1a0820102b19000000000000000009095601e3a3412086dee84efd375f0645f3301f55d3b9efdfbed9b430bcf04060000bdff1c8bcfc0c229874bc3d2418bab997c8bef9aa55841caa572ddff9220c67c9e17bee524c3dc747445763ecb0a7c2cd12bc34b0fc0271124cf9e4e2d23f7062351edf77c71294bbfd85878726c49eb89085967722da6cb884d1afe82f7f722e38397b96271700241094d272dd8b754b2dd36d44f9299c8fd1a7817450bc7921dd372e621dd447b86e7ffd1bdc198deb495cac0995ca3ef6c1affb693ae366b0f11db6ee4830db4713e5ce6cac6a27e29f171b8e9f172c3db24558d77b8bf18be45c50b3fc005fa7b134dfc948f6015e0389d7f34cb9c02cf517c8ed7a9b6159c1446101c2ccff2bde95aa860ed9b836d6b8fcab7663d9bd8415e6f90fdb007b8f3e078e3a638c4fdb8562eb85173720c1df1147c9f5013c82fc98604bd70cd56609a6b73943748a90002d9cf81bcb1d262845762f6b0a2840f7b25895cc3ba8bf0b5e0fc018463d03a73fa85429725545128b0e9b550a13d0dd35092250b7d00a6c8cf314fa8d37932055bb6bce4f618cad2375a34c7f15c3096f31e6aa6887864f62760ae35214552982bba84d92b1280251330dde4cf97b7cc6b2349e4f7a576c931941f787327fceb5091d9e347056003f7303d210fccd2efe6cda25b5aacc36db66ff83afbd40b15d569244dbfed73ab9ef37705f9d2734801899e248e1a7155e2ccfca30db4ac54080fce52263e3953a6f8560f8599df272602ca901b58a9e2dbf16dd0322d0bb3ceb1b0a002090c09ab606e91ad9d88e7205464594add8691b62d55127cd891b8abf038753c0aa220cdce78b9346adbd72b293e66ef1a04905935d7adb2bf9fb3c6f145472c58dbc8dbd8d0cde99df707000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x1f1}, 0x48) exit(0x20000000) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) keyctl$assume_authority(0x10, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) sendmsg$ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140), 0xc, 0x0, 0x1, 0x0, 0x0, 0x4008800}, 0x0) syz_genetlink_get_family_id$nl80211(0x0) syz_emit_ethernet(0x5e, &(0x7f0000000080)={@local, @random="7af1b08e24f7", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "03ce02", 0x28, 0x2c, 0x0, @local, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @loopback, @loopback}}}}}}, 0x0) 05:30:41 executing program 1: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) connect$unix(r0, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000240)=0x79, 0x4) writev(r0, &(0x7f0000001380)=[{&(0x7f0000000000)="d2", 0x1}], 0x1) recvmmsg(r0, &(0x7f0000000300), 0x40000000000049e, 0x1000000000fe, 0x0) 05:30:41 executing program 0: perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBENT(r0, 0x4b47, &(0x7f0000000080)={0x0, 0xff}) 05:30:41 executing program 4: syz_emit_ethernet(0x76, &(0x7f00000000c0)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x88, 0x0, @private, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0) 05:30:41 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 699.514951][T16954] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 699.573668][T16946] not chained 860000 origins [ 699.578577][T16946] CPU: 1 PID: 16946 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 699.587818][T16946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 699.598054][T16946] Call Trace: [ 699.601611][T16946] dump_stack+0x1df/0x240 [ 699.605974][T16946] kmsan_internal_chain_origin+0x6f/0x130 [ 699.612084][T16946] ? kmsan_get_metadata+0x4f/0x180 [ 699.617226][T16946] ? kmsan_internal_check_memory+0xb1/0x3d0 [ 699.623155][T16946] ? __msan_poison_alloca+0xf0/0x120 [ 699.628786][T16946] ? kmsan_get_metadata+0x11d/0x180 [ 699.634109][T16946] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 699.639927][T16946] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 699.646116][T16946] ? kfree+0x61/0x30f0 [ 699.650292][T16946] ? kmsan_get_metadata+0x4f/0x180 [ 699.655601][T16946] ? kmsan_set_origin_checked+0x95/0xf0 [ 699.661379][T16946] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 699.668033][T16946] ? _copy_from_user+0x15b/0x260 [ 699.673180][T16946] ? kmsan_get_metadata+0x4f/0x180 [ 699.678702][T16946] __msan_chain_origin+0x50/0x90 [ 699.683931][T16946] do_recvmmsg+0x105a/0x1ee0 [ 699.688572][T16946] ? __msan_poison_alloca+0xf0/0x120 [ 699.694481][T16946] ? __se_sys_recvmmsg+0xac/0x350 [ 699.699903][T16946] ? __se_sys_recvmmsg+0xac/0x350 [ 699.705119][T16946] ? __prepare_exit_to_usermode+0x16c/0x4d0 [ 699.711025][T16946] __se_sys_recvmmsg+0x1d1/0x350 [ 699.715983][T16946] __x64_sys_recvmmsg+0x62/0x80 [ 699.721193][T16946] do_syscall_64+0xb0/0x150 [ 699.725892][T16946] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 699.731790][T16946] RIP: 0033:0x45c1d9 [ 699.735679][T16946] Code: Bad RIP value. [ 699.739833][T16946] RSP: 002b:00007fe55972ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 699.748589][T16946] RAX: ffffffffffffffda RBX: 0000000000024b40 RCX: 000000000045c1d9 [ 699.756756][T16946] RDX: 040000000000049e RSI: 0000000020000300 RDI: 0000000000000003 [ 699.764735][T16946] RBP: 000000000078bf50 R08: 0000000000000000 R09: 0000000000000000 [ 699.773047][T16946] R10: 00001000000000fe R11: 0000000000000246 R12: 000000000078bf0c [ 699.781211][T16946] R13: 0000000000c9fb6f R14: 00007fe55972b9c0 R15: 000000000078bf0c [ 699.789302][T16946] Uninit was stored to memory at: [ 699.794511][T16946] kmsan_internal_chain_origin+0xad/0x130 [ 699.800415][T16946] __msan_chain_origin+0x50/0x90 [ 699.805476][T16946] do_recvmmsg+0x105a/0x1ee0 [ 699.810119][T16946] __se_sys_recvmmsg+0x1d1/0x350 [ 699.815143][T16946] __x64_sys_recvmmsg+0x62/0x80 [ 699.819996][T16946] do_syscall_64+0xb0/0x150 [ 699.824661][T16946] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 699.830547][T16946] [ 699.832874][T16946] Uninit was stored to memory at: [ 699.837897][T16946] kmsan_internal_chain_origin+0xad/0x130 [ 699.843705][T16946] __msan_chain_origin+0x50/0x90 [ 699.849018][T16946] do_recvmmsg+0x105a/0x1ee0 [ 699.853617][T16946] __se_sys_recvmmsg+0x1d1/0x350 [ 699.859367][T16946] __x64_sys_recvmmsg+0x62/0x80 [ 699.864479][T16946] do_syscall_64+0xb0/0x150 [ 699.868987][T16946] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 699.875503][T16946] [ 699.877838][T16946] Uninit was stored to memory at: [ 699.883157][T16946] kmsan_internal_chain_origin+0xad/0x130 [ 699.889540][T16946] __msan_chain_origin+0x50/0x90 [ 699.894581][T16946] do_recvmmsg+0x105a/0x1ee0 [ 699.899318][T16946] __se_sys_recvmmsg+0x1d1/0x350 [ 699.904349][T16946] __x64_sys_recvmmsg+0x62/0x80 [ 699.909709][T16946] do_syscall_64+0xb0/0x150 [ 699.914843][T16946] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 699.921487][T16946] [ 699.923902][T16946] Uninit was stored to memory at: [ 699.929181][T16946] kmsan_internal_chain_origin+0xad/0x130 [ 699.934935][T16946] __msan_chain_origin+0x50/0x90 [ 699.941552][T16946] do_recvmmsg+0x105a/0x1ee0 [ 699.946803][T16946] __se_sys_recvmmsg+0x1d1/0x350 [ 699.951834][T16946] __x64_sys_recvmmsg+0x62/0x80 [ 699.956691][T16946] do_syscall_64+0xb0/0x150 [ 699.961453][T16946] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 699.968421][T16946] [ 699.971190][T16946] Uninit was stored to memory at: [ 699.976391][T16946] kmsan_internal_chain_origin+0xad/0x130 [ 699.982462][T16946] __msan_chain_origin+0x50/0x90 [ 699.987566][T16946] do_recvmmsg+0x105a/0x1ee0 [ 699.992247][T16946] __se_sys_recvmmsg+0x1d1/0x350 [ 699.998181][T16946] __x64_sys_recvmmsg+0x62/0x80 [ 700.003973][T16946] do_syscall_64+0xb0/0x150 [ 700.008486][T16946] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 700.014793][T16946] [ 700.017543][T16946] Uninit was stored to memory at: [ 700.023562][T16946] kmsan_internal_chain_origin+0xad/0x130 [ 700.029466][T16946] __msan_chain_origin+0x50/0x90 [ 700.034548][T16946] do_recvmmsg+0x105a/0x1ee0 [ 700.039230][T16946] __se_sys_recvmmsg+0x1d1/0x350 [ 700.044247][T16946] __x64_sys_recvmmsg+0x62/0x80 [ 700.049409][T16946] do_syscall_64+0xb0/0x150 [ 700.054015][T16946] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 700.060150][T16946] [ 700.062487][T16946] Uninit was stored to memory at: [ 700.067606][T16946] kmsan_internal_chain_origin+0xad/0x130 [ 700.073330][T16946] __msan_chain_origin+0x50/0x90 [ 700.078446][T16946] do_recvmmsg+0x105a/0x1ee0 [ 700.083279][T16946] __se_sys_recvmmsg+0x1d1/0x350 [ 700.088393][T16946] __x64_sys_recvmmsg+0x62/0x80 [ 700.094048][T16946] do_syscall_64+0xb0/0x150 [ 700.098590][T16946] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 700.104774][T16946] [ 700.107161][T16946] Local variable ----msg_sys@do_recvmmsg created at: [ 700.114320][T16946] do_recvmmsg+0xc5/0x1ee0 [ 700.118999][T16946] do_recvmmsg+0xc5/0x1ee0 05:30:42 executing program 5: perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10ffff) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001f000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000280)="3e650f0d8c4c070f20c06635000001000f22c02e0f00100f143dba4100edba2100b001eeba4300b80f00ef0fc732b8bf0f8ee866b86e0000000f23c00f21f86635020006000f23f8", 0x48}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(0xffffffffffffffff, 0x4010ae74, &(0x7f0000000100)={0x0, 0x80000000, 0x1}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000140)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xa0071, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$TCGETX(0xffffffffffffffff, 0x5432, 0x0) pipe(&(0x7f00000000c0)) pipe(&(0x7f0000000300)) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) 05:30:42 executing program 0: sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000}, 0xc, 0x0}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000000080)=0xc) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 700.155749][T16970] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:42 executing program 4: r0 = socket(0x10, 0x803, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x8922, &(0x7f0000000000)={'ip6gre0\x00', 0x0}) [ 700.449028][T16981] kvm [16980]: vcpu0, guest rIP: 0x145 Hyper-V unhandled rdmsr: 0x40000040 05:30:42 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 700.538775][T16981] kvm [16980]: vcpu0, guest rIP: 0x145 Hyper-V unhandled rdmsr: 0x40000058 [ 700.623885][T16981] kvm [16980]: vcpu0, guest rIP: 0x145 Hyper-V unhandled rdmsr: 0x40000069 05:30:42 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4040ae9e, &(0x7f0000000380)={"01a0e43f7b78288aceb27138251f841b2d07bad22dfa6d0ff0476f0cc9d0d4bba90d43ab66415cbacba7de89ca203a4bb4e1509f20db041424110214e7b5602621e6e0a1e04e6e8a9f44d22945b5e002f9f3c9ff397c588841bf161c3b634808905a8615a1cf2c451dac143266bb4558a1b4e2a44321b1cdeb4f4670b0e90711569c5f1ad6265ae9d8bfe7bf01efccd4a2df8beb0699b7513bb2c933328e92e63cb0ab62948e5aba142509ed8dedde95b1735dbf671bd50ddce94236dc828b992c905c413a159573de26894c1b9e927e6142fb23731c9522cc0c15797534c69e6292f9bbc77a6d97ee1d8ef4f07de17ece7304414ded690e20b1d092c30399b86f878f60294aa6bd72c634b7dfb68b52638608bb4ef448f9a7470cfeddc06eecee84d105220ddcb5e5faa8b0c7a392ed99aa70994d596713e4efd5316d80f4008863de66476823c440a98901273ef33614bf6e719ea0053d86024c16fdd4a2e997601112114f1a397485a379a1a48576f990b10c0f862aeb19105fad5376adffa0aba70120e9f329ba61388eeb0f711bb7b558c4c8f598688bd9889d44423eb8495f772638f8b3f0828c81221b558f758136bd6ee4b0a0ba42cb6fb5626f80a7ffe263b72b8867a4a25c0a2b6db21b442ae52b710e0024e62267d30a1662d6089221d72fea9d76b4ebe4be663c71f04d872a9c7db18c99a67f736647e2691570e9cd4f8e96a88e542194fb84255e71a90deee6cc21b2d8286274d7b4224575f9aedc5b676b15e7cbf595c71857f95f97966de0bb7e58c84358e7746e9cd0d0a3a0afb779c8af814b67fe35d0a4fabf698fbe1033da70786d9963efaad98b6cf5d7f8feeae9c62bd4eff83b713681f0cff051333e0c7f5e0b80e4916d49755f2f833d3b184d6c40f693f89929cd8dc162e0f14ac8dd24fd183abd7620444c36920197563912368037ad5e02ce52254437ac125eb1a39080f5b099a8bd85645e1fd0074b5e3d10f5be6757fdd570a7c7215ce287a6d9dc5552f3e8cdbb1475c472e18900029768eafda60a27d5f9e33679e81e0dddc9a2efb166b418f1f5cf582cfe338c310b0b46adcc8961f335c1fec7e3468cb7aa6bb66b3e64cbd706b1f89e3a6a2f20e2b625b74eecc0f353b5c4d73ba900ce830038b4d70a0f3d4d1e98c1298f28a736ebefb661e6db64eb7e4f9f17a5f1046632bda2fd3890f8d33eb22ff11e1f397e802dea33cd1bce6165ddd07cdfb44ddf31c0d21cfbf61832a56edf54c256564be934440629955910dc63f8d9f4d78872b47f25e5682a06aac18e49c5bf57923000e83ec2c4be9e5f38824a517009f5d918730739fa74ffa2f50edb98bd257000bdcaf57a541349620bda57af82135be568fc0ecec604514c1da768cc03e4a790cc0510b42c77b9ca86907b27394ec8f72fd175d72ea76c17379c7f"}) [ 700.724548][T16981] kvm [16980]: vcpu0, guest rIP: 0x145 Hyper-V unhandled rdmsr: 0x40000064 [ 700.795170][T16992] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 700.845782][T16981] kvm [16980]: vcpu0, guest rIP: 0x145 Hyper-V unhandled rdmsr: 0x40000086 [ 700.856942][T17000] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 700.904378][T16981] kvm [16980]: vcpu0, guest rIP: 0x145 Hyper-V unhandled rdmsr: 0x4000003a 05:30:43 executing program 4: r0 = socket$inet6(0xa, 0x401000000001, 0x0) close(r0) syz_open_procfs(0x0, &(0x7f00000002c0)='comm\x00') r1 = open(&(0x7f0000000400)='./bus\x00', 0x1145042, 0x0) fcntl$notify(0xffffffffffffffff, 0x402, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x208200) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffa) 05:30:44 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:30:44 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x4000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = getpid() perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x1, 0x7, 0xbc, 0x1f, 0x0, 0x7, 0x600, 0xe, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x3, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x9, 0x0, @perf_bp={&(0x7f0000000040), 0x5}, 0x66b80, 0x7, 0xffffffff, 0x7, 0x401, 0x9, 0x400}, r2, 0x8, r1, 0x9) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet6(0xa, 0x2, 0x0) dup2(r3, r4) r5 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r4, r5, &(0x7f0000000040)=0x101f00, 0x8001) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x800008, 0x10, r1, 0x39bbf000) perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x7, 0xe1, 0x0, 0x1, 0x0, 0xe5, 0x1201, 0x9, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x2, @perf_config_ext={0x401, 0x3f}, 0x1, 0x4520, 0x4, 0x3, 0x4, 0x1ff, 0xfff9}, r2, 0x1, r5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) getpeername$packet(r7, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xa) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000240)={@empty, @ipv4={[0x0, 0x0, 0x8], [], @multicast1}, @initdev={0xfe, 0x88, [0x0, 0xfc, 0x0, 0x2, 0x2, 0x0, 0x7, 0x7, 0x0, 0x0, 0xfc], 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24c20082, r8}) 05:30:44 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x4000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = getpid() perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x1, 0x7, 0xbc, 0x1f, 0x0, 0x7, 0x600, 0xe, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x3, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x9, 0x0, @perf_bp={&(0x7f0000000040), 0x5}, 0x66b80, 0x7, 0xffffffff, 0x7, 0x401, 0x9, 0x400}, r2, 0x8, r1, 0x9) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet6(0xa, 0x2, 0x0) dup2(r3, r4) r5 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r4, r5, &(0x7f0000000040)=0x101f00, 0x8001) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x800008, 0x10, r1, 0x39bbf000) perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x7, 0xe1, 0x0, 0x1, 0x0, 0xe5, 0x1201, 0x9, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x2, @perf_config_ext={0x401, 0x3f}, 0x1, 0x4520, 0x4, 0x3, 0x4, 0x1ff, 0xfff9}, r2, 0x1, r5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) getpeername$packet(r7, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xa) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000240)={@empty, @ipv4={[0x0, 0x0, 0x8], [], @multicast1}, @initdev={0xfe, 0x88, [0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x7, 0x7, 0x0, 0x8], 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24c20082, r8}) 05:30:44 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:30:44 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000440)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x6) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000200)='reno\x00', 0x5) sendmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000300)="f685a288c84ec47e44864a1ae8659eb07e2f", 0x12}, {&(0x7f0000000140)="cfd063443cdc8585517304d96a713e7fb6273277543dd8cc3f1f2506e70e28180a2d2cf93495d7ef3a25d4b8a05b98a627ae8e98ed6f0fa2c78dd9ce1b9ef81f7c9274c78b728e5032c69cf8ebe9d42dd43d2f19d09e91a71f81c3b192d96cc627241b95ec8fbb6c71f603e0d07fcb5a6e07585208dd2ac721d2fdab2c29411f66ec7cca1e1760a2d6ca8af4ec79cae5c78430ea32a266856c8260e4de581475abdd2153aa8fea34789320ee2514903088dfd546a136d4", 0xb7}], 0x2}}], 0x1, 0x0) sendto$inet(r0, &(0x7f00000012c0)='\f', 0x1, 0x11, 0x0, 0x0) 05:30:44 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/vlan/config\x00') r1 = socket$vsock_stream(0x28, 0x1, 0x0) sendfile(r1, r0, &(0x7f0000000040)=0x80008, 0x8) [ 702.114580][T17032] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 702.179389][T17032] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:44 executing program 5: r0 = getpid() ioctl$VFIO_CHECK_EXTENSION(0xffffffffffffffff, 0x3b65, 0x0) sched_setscheduler(r0, 0x5, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 05:30:44 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:30:44 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4008ae8a, &(0x7f0000000380)={"01a0e43f7b78288aceb27138251f841b2d07bad22dfa6d0ff0476f0cc9d0d4bba90d43ab66415cbacba7de89ca203a4bb4e1509f20db041424110214e7b5602621e6e0a1e04e6e8a9f44d22945b5e002f9f3c9ff397c588841bf161c3b634808905a8615a1cf2c451dac143266bb4558a1b4e2a44321b1cdeb4f4670b0e90711569c5f1ad6265ae9d8bfe7bf01efccd4a2df8beb0699b7513bb2c933328e92e63cb0ab62948e5aba142509ed8dedde95b1735dbf671bd50ddce94236dc828b992c905c413a159573de26894c1b9e927e6142fb23731c9522cc0c15797534c69e6292f9bbc77a6d97ee1d8ef4f07de17ece7304414ded690e20b1d092c30399b86f878f60294aa6bd72c634b7dfb68b52638608bb4ef448f9a7470cfeddc06eecee84d105220ddcb5e5faa8b0c7a392ed99aa70994d596713e4efd5316d80f4008863de66476823c440a98901273ef33614bf6e719ea0053d86024c16fdd4a2e997601112114f1a397485a379a1a48576f990b10c0f862aeb19105fad5376adffa0aba70120e9f329ba61388eeb0f711bb7b558c4c8f598688bd9889d44423eb8495f772638f8b3f0828c81221b558f758136bd6ee4b0a0ba42cb6fb5626f80a7ffe263b72b8867a4a25c0a2b6db21b442ae52b710e0024e62267d30a1662d6089221d72fea9d76b4ebe4be663c71f04d872a9c7db18c99a67f736647e2691570e9cd4f8e96a88e542194fb84255e71a90deee6cc21b2d8286274d7b4224575f9aedc5b676b15e7cbf595c71857f95f97966de0bb7e58c84358e7746e9cd0d0a3a0afb779c8af814b67fe35d0a4fabf698fbe1033da70786d9963efaad98b6cf5d7f8feeae9c62bd4eff83b713681f0cff051333e0c7f5e0b80e4916d49755f2f833d3b184d6c40f693f89929cd8dc162e0f14ac8dd24fd183abd7620444c36920197563912368037ad5e02ce52254437ac125eb1a39080f5b099a8bd85645e1fd0074b5e3d10f5be6757fdd570a7c7215ce287a6d9dc5552f3e8cdbb1475c472e18900029768eafda60a27d5f9e33679e81e0dddc9a2efb166b418f1f5cf582cfe338c310b0b46adcc8961f335c1fec7e3468cb7aa6bb66b3e64cbd706b1f89e3a6a2f20e2b625b74eecc0f353b5c4d73ba900ce830038b4d70a0f3d4d1e98c1298f28a736ebefb661e6db64eb7e4f9f17a5f1046632bda2fd3890f8d33eb22ff11e1f397e802dea33cd1bce6165ddd07cdfb44ddf31c0d21cfbf61832a56edf54c256564be934440629955910dc63f8d9f4d78872b47f25e5682a06aac18e49c5bf57923000e83ec2c4be9e5f38824a517009f5d918730739fa74ffa2f50edb98bd257000bdcaf57a541349620bda57af82135be568fc0ecec604514c1da768cc03e4a790cc0510b42c77b9ca86907b27394ec8f72fd175d72ea76c17379c7f"}) 05:30:44 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_trie\x00') sendfile(r0, r1, &(0x7f0000000040)=0x101f00, 0x8001) 05:30:44 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000440)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x6) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000200)='reno\x00', 0x5) sendmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000300)="f685a288c84ec47e44864a1ae8659eb07e2f", 0x12}, {&(0x7f0000000140)="cfd063443cdc8585517304d96a713e7fb6273277543dd8cc3f1f2506e70e28180a2d2cf93495d7ef3a25d4b8a05b98a627ae8e98ed6f0fa2c78dd9ce1b9ef81f7c9274c78b728e5032c69cf8ebe9d42dd43d2f19d09e91a71f81c3b192d96cc627241b95ec8fbb6c71f603e0d07fcb5a6e07585208dd2ac721d2fdab2c29411f66ec7cca1e1760a2d6ca8af4ec79cae5c78430ea32a266856c8260e4de581475abdd2153aa8fea34789320ee2514903088dfd546a136d4", 0xb7}], 0x2}}], 0x1, 0x0) sendto$inet(r0, &(0x7f00000012c0)='\f', 0x1, 0x11, 0x0, 0x0) [ 702.834384][T17068] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 702.912539][T17080] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:45 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000440)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x6) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000200)='reno\x00', 0x5) sendmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000300)="f685a288c84ec47e44864a1ae8659eb07e2f", 0x12}, {&(0x7f0000000140)="cfd063443cdc8585517304d96a713e7fb6273277543dd8cc3f1f2506e70e28180a2d2cf93495d7ef3a25d4b8a05b98a627ae8e98ed6f0fa2c78dd9ce1b9ef81f7c9274c78b728e5032c69cf8ebe9d42dd43d2f19d09e91a71f81c3b192d96cc627241b95ec8fbb6c71f603e0d07fcb5a6e07585208dd2ac721d2fdab2c29411f66ec7cca1e1760a2d6ca8af4ec79cae5c78430ea32a266856c8260e4de581475abdd2153aa8fea34789320ee2514903088dfd546a136d4", 0xb7}], 0x2}}], 0x1, 0x0) sendto$inet(r0, &(0x7f00000012c0)='\f', 0x1, 0x11, 0x0, 0x0) [ 704.338749][ T0] NOHZ: local_softirq_pending 08 05:30:47 executing program 0: r0 = socket(0x10, 0x803, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETPRL(r0, 0x89f4, &(0x7f0000000140)={'sit0\x00', &(0x7f00000002c0)={'ip6_vti0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @empty}}) 05:30:47 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:30:47 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:30:47 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x4000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = getpid() perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x1, 0x7, 0xbc, 0x1f, 0x0, 0x7, 0x600, 0xe, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x3, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x9, 0x0, @perf_bp={&(0x7f0000000040), 0x5}, 0x66b80, 0x7, 0xffffffff, 0x7, 0x401, 0x9, 0x400}, r2, 0x8, r1, 0x9) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet6(0xa, 0x2, 0x0) dup2(r3, r4) r5 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r4, r5, &(0x7f0000000040)=0x101f00, 0x8001) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x800008, 0x10, r1, 0x39bbf000) perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x7, 0xe1, 0x0, 0x1, 0x0, 0xe5, 0x1201, 0x9, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x2, @perf_config_ext={0x401, 0x3f}, 0x1, 0x4520, 0x4, 0x3, 0x4, 0x1ff, 0xfff9}, r2, 0x1, r5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) getpeername$packet(r7, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xa) ioctl$sock_inet6_SIOCADDRT(r0, 0x890c, &(0x7f0000000240)={@empty, @ipv4={[0x0, 0x0, 0x8], [], @multicast1}, @initdev={0xfe, 0x88, [0x0, 0x0, 0xb, 0x2, 0x2, 0x0, 0x7], 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24c20082, r8}) 05:30:47 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000440)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x6) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000200)='reno\x00', 0x5) sendmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000300)="f685a288c84ec47e44864a1ae8659eb07e2f", 0x12}, {&(0x7f0000000140)="cfd063443cdc8585517304d96a713e7fb6273277543dd8cc3f1f2506e70e28180a2d2cf93495d7ef3a25d4b8a05b98a627ae8e98ed6f0fa2c78dd9ce1b9ef81f7c9274c78b728e5032c69cf8ebe9d42dd43d2f19d09e91a71f81c3b192d96cc627241b95ec8fbb6c71f603e0d07fcb5a6e07585208dd2ac721d2fdab2c29411f66ec7cca1e1760a2d6ca8af4ec79cae5c78430ea32a266856c8260e4de581475abdd2153aa8fea34789320ee2514903088dfd546a136d4", 0xb7}], 0x2}}], 0x1, 0x0) sendto$inet(r0, &(0x7f00000012c0)='\f', 0x1, 0x11, 0x0, 0x0) 05:30:47 executing program 5: syz_open_procfs(0x0, 0x0) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10) listen(0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) sendmsg$IPSET_CMD_HEADER(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0xc, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000040), 0x10) sendfile(r1, r0, 0x0, 0x8003) [ 705.057207][T17105] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 705.133740][T17116] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:47 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000440)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x6) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000200)='reno\x00', 0x5) sendto$inet(r0, &(0x7f00000012c0)='\f', 0x1, 0x11, 0x0, 0x0) 05:30:47 executing program 0: ptrace(0x10, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000600)=ANY=[@ANYBLOB="b702000006000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000000ef2d30ed9e9ae396fcc43020ed7dbc3b7c3fd06c3aed8a89b7085bd01433b0360341925d090efe0d2369c59c71aad05c6d0fe532bfa0abfab9686ba2050c64ef17096431429b00c92d1c105cab83a91537753b06f81a7a2ced6159b8161e81fbe6e51068017de70b90825cdc4dae5c5c807bd49093fb976ec196e2b721e03ae0105bedab2ec3328435ed198f80b82c02d9974adee7743c3924534a1ce29c10751eed6d9c5aeea67b4750af60eff7e99bf4f4f51aafa96b4cb76cc03b49d172cf77ae0cc07331e4e09bdf16e7865ec2bcff59f24a97e1fc2d7d91a591947d04e5c3d43f6a1c7d6b88ea19ce81fd3609ee714a1155a58d7652f03d6f12b9d2ffd9b1ea7e860f35856ad54c182c773174e31f613b179b9c2fa209dce42d02aad101f217eb332b44083b18b4844ec26135ffceb563529aed06a9c0015d1d84c096eb9ea4d1a572f110d0c8a85cddfc07c24dd107d86982feec979db5209c7256d7827820f5c8b17f19b5b2d118c406b4e8368b2d29eb98a00f100e7b196360be847201c080000007f81459fbb22a4964c98812047248cf6802788b2b3f4bf6cf42e276476332d96c63d290ee4e59bde664c5becf971e9214f6bce3513789a7e75ce51bf797e106c76ca85abdbec1c0eaa5659238b14c5c23146321c6b604d4ce89ce87fcf8b647de74241c116f6ae2ec5ad87c8f31a4a4bf60341198ebcdb9c20c3b68ebf7d856eea12e0545c5f545e8814d2f6b0206713649947fa4059e040e1f2fc59df8dcad8abfbe08952b6eaeef47e17065c3000341fa87d695c6c9b058372b554b3ec77248a7846fee2266f30ac7d200f0fe23651b053d17c36827c894b80912af524ece4a7d8df41050f35a9f48b6dd350a5953b0a0d5d5b4242288f1f96fcc2ea8ad68903925492565b85abf9952355d9a228092c8064903852af9c606bbfbccc4ba50ad3c1121b27af5b9b4421efe029c56ed54a312adb9653a490bdd2b44e38a12235d7eb6adfd6f2e7e8539fcae286fdd106f925450e131d0dd7323cda7af3ada8767d530ac53080d5a44f1dada62c4e49c9978f01800000044352f0bd92180d1e2838ca165fdddf6136babab1d4aa2af869432f97e18c1d000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x18000000000002e0, 0xe, 0x80000, &(0x7f0000000280)="b95b03b700030005439e40f088a8", 0x0, 0x1a4, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0}, 0x40) 05:30:47 executing program 5: openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) clone(0x2900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = perf_event_open(&(0x7f0000000500)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1608}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x42000) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000580)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf67000000000000150600000fff07003506000043fe0000070600000ee60000bf050000000000001f650000000000006507000002000000460700004c0000000f75000000000000bf5400000000000007040000f0fff8ffad430100000000009500000000000000050000000000000095000000000000001c0a7900009d3c2792432a4fa650c512aee994a56462712cb064ecce5e7a9ce0a575a4f7952cb768637e60bd5d2e4b5992de991371274fdf535e001022e25659a7c85615c1b88bc894123cfe2314e887efecdcb7381ef4932cb0dcebea6d90e9c1677fbefd35893d883a2c559b7a34db461b1974af360eace66cec40d92706d0cc5bf6fec345ae9606c3c1a348f9b395592c1018e5e4b41b13000c94df1f2db24c67d4c7ba9ec035883e27b1a9e9dff3e8bfc7d1be00f1a0820102b19000000000000000009095601e3a3412086dee84efd375f0645f3301f55d3b9efdfbed9b430bcf04060000bdff1c8bcfc0c229874bc3d2418bab997c8bef9aa55841caa572ddff9220c67c9e17bee524c3dc747445763ecb0a7c2cd12bc34b0fc0271124cf9e4e2d23f7062351edf77c71294bbfd85878726c49eb89085967722da6cb884d1afe82f7f722e38397b96271700241094d272dd8b754b2dd36d44f9299c8fd1a7817450bc7921dd372e621dd447b86e7ffd1bdc198deb495cac0995ca3ef6c1affb693ae366b0f11db6ee4830db4713e5ce6cac6a27e29f171b8e9f172c3db24558d77b8bf18be45c50b3fc005fa7b134dfc948f6015e0389d7f34cb9c02cf517c8ed7a9b6159c1446101c2ccff2bde95aa860ed9b836d6b8fcab7663d9bd8415e6f90fdb007b8f3e078e3a638c4fdb8562eb85173720c1df1147c9f5013c82fc98604bd70cd56609a6b73943748a90002d9cf81bcb1d262845762f6b0a2840f7b25895cc3ba8bf0b5e0fc018463d03a73fa85429725545128b0e9b550a13d0dd35092250b7d00a6c8cf314fa8d37932055bb6bce4f618cad2375a34c7f15c3096f31e6aa6887864f62760ae35214552982bba84d92b1280251330dde4cf97b7cc6b2349e4f7a576c931941f787327fceb5091d9e347056003f7303d210fccd2efe6cda25b5aacc36db66ff83afbd40b15d569244dbfed73ab9ef37705f9d2734801899e248e1a7155e2ccfca30db4ac54080fce52263e3953a6f8560f8599df272602ca901b58a9e2dbf16dd0322d0bb3ceb1b0a002090c09ab606e91ad9d88e7205464594add8691b62d55127cd891b8abf038753c0aa220cdce78b9346adbd72b293e66ef1a04905935d7adb2bf9fb3c6f145472c58dbc8dbd8d0cde99df707000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x1f1}, 0x48) exit(0xe60e) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) keyctl$assume_authority(0x10, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r1 = dup(0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0x6, &(0x7f0000000400)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}, [@alu={0x4, 0x0, 0x2, 0x5, 0x0, 0x2}, @exit, @ldst={0x0, 0x0, 0x4, 0x6, 0x0, 0x100, 0x10}]}, &(0x7f0000000440)='syzkaller\x00', 0x6, 0xc6, &(0x7f0000000700)=""/198, 0x41100, 0x2, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000480)={0x5}, 0x8, 0x10, &(0x7f00000004c0)={0x2, 0xd, 0x5, 0x10000}, 0x10, 0x0, r1}, 0x74) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r1, 0x28, 0x6, &(0x7f0000000200), 0x8) sendmsg$ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140), 0xc, 0x0, 0x1, 0x0, 0x0, 0x4008800}, 0x0) syz_genetlink_get_family_id$nl80211(0x0) syz_emit_ethernet(0x25, &(0x7f0000000080)={@local, @random="7af1b08e24f7", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "03ce02", 0x30, 0x2c, 0x0, @local, @mcast2, {[@dstopts], @ndisc_redir={0x89, 0x0, 0x0, [], @loopback, @loopback}}}}}}, 0x0) 05:30:47 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:30:47 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB], 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000600)=ANY=[@ANYBLOB="b702000006000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000000ef2d30ed9e9ae396fcc43020ed7dbc3b7c3fd06c3aed8a89b7085bd01433b0360341925d090efe0d2369c59c71aad05c6d0fe532bfa0abfab9686ba2050c64ef17096431429b00c92d1c105cab83a91537753b06f81a7a2ced6159b8161e81fbe6e51068017de70b90825cdc4dae5c5c807bd49093fb976ec196e2b721e03ae0105bedab2ec3328435ed198f80b82c02d9974adee7743c3924534a1ce29c10751eed6d9c5aeea67b4750af60eff7e99bf4f4f51aafa96b4cb76cc03b49d172cf77ae0cc07331e4e09bdf16e7865ec2bcff59f24a97e1fc2d7d91a591947d04e5c3d43f6a1c7d6b88ea19ce81fd3609ee714a1155a58d7652f03d6f12b9d2ffd9b1ea7e860f35856ad54c182c773174e31f613b179b9c2fa209dce42d02aad101f217eb332b44083b18b4844ec26135ffceb563529aed06a9c0015d1d84c096eb9ea4d1a572f110d0c8a85cddfc07c24dd107d86982feec979db5209c7256d7827820f5c8b17f19b5b2d118c406b4e8368b2d29eb98a00f100e7b196360be847201c080000007f81459fbb22a4964c98812047248cf6802788b2b3f4bf6cf42e276476332d96c63d290ee4e59bde664c5becf971e9214f6bce3513789a7e75ce51bf797e106c76ca85abdbec1c0eaa5659238b14c5c23146321c6b604d4ce89ce87fcf8b647de74241c116f6ae2ec5ad87c8f31a4a4bf60341198ebcdb9c20c3b68ebf7d856eea12e0545c5f545e8814d2f6b0206713649947fa4059e040e1f2fc59df8dcad8abfbe08952b6eaeef47e17065c3000341fa87d695c6c9b058372b554b3ec77248a7846fee2266f30ac7d200f0fe23651b053d17c36827c894b80912af524ece4a7d8df41050f35a9f48b6dd350a5953b0a0d5d5b4242288f1f96fcc2ea8ad68903925492565b85abf9952355d9a228092c8064903852af9c606bbfbccc4ba50ad3c1121b27af5b9b4421efe029c56ed54a312adb9653a490bdd2b44e38a12235d7eb6adfd6f2e7e8539fcae286fdd106f925450e131d0dd7323cda7af3ada8767d530ac53080d5a44f1dada62c4e49c9978f01800000044352f0bd92180d1e2838ca165fdddf6136babab1d4aa2af869432f97e18c1d000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x8}, 0xc, 0x0}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x18000000000002e0, 0xe, 0x80000, &(0x7f0000000280)="b95b03b700030005439e40f088a8", 0x0, 0x1a4, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0}, 0x40) 05:30:47 executing program 5: r0 = socket(0x10, 0x803, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETPRL(r0, 0x89f0, &(0x7f0000000380)={'ip6_vti0\x00', 0x0}) [ 705.585460][T17143] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:47 executing program 0: perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10ffff) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001f000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000280)="3e650f0d8c4c070f20c06635000001000f22c02e0f00100f143dba4100edba2100b001eeba4300b80f00ef0fc732b8bf0f8ee866b86e0000000f23c00f21f86635020006000f23f8", 0x48}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(0xffffffffffffffff, 0x4010ae74, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000140)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0071, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$TCGETX(0xffffffffffffffff, 0x5432, 0x0) pipe(&(0x7f00000000c0)) pipe(0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) [ 705.667903][T17146] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:50 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:30:50 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000440)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x6) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000200)='reno\x00', 0x5) sendto$inet(r0, &(0x7f00000012c0)='\f', 0x1, 0x11, 0x0, 0x0) 05:30:50 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') sendfile(r0, r1, &(0x7f0000000040)=0x676, 0x8001) 05:30:50 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ptype\x00') r1 = socket$vsock_stream(0x28, 0x1, 0x0) sendfile(r1, r0, &(0x7f0000000040)=0x8, 0x8001) 05:30:50 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) r6 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 05:30:50 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x4000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = getpid() perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x1, 0x7, 0xbc, 0x1f, 0x0, 0x7, 0x600, 0xe, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x3, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x9, 0x0, @perf_bp={&(0x7f0000000040), 0x5}, 0x66b80, 0x7, 0xffffffff, 0x7, 0x401, 0x9, 0x400}, r2, 0x8, r1, 0x9) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet6(0xa, 0x2, 0x0) dup2(r3, r4) sendfile(r4, 0xffffffffffffffff, &(0x7f0000000040)=0x101f00, 0x8001) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x800008, 0x10, r1, 0x39bbf000) perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x7, 0xe1, 0x0, 0x1, 0x0, 0xe5, 0x1201, 0x9, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x2, @perf_config_ext={0x401, 0x3f}, 0x1, 0x4520, 0x4, 0x3, 0x4, 0x1ff, 0xfff9}, r2, 0x1, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) getpeername$packet(r6, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xa) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000240)={@empty, @ipv4={[0x0, 0x0, 0x8], [], @multicast1}, @initdev={0xfe, 0x88, [0x0, 0x0, 0x0, 0x2, 0x2, 0xfc, 0x7, 0x7], 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24c20082, r7}) [ 708.281025][T17185] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:50 executing program 5: r0 = socket(0x10, 0x803, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETPRL(r0, 0x89f4, &(0x7f0000000380)={'ip6_vti0\x00', 0x0}) [ 708.359472][T17194] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:50 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000440)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x6) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000200)='reno\x00', 0x5) sendto$inet(r0, &(0x7f00000012c0)='\f', 0x1, 0x11, 0x0, 0x0) 05:30:50 executing program 1: open(&(0x7f0000000100)='./file0\x00', 0x68042, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') ioctl$KIOCSOUND(r0, 0x402c5828, 0x8153ffe) 05:30:50 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x4000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = memfd_create(&(0x7f0000000340)='\x00\x00\x00\x00\x00\x00z\x9b\xb0\xe8t%\xfc\x96L\x82\xdb', 0x0) write$binfmt_elf64(r0, &(0x7f0000000540)=ANY=[@ANYBLOB="7f454c46020000000000000000c4b40003003e000039a594249c1fd83d0000000000000000000000dfeb7bba00281213bd5d74dafc20380003"], 0x3c) execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 05:30:50 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000440)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x6) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000300)="f685a288c84ec47e44864a1ae8659eb07e2f", 0x12}, {&(0x7f0000000140)="cfd063443cdc8585517304d96a713e7fb6273277543dd8cc3f1f2506e70e28180a2d2cf93495d7ef3a25d4b8a05b98a627ae8e98ed6f0fa2c78dd9ce1b9ef81f7c9274c78b728e5032c69cf8ebe9d42dd43d2f19d09e91a71f81c3b192d96cc627241b95ec8fbb6c71f603e0d07fcb5a6e07585208dd2ac721d2fdab2c29411f66ec7cca1e1760a2d6ca8af4ec79cae5c78430ea32a266856c8260e4de581475abdd2153aa8fea34789320ee2514903088dfd546a136d4", 0xb7}], 0x2}}], 0x1, 0x0) sendto$inet(r0, &(0x7f00000012c0)='\f', 0x1, 0x11, 0x0, 0x0) 05:30:50 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) r6 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 708.899066][T17217] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 708.946374][T17217] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:53 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea", 0xe}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 05:30:53 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) exit(0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 05:30:53 executing program 1: r0 = socket$inet6(0xa, 0x401000000001, 0x0) close(r0) syz_open_procfs(0x0, &(0x7f00000002c0)='comm\x00') r1 = open(&(0x7f0000000400)='./bus\x00', 0x1145042, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)) fcntl$notify(r2, 0x402, 0xb1c661d398500c73) fcntl$setownex(r2, 0xf, &(0x7f0000000240)) pread64(0xffffffffffffffff, 0x0, 0x0, 0x9) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r3, 0x208200) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffa) 05:30:53 executing program 5: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x1, 0x8, 0x3fe, 0xc}, 0x40) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000001c0), &(0x7f00000000c0), 0x1081, r0}, 0x38) 05:30:53 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000440)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x6) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000300)="f685a288c84ec47e44864a1ae8659eb07e2f", 0x12}, {&(0x7f0000000140)="cfd063443cdc8585517304d96a713e7fb6273277543dd8cc3f1f2506e70e28180a2d2cf93495d7ef3a25d4b8a05b98a627ae8e98ed6f0fa2c78dd9ce1b9ef81f7c9274c78b728e5032c69cf8ebe9d42dd43d2f19d09e91a71f81c3b192d96cc627241b95ec8fbb6c71f603e0d07fcb5a6e07585208dd2ac721d2fdab2c29411f66ec7cca1e1760a2d6ca8af4ec79cae5c78430ea32a266856c8260e4de581475abdd2153aa8fea34789320ee2514903088dfd546a136d4", 0xb7}], 0x2}}], 0x1, 0x0) sendto$inet(r0, &(0x7f00000012c0)='\f', 0x1, 0x11, 0x0, 0x0) 05:30:53 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xf}}, [@filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) r6 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) [ 711.466418][T17249] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:53 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000440)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x6) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000300)="f685a288c84ec47e44864a1ae8659eb07e2f", 0x12}, {&(0x7f0000000140)="cfd063443cdc8585517304d96a713e7fb6273277543dd8cc3f1f2506e70e28180a2d2cf93495d7ef3a25d4b8a05b98a627ae8e98ed6f0fa2c78dd9ce1b9ef81f7c9274c78b728e5032c69cf8ebe9d42dd43d2f19d09e91a71f81c3b192d96cc627241b95ec8fbb6c71f603e0d07fcb5a6e07585208dd2ac721d2fdab2c29411f66ec7cca1e1760a2d6ca8af4ec79cae5c78430ea32a266856c8260e4de581475abdd2153aa8fea34789320ee2514903088dfd546a136d4", 0xb7}], 0x2}}], 0x1, 0x0) sendto$inet(r0, &(0x7f00000012c0)='\f', 0x1, 0x11, 0x0, 0x0) [ 711.554568][T17256] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 05:30:53 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x3, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000011ec2cb90000000000f4000085000000200000009500000000000000001c1353067283d30812db8ae56a64c05f948fb0c8d95fd844fb74618e86c9b75154a88729b5fdb4b4fb08502afc1adc90b190e0bcc231d565ce7643f5b838cbca20682aa4667700b2fe0ce80000000000001ec192b8b449451682204c84e7ec1c2d73f9b542c76cb5cf6ef9d85f47f8ed7c0c55c6a68373cac0de8dd07d3b5866"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r0, 0x0, 0xe, 0x4f, &(0x7f0000000100)="7f3d5e7a9e3efa339e3c7b7f07d2", 0x0, 0x409}, 0x28) 05:30:53 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ptype\x00') r1 = socket$nl_audit(0x10, 0x3, 0x9) sendfile(r1, r0, &(0x7f0000000040)=0x5, 0x8001) [ 711.902129][T17270] ===================================================== [ 711.909137][T17270] BUG: KMSAN: uninit-value in audit_receive+0x186f/0x6d30 [ 711.916265][T17270] CPU: 1 PID: 17270 Comm: syz-executor.5 Not tainted 5.8.0-rc5-syzkaller #0 [ 711.924945][T17270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 711.935010][T17270] Call Trace: [ 711.938316][T17270] dump_stack+0x1df/0x240 [ 711.942662][T17270] kmsan_report+0xf7/0x1e0 [ 711.947083][T17270] __msan_warning+0x58/0xa0 [ 711.951587][T17270] audit_receive+0x186f/0x6d30 [ 711.956351][T17270] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 711.962432][T17270] ? netlink_deliver_tap+0xdb5/0xe90 [ 711.967737][T17270] ? kmsan_set_origin_checked+0x95/0xf0 [ 711.973362][T17270] ? kmsan_get_metadata+0x11d/0x180 [ 711.978553][T17270] netlink_unicast+0xf9e/0x1100 [ 711.983413][T17270] ? audit_net_exit+0xd0/0xd0 [ 711.988090][T17270] netlink_sendmsg+0x1246/0x14d0 [ 711.993204][T17270] ? netlink_getsockopt+0x1440/0x1440 [ 711.998562][T17270] kernel_sendmsg+0x433/0x440 [ 712.003259][T17270] sock_no_sendpage+0x235/0x300 [ 712.008239][T17270] ? sock_no_mmap+0x30/0x30 [ 712.012761][T17270] sock_sendpage+0x1e1/0x2c0 [ 712.017352][T17270] pipe_to_sendpage+0x38c/0x4c0 [ 712.022194][T17270] ? sock_fasync+0x250/0x250 [ 712.026929][T17270] __splice_from_pipe+0x565/0xf00 [ 712.031981][T17270] ? generic_splice_sendpage+0x2d0/0x2d0 [ 712.037624][T17270] generic_splice_sendpage+0x1d5/0x2d0 [ 712.043089][T17270] ? iter_file_splice_write+0x1800/0x1800 [ 712.048802][T17270] direct_splice_actor+0x1fd/0x580 [ 712.054104][T17270] ? kmsan_get_metadata+0x4f/0x180 [ 712.059237][T17270] splice_direct_to_actor+0x6b2/0xf50 [ 712.064609][T17270] ? do_splice_direct+0x580/0x580 [ 712.069645][T17270] do_splice_direct+0x342/0x580 [ 712.074532][T17270] do_sendfile+0x101b/0x1d40 [ 712.079267][T17270] ? kmsan_get_metadata+0x4f/0x180 [ 712.084423][T17270] __se_sys_sendfile64+0x174/0x360 [ 712.089544][T17270] __x64_sys_sendfile64+0x56/0x70 [ 712.094566][T17270] do_syscall_64+0xb0/0x150 [ 712.099070][T17270] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 712.104948][T17270] RIP: 0033:0x45c1d9 [ 712.108823][T17270] Code: Bad RIP value. [ 712.113028][T17270] RSP: 002b:00007fd04b9a7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 712.121447][T17270] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 712.129618][T17270] RDX: 0000000020000040 RSI: 0000000000000003 RDI: 0000000000000004 [ 712.137582][T17270] RBP: 000000000078bf48 R08: 0000000000000000 R09: 0000000000000000 [ 712.145548][T17270] R10: 0000000000008001 R11: 0000000000000246 R12: 000000000078bf0c [ 712.153504][T17270] R13: 0000000000c9fb6f R14: 00007fd04b9a89c0 R15: 000000000078bf0c [ 712.161473][T17270] [ 712.163783][T17270] Uninit was stored to memory at: [ 712.168804][T17270] kmsan_internal_chain_origin+0xad/0x130 [ 712.174514][T17270] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 712.180487][T17270] kmsan_memcpy_metadata+0xb/0x10 [ 712.185494][T17270] __msan_memcpy+0x43/0x50 [ 712.189897][T17270] _copy_from_iter_full+0xbfe/0x13b0 [ 712.195175][T17270] netlink_sendmsg+0xfaa/0x14d0 [ 712.200011][T17270] kernel_sendmsg+0x433/0x440 [ 712.204672][T17270] sock_no_sendpage+0x235/0x300 [ 712.209508][T17270] sock_sendpage+0x1e1/0x2c0 [ 712.214083][T17270] pipe_to_sendpage+0x38c/0x4c0 [ 712.218926][T17270] __splice_from_pipe+0x565/0xf00 [ 712.224022][T17270] generic_splice_sendpage+0x1d5/0x2d0 [ 712.229469][T17270] direct_splice_actor+0x1fd/0x580 [ 712.234567][T17270] splice_direct_to_actor+0x6b2/0xf50 [ 712.239923][T17270] do_splice_direct+0x342/0x580 [ 712.244757][T17270] do_sendfile+0x101b/0x1d40 [ 712.249343][T17270] __se_sys_sendfile64+0x174/0x360 [ 712.254448][T17270] __x64_sys_sendfile64+0x56/0x70 [ 712.264505][T17270] do_syscall_64+0xb0/0x150 [ 712.269005][T17270] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 712.274963][T17270] [ 712.277293][T17270] Uninit was created at: [ 712.281525][T17270] kmsan_save_stack_with_flags+0x3c/0x90 [ 712.287147][T17270] kmsan_alloc_page+0xb9/0x180 [ 712.291894][T17270] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 712.297425][T17270] alloc_pages_current+0x672/0x990 [ 712.302522][T17270] push_pipe+0x605/0xb70 [ 712.306747][T17270] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 712.312451][T17270] do_splice_to+0x4fc/0x14f0 [ 712.317028][T17270] splice_direct_to_actor+0x45c/0xf50 [ 712.322384][T17270] do_splice_direct+0x342/0x580 [ 712.327653][T17270] do_sendfile+0x101b/0x1d40 [ 712.332228][T17270] __se_sys_sendfile64+0x174/0x360 [ 712.337319][T17270] __x64_sys_sendfile64+0x56/0x70 [ 712.342329][T17270] do_syscall_64+0xb0/0x150 [ 712.346821][T17270] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 712.352693][T17270] ===================================================== [ 712.359690][T17270] Disabling lock debugging due to kernel taint [ 712.365824][T17270] Kernel panic - not syncing: panic_on_warn set ... [ 712.372496][T17270] CPU: 1 PID: 17270 Comm: syz-executor.5 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 712.383319][T17270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 712.393530][T17270] Call Trace: [ 712.396830][T17270] dump_stack+0x1df/0x240 [ 712.401154][T17270] panic+0x3d5/0xc3e [ 712.405052][T17270] kmsan_report+0x1df/0x1e0 [ 712.409640][T17270] __msan_warning+0x58/0xa0 [ 712.414482][T17270] audit_receive+0x186f/0x6d30 [ 712.419270][T17270] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 712.425338][T17270] ? netlink_deliver_tap+0xdb5/0xe90 [ 712.430627][T17270] ? kmsan_set_origin_checked+0x95/0xf0 [ 712.436186][T17270] ? kmsan_get_metadata+0x11d/0x180 [ 712.441484][T17270] netlink_unicast+0xf9e/0x1100 [ 712.446342][T17270] ? audit_net_exit+0xd0/0xd0 [ 712.451201][T17270] netlink_sendmsg+0x1246/0x14d0 [ 712.456146][T17270] ? netlink_getsockopt+0x1440/0x1440 [ 712.461570][T17270] kernel_sendmsg+0x433/0x440 [ 712.466258][T17270] sock_no_sendpage+0x235/0x300 [ 712.471106][T17270] ? sock_no_mmap+0x30/0x30 [ 712.475792][T17270] sock_sendpage+0x1e1/0x2c0 [ 712.480386][T17270] pipe_to_sendpage+0x38c/0x4c0 [ 712.485240][T17270] ? sock_fasync+0x250/0x250 [ 712.489834][T17270] __splice_from_pipe+0x565/0xf00 [ 712.494941][T17270] ? generic_splice_sendpage+0x2d0/0x2d0 [ 712.500586][T17270] generic_splice_sendpage+0x1d5/0x2d0 [ 712.506041][T17270] ? iter_file_splice_write+0x1800/0x1800 [ 712.511768][T17270] direct_splice_actor+0x1fd/0x580 [ 712.516963][T17270] ? kmsan_get_metadata+0x4f/0x180 [ 712.522499][T17270] splice_direct_to_actor+0x6b2/0xf50 [ 712.527857][T17270] ? do_splice_direct+0x580/0x580 [ 712.532908][T17270] do_splice_direct+0x342/0x580 [ 712.537920][T17270] do_sendfile+0x101b/0x1d40 [ 712.542524][T17270] ? kmsan_get_metadata+0x4f/0x180 [ 712.547655][T17270] __se_sys_sendfile64+0x174/0x360 [ 712.552774][T17270] __x64_sys_sendfile64+0x56/0x70 [ 712.557794][T17270] do_syscall_64+0xb0/0x150 [ 712.562305][T17270] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 712.568198][T17270] RIP: 0033:0x45c1d9 [ 712.572080][T17270] Code: Bad RIP value. [ 712.576135][T17270] RSP: 002b:00007fd04b9a7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 712.584540][T17270] RAX: ffffffffffffffda RBX: 0000000000025a00 RCX: 000000000045c1d9 [ 712.592498][T17270] RDX: 0000000020000040 RSI: 0000000000000003 RDI: 0000000000000004 [ 712.600480][T17270] RBP: 000000000078bf48 R08: 0000000000000000 R09: 0000000000000000 [ 712.608436][T17270] R10: 0000000000008001 R11: 0000000000000246 R12: 000000000078bf0c [ 712.616410][T17270] R13: 0000000000c9fb6f R14: 00007fd04b9a89c0 R15: 000000000078bf0c [ 712.626019][T17270] Kernel Offset: 0x7c00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 712.637679][T17270] Rebooting in 86400 seconds..