Warning: Permanently added '10.128.0.101' (ECDSA) to the list of known hosts. 2018/11/19 07:48:46 fuzzer started 2018/11/19 07:48:51 dialing manager at 10.128.0.26:38057 2018/11/19 07:48:51 syscalls: 1 2018/11/19 07:48:51 code coverage: enabled 2018/11/19 07:48:51 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/11/19 07:48:51 setuid sandbox: enabled 2018/11/19 07:48:51 namespace sandbox: enabled 2018/11/19 07:48:51 Android sandbox: /sys/fs/selinux/policy does not exist 2018/11/19 07:48:51 fault injection: enabled 2018/11/19 07:48:51 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/11/19 07:48:51 net packed injection: enabled 2018/11/19 07:48:51 net device setup: enabled 07:52:01 executing program 0: r0 = memfd_create(&(0x7f0000000340)="95ce769ace2849a3b2baa0e1987e371c660b10e2ae819369892409d2df9e3b0b6cc64518f630dce7540ad9fc648a1f6646d37927ea4c3d532952aa03036ba0c63e36f15d233d5a63aeecdf8ae1fee0ad9aaa41169f3527452dc54fa3f0e7d7bd00fde7a076d5374c1776d5aae65f66952d2d774aa3bef178d0a76e61c67c6d68b0d650793b3eeb718e3b9868cee27bed2323a9039738e9da26af33ae1d0d9b04b6bca9e589df04963d0e4f78246b6392a3c9bb324429ade4bf73c7d3391a2d570f4c3bf4ff7b0099124924ddf370ddad175cabb5075240fcd128b39c60e05cfc312aff05c6f6e29cab21766bace8357e35c007f244b326e4fcd61e1ad82aa907d62048f49d5636785433ff7c976cd1857ffcc0dfbf873209689754f9de8de8e581f4a4eb6f1953d3c7aa25bd49512ff40534", 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000027ff3)='/dev/snd/seq\x00', 0x0, 0x20005) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, "7175657565310000000000000000000000000000000000000000cd00"}) write$binfmt_aout(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="07010000060000ea3402f8258400000004000000001af4009d030000"], 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xaf}) syzkaller login: [ 273.458376] IPVS: ftp: loaded support on port[0] = 21 [ 275.961168] bridge0: port 1(bridge_slave_0) entered blocking state [ 275.967764] bridge0: port 1(bridge_slave_0) entered disabled state [ 275.976766] device bridge_slave_0 entered promiscuous mode [ 276.181742] bridge0: port 2(bridge_slave_1) entered blocking state [ 276.188227] bridge0: port 2(bridge_slave_1) entered disabled state [ 276.197029] device bridge_slave_1 entered promiscuous mode [ 276.336572] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 276.475505] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 276.897189] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 277.038111] bond0: Enslaving bond_slave_1 as an active interface with an up link 07:52:06 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @dev}, 0x1c) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff9c}, 0x2c) r1 = socket(0xa, 0x3, 0x1000000000ff) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x2c, @loopback, 0x0, 0x0, 'ovf\x00'}, 0x2c) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f00000002c0)='ip6tnl0\x00', 0x10) sendto$unix(r1, &(0x7f0000000000), 0x5a4, 0x0, &(0x7f0000000080)=@abs, 0x6e) [ 277.414681] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 277.421973] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 277.880586] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 277.888865] team0: Port device team_slave_0 added [ 277.962914] IPVS: ftp: loaded support on port[0] = 21 [ 278.162553] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 278.170626] team0: Port device team_slave_1 added [ 278.438022] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 278.445281] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 278.454210] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 278.678040] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 278.685284] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 278.694273] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 278.861339] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 278.869159] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 278.878592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 279.019374] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 279.027147] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 279.036676] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 281.576562] bridge0: port 1(bridge_slave_0) entered blocking state [ 281.583241] bridge0: port 1(bridge_slave_0) entered disabled state [ 281.591913] device bridge_slave_0 entered promiscuous mode [ 281.623265] bridge0: port 2(bridge_slave_1) entered blocking state [ 281.629763] bridge0: port 2(bridge_slave_1) entered forwarding state [ 281.636859] bridge0: port 1(bridge_slave_0) entered blocking state [ 281.643441] bridge0: port 1(bridge_slave_0) entered forwarding state [ 281.652420] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 281.821837] bridge0: port 2(bridge_slave_1) entered blocking state [ 281.828374] bridge0: port 2(bridge_slave_1) entered disabled state [ 281.837106] device bridge_slave_1 entered promiscuous mode [ 282.009819] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 282.285103] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 282.591821] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 07:52:11 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp6\x00') r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000100), 0x28) sendto$inet6(r3, &(0x7f00000005c0), 0xfffffdef, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote}, 0x1c) sendfile(r0, r2, &(0x7f0000000080), 0x9168) r4 = socket$nl_generic(0x10, 0x3, 0x10) dup2(r4, r0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f00000000c0)) tkill(r1, 0x1004000000015) [ 283.025897] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 283.317662] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 283.605828] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 283.615535] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 283.779744] IPVS: ftp: loaded support on port[0] = 21 [ 283.961725] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 283.969346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 284.645407] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 284.653628] team0: Port device team_slave_0 added [ 284.914592] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 284.922825] team0: Port device team_slave_1 added [ 285.156332] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 285.163524] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 285.172423] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 285.496483] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 285.503766] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 285.512976] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 285.786409] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 285.794095] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 285.803196] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 286.078818] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 286.086580] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 286.095829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 288.499323] bridge0: port 1(bridge_slave_0) entered blocking state [ 288.506025] bridge0: port 1(bridge_slave_0) entered disabled state [ 288.514640] device bridge_slave_0 entered promiscuous mode [ 288.854449] bridge0: port 2(bridge_slave_1) entered blocking state [ 288.860922] bridge0: port 2(bridge_slave_1) entered disabled state [ 288.869631] device bridge_slave_1 entered promiscuous mode [ 289.183370] bridge0: port 2(bridge_slave_1) entered blocking state [ 289.189870] bridge0: port 2(bridge_slave_1) entered forwarding state [ 289.196936] bridge0: port 1(bridge_slave_0) entered blocking state [ 289.203483] bridge0: port 1(bridge_slave_0) entered forwarding state [ 289.212703] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 289.221485] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 289.516829] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 290.182103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 290.348300] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 290.657616] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 290.895027] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 290.902282] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 291.227421] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 291.234656] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 07:52:20 executing program 3: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000000780)=[{&(0x7f0000000640)="01", 0x1}], 0x1, &(0x7f00000c3000)}], 0x1, 0x0) [ 292.139638] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 292.148085] team0: Port device team_slave_0 added [ 292.564793] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 292.573135] team0: Port device team_slave_1 added [ 292.838074] IPVS: ftp: loaded support on port[0] = 21 [ 292.996612] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 293.003827] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 293.012966] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 293.051337] 8021q: adding VLAN 0 to HW filter on device bond0 [ 293.376869] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 293.385159] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 293.394244] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 293.717011] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 293.724905] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 293.734075] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 294.067063] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 294.074854] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 294.084030] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 294.354794] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 295.586587] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 295.593181] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 295.601213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 296.919358] 8021q: adding VLAN 0 to HW filter on device team0 [ 297.737457] bridge0: port 2(bridge_slave_1) entered blocking state [ 297.744024] bridge0: port 2(bridge_slave_1) entered forwarding state [ 297.750919] bridge0: port 1(bridge_slave_0) entered blocking state [ 297.757575] bridge0: port 1(bridge_slave_0) entered forwarding state [ 297.766043] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 298.209012] bridge0: port 1(bridge_slave_0) entered blocking state [ 298.215659] bridge0: port 1(bridge_slave_0) entered disabled state [ 298.224421] device bridge_slave_0 entered promiscuous mode [ 298.557333] bridge0: port 2(bridge_slave_1) entered blocking state [ 298.563989] bridge0: port 2(bridge_slave_1) entered disabled state [ 298.572685] device bridge_slave_1 entered promiscuous mode [ 298.742993] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 298.894382] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 299.249313] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 300.319552] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 300.654023] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 300.971923] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 300.979312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 301.315694] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 301.322939] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 07:52:31 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f0000000000)='threaded\x00', 0x9) fallocate(r1, 0x3, 0x7fff, 0x3) [ 302.451897] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 302.459907] team0: Port device team_slave_0 added [ 302.734631] 8021q: adding VLAN 0 to HW filter on device bond0 [ 302.887970] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 302.896197] team0: Port device team_slave_1 added [ 303.236194] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 303.243389] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 303.252328] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 303.595889] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 303.603085] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 303.611898] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 303.898316] IPVS: ftp: loaded support on port[0] = 21 [ 304.018094] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 304.026448] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 304.035702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 304.247970] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 304.485730] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 304.493387] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 304.502728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 07:52:34 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x0, 0x0, 0x2) ioctl$sock_ifreq(r0, 0x0, &(0x7f00000004c0)={'sit0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000080)={"69705f76746930000000ed2e5f4800", @ifru_ivalue}) connect(r0, &(0x7f0000000600)=@nfc_llcp={0x27, 0x0, 0x1, 0x0, 0x0, 0x10000, "cb8e0d07c253a9bf17d5e712ef84325439b43c33bc7357e2021a6b69007a43d2461309259300b21d5dc708ae9b6980cc8687fb7dc52e2698df0a790c315d38", 0x20}, 0x80) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @broadcast}, 0x10) ioctl$TCSETAF(0xffffffffffffffff, 0x5408, &(0x7f0000000180)={0xfffffffffffffffa, 0xfffffffffffff001, 0x1, 0xc14, 0x0, 0x2, 0x0, 0x0, 0x9, 0xffffffff}) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) r2 = gettid() wait4(0x0, &(0x7f00000003c0), 0x80000002, &(0x7f0000000200)) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1b) ptrace$cont(0x18, r2, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x3e}) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r2, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000000)='ip_vti0\x00', 0x10) getsockname$inet6(0xffffffffffffffff, &(0x7f00000001c0), &(0x7f0000000200)=0x1c) sendto$inet(r1, &(0x7f0000d7cfcb), 0x100000252, 0x0, &(0x7f0000893ff0), 0x10) [ 305.682560] ptrace attach of "/root/syz-executor0"[7562] was attempted by "/root/syz-executor0"[7563] 07:52:34 executing program 0: add_key(&(0x7f0000000040)='encrypted\x00', &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) [ 305.797946] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 305.804474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 305.812515] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 07:52:35 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x7f, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = semget(0x1, 0x5, 0x4) semctl$SEM_STAT(r2, 0x7, 0x12, &(0x7f0000000100)=""/225) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000040)={0x0, @aes256, 0x0, "40448863200aa815"}) dup2(r1, r0) [ 306.090201] ip (7573) used greatest stack depth: 53168 bytes left [ 306.574422] not chained 10000 origins [ 306.578314] CPU: 1 PID: 7586 Comm: ip Not tainted 4.20.0-rc2+ #88 [ 306.584560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 306.593924] Call Trace: [ 306.596552] dump_stack+0x32d/0x480 [ 306.600243] ? save_stack_trace+0xc6/0x110 [ 306.604526] kmsan_internal_chain_origin+0x222/0x240 [ 306.609672] ? kmsan_internal_chain_origin+0x136/0x240 [ 306.614981] ? __msan_chain_origin+0x6d/0xb0 [ 306.619406] ? __save_stack_trace+0x8be/0xc60 [ 306.623942] ? save_stack_trace+0xc6/0x110 [ 306.628203] ? kmsan_internal_chain_origin+0x136/0x240 [ 306.633506] ? kmsan_memcpy_origins+0x13d/0x190 [ 306.638199] ? __msan_memcpy+0x6f/0x80 [ 306.642112] ? nla_put+0x20a/0x2d0 [ 306.645686] ? br_port_fill_attrs+0x366/0x1ea0 [ 306.650289] ? br_port_fill_slave_info+0xff/0x120 [ 306.655173] ? rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 306.659708] ? rtnl_dump_ifinfo+0x18b5/0x2140 [ 306.664251] ? netlink_dump+0xc79/0x1c90 [ 306.668330] ? netlink_recvmsg+0xec2/0x19d0 [ 306.672687] ? sock_recvmsg+0x1d1/0x230 [ 306.676704] ? ___sys_recvmsg+0x444/0xae0 [ 306.680882] ? __se_sys_recvmsg+0x2fa/0x450 [ 306.685228] ? __x64_sys_recvmsg+0x4a/0x70 [ 306.689489] ? do_syscall_64+0xcf/0x110 [ 306.693487] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 306.698875] ? do_syscall_64+0xcf/0x110 [ 306.702873] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 306.708267] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 306.713653] ? __module_address+0x6a/0x5f0 [ 306.717928] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 306.723317] ? is_bpf_text_address+0x49e/0x4d0 [ 306.727938] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 306.733419] ? in_task_stack+0x12c/0x210 [ 306.737528] __msan_chain_origin+0x6d/0xb0 [ 306.741787] ? ___sys_recvmsg+0x444/0xae0 [ 306.745962] __save_stack_trace+0x8be/0xc60 [ 306.750305] ? __save_stack_trace+0x9f2/0xc60 [ 306.754843] ? ___sys_recvmsg+0x444/0xae0 [ 306.759021] save_stack_trace+0xc6/0x110 [ 306.763120] kmsan_internal_chain_origin+0x136/0x240 [ 306.768261] ? kmsan_internal_chain_origin+0x136/0x240 [ 306.773561] ? kmsan_memcpy_origins+0x13d/0x190 [ 306.778253] ? __msan_memcpy+0x6f/0x80 [ 306.782168] ? nla_put+0x20a/0x2d0 [ 306.785753] ? br_port_fill_attrs+0x42b/0x1ea0 [ 306.790356] ? br_port_fill_slave_info+0xff/0x120 [ 306.795265] ? rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 306.800247] ? rtnl_dump_ifinfo+0x18b5/0x2140 [ 306.804764] ? netlink_dump+0xc79/0x1c90 [ 306.808866] ? netlink_recvmsg+0xec2/0x19d0 [ 306.813230] ? sock_recvmsg+0x1d1/0x230 [ 306.817227] ? ___sys_recvmsg+0x444/0xae0 [ 306.821395] ? __se_sys_recvmsg+0x2fa/0x450 [ 306.825737] ? __x64_sys_recvmsg+0x4a/0x70 [ 306.829995] ? do_syscall_64+0xcf/0x110 [ 306.833999] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 306.839390] ? __msan_poison_alloca+0x1e0/0x270 [ 306.844103] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 306.849487] ? find_next_bit+0x25b/0x2a0 [ 306.853576] ? vmalloc_to_page+0x585/0x6c0 [ 306.857885] ? kmsan_set_origin+0x7f/0x100 [ 306.862164] ? kmsan_internal_unpoison_shadow+0x83/0xd0 [ 306.867569] kmsan_memcpy_origins+0x13d/0x190 [ 306.872133] __msan_memcpy+0x6f/0x80 [ 306.875902] nla_put+0x20a/0x2d0 [ 306.879316] br_port_fill_attrs+0x42b/0x1ea0 [ 306.883773] br_port_fill_slave_info+0xff/0x120 [ 306.888485] ? br_port_get_slave_size+0x30/0x30 [ 306.893204] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 306.897606] rtnl_dump_ifinfo+0x18b5/0x2140 [ 306.902082] ? kmsan_internal_unpoison_shadow+0x83/0xd0 [ 306.907482] ? rtnl_getlink+0xec0/0xec0 [ 306.911476] netlink_dump+0xc79/0x1c90 [ 306.915425] netlink_recvmsg+0xec2/0x19d0 [ 306.919627] sock_recvmsg+0x1d1/0x230 [ 306.923452] ? netlink_sendmsg+0x1440/0x1440 [ 306.927938] ___sys_recvmsg+0x444/0xae0 [ 306.931968] ? __msan_poison_alloca+0x1e0/0x270 [ 306.936715] ? __se_sys_recvmsg+0xca/0x450 [ 306.940983] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 306.946367] ? __fdget+0x23c/0x440 [ 306.949944] __se_sys_recvmsg+0x2fa/0x450 [ 306.954146] __x64_sys_recvmsg+0x4a/0x70 [ 306.958239] do_syscall_64+0xcf/0x110 [ 306.962107] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 306.967331] RIP: 0033:0x7f1e20346210 [ 306.971076] Code: 31 d2 48 29 c2 64 89 11 48 83 c8 ff eb ea 90 90 90 90 90 90 90 90 90 90 90 90 83 3d e5 d3 2a 00 00 75 10 b8 2f 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 6e bb 00 00 48 89 04 24 [ 306.989991] RSP: 002b:00007ffe179ccbf8 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 306.997720] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1e20346210 [ 307.005006] RDX: 0000000000000000 RSI: 00007ffe179ccc40 RDI: 0000000000000003 [ 307.012289] RBP: 0000000000000ac0 R08: 00007f1e205efec8 R09: 00007f1e2038c800 [ 307.019571] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006395c0 [ 307.026862] R13: 00007ffe179d0cd0 R14: 0000000000000ac0 R15: 00007ffe179cd740 [ 307.034178] Uninit was stored to memory at: [ 307.038528] kmsan_internal_chain_origin+0x136/0x240 [ 307.043654] __msan_chain_origin+0x6d/0xb0 [ 307.047916] __save_stack_trace+0x8be/0xc60 [ 307.052260] save_stack_trace+0xc6/0x110 [ 307.056339] kmsan_internal_chain_origin+0x136/0x240 [ 307.061460] kmsan_memcpy_origins+0x13d/0x190 [ 307.065979] __msan_memcpy+0x6f/0x80 [ 307.069736] nla_put+0x20a/0x2d0 [ 307.073127] br_port_fill_attrs+0x366/0x1ea0 [ 307.077553] br_port_fill_slave_info+0xff/0x120 [ 307.082256] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 307.086596] rtnl_dump_ifinfo+0x18b5/0x2140 [ 307.090950] netlink_dump+0xc79/0x1c90 [ 307.094856] netlink_recvmsg+0xec2/0x19d0 [ 307.099023] sock_recvmsg+0x1d1/0x230 [ 307.102847] ___sys_recvmsg+0x444/0xae0 [ 307.106840] __se_sys_recvmsg+0x2fa/0x450 [ 307.111004] __x64_sys_recvmsg+0x4a/0x70 [ 307.115097] do_syscall_64+0xcf/0x110 [ 307.118936] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 307.124144] [ 307.125777] Uninit was stored to memory at: [ 307.130118] kmsan_internal_chain_origin+0x136/0x240 [ 307.135253] __msan_chain_origin+0x6d/0xb0 [ 307.139507] __save_stack_trace+0x8be/0xc60 [ 307.143847] save_stack_trace+0xc6/0x110 [ 307.147933] kmsan_internal_chain_origin+0x136/0x240 [ 307.153055] kmsan_memcpy_origins+0x13d/0x190 [ 307.157568] __msan_memcpy+0x6f/0x80 [ 307.161298] nla_put+0x20a/0x2d0 [ 307.164695] br_port_fill_attrs+0x366/0x1ea0 [ 307.169126] br_port_fill_slave_info+0xff/0x120 [ 307.173829] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 307.178167] rtnl_dump_ifinfo+0x18b5/0x2140 [ 307.182515] netlink_dump+0xc79/0x1c90 [ 307.186419] netlink_recvmsg+0xec2/0x19d0 [ 307.190588] sock_recvmsg+0x1d1/0x230 [ 307.194407] ___sys_recvmsg+0x444/0xae0 [ 307.198398] __se_sys_recvmsg+0x2fa/0x450 [ 307.202582] __x64_sys_recvmsg+0x4a/0x70 [ 307.206663] do_syscall_64+0xcf/0x110 [ 307.210499] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 307.215706] [ 307.217344] Uninit was stored to memory at: [ 307.221695] kmsan_internal_chain_origin+0x136/0x240 [ 307.226849] __msan_chain_origin+0x6d/0xb0 [ 307.231107] __save_stack_trace+0x8be/0xc60 [ 307.235457] save_stack_trace+0xc6/0x110 [ 307.239545] kmsan_internal_chain_origin+0x136/0x240 [ 307.244670] kmsan_memcpy_origins+0x13d/0x190 [ 307.249197] __msan_memcpy+0x6f/0x80 [ 307.252928] nla_put+0x20a/0x2d0 [ 307.256315] br_port_fill_attrs+0x366/0x1ea0 [ 307.260759] br_port_fill_slave_info+0xff/0x120 [ 307.265457] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 307.269817] rtnl_dump_ifinfo+0x18b5/0x2140 [ 307.274162] netlink_dump+0xc79/0x1c90 [ 307.278088] netlink_recvmsg+0xec2/0x19d0 [ 307.282254] sock_recvmsg+0x1d1/0x230 [ 307.286073] ___sys_recvmsg+0x444/0xae0 [ 307.290062] __se_sys_recvmsg+0x2fa/0x450 [ 307.294226] __x64_sys_recvmsg+0x4a/0x70 [ 307.298307] do_syscall_64+0xcf/0x110 [ 307.302134] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 307.307347] [ 307.309018] Uninit was stored to memory at: [ 307.313360] kmsan_internal_chain_origin+0x136/0x240 [ 307.318479] __msan_chain_origin+0x6d/0xb0 [ 307.322789] __save_stack_trace+0x8be/0xc60 [ 307.327126] save_stack_trace+0xc6/0x110 [ 307.331209] kmsan_internal_chain_origin+0x136/0x240 [ 307.336347] kmsan_memcpy_origins+0x13d/0x190 [ 307.340891] __msan_memcpy+0x6f/0x80 [ 307.344626] nla_put+0x20a/0x2d0 [ 307.348033] br_port_fill_attrs+0x366/0x1ea0 [ 307.352460] br_port_fill_slave_info+0xff/0x120 [ 307.357144] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 307.361504] rtnl_dump_ifinfo+0x18b5/0x2140 [ 307.365856] netlink_dump+0xc79/0x1c90 [ 307.369766] netlink_recvmsg+0xec2/0x19d0 [ 307.373944] sock_recvmsg+0x1d1/0x230 [ 307.377814] ___sys_recvmsg+0x444/0xae0 [ 307.381822] __se_sys_recvmsg+0x2fa/0x450 [ 307.385984] __x64_sys_recvmsg+0x4a/0x70 [ 307.390068] do_syscall_64+0xcf/0x110 [ 307.393890] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 307.399098] [ 307.400746] Uninit was stored to memory at: [ 307.405104] kmsan_internal_chain_origin+0x136/0x240 [ 307.410230] __msan_chain_origin+0x6d/0xb0 [ 307.414499] __save_stack_trace+0x8be/0xc60 [ 307.418867] save_stack_trace+0xc6/0x110 [ 307.422948] kmsan_internal_chain_origin+0x136/0x240 [ 307.428069] kmsan_memcpy_origins+0x13d/0x190 [ 307.432584] __msan_memcpy+0x6f/0x80 [ 307.436319] nla_put+0x20a/0x2d0 [ 307.439708] br_port_fill_attrs+0x366/0x1ea0 [ 307.444137] br_port_fill_slave_info+0xff/0x120 [ 307.448841] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 307.453181] rtnl_dump_ifinfo+0x18b5/0x2140 [ 307.457523] netlink_dump+0xc79/0x1c90 [ 307.461425] netlink_recvmsg+0xec2/0x19d0 [ 307.465591] sock_recvmsg+0x1d1/0x230 [ 307.469409] ___sys_recvmsg+0x444/0xae0 [ 307.473396] __se_sys_recvmsg+0x2fa/0x450 [ 307.477564] __x64_sys_recvmsg+0x4a/0x70 [ 307.481642] do_syscall_64+0xcf/0x110 [ 307.485473] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 307.490689] [ 307.492326] Uninit was stored to memory at: [ 307.496664] kmsan_internal_chain_origin+0x136/0x240 [ 307.501832] __msan_chain_origin+0x6d/0xb0 [ 307.506097] __save_stack_trace+0x8be/0xc60 [ 307.510434] save_stack_trace+0xc6/0x110 [ 307.514515] kmsan_internal_chain_origin+0x136/0x240 [ 307.519652] kmsan_memcpy_origins+0x13d/0x190 [ 307.524195] __msan_memcpy+0x6f/0x80 [ 307.527924] nla_put+0x20a/0x2d0 [ 307.531340] br_port_fill_attrs+0x366/0x1ea0 [ 307.535773] br_port_fill_slave_info+0xff/0x120 [ 307.540484] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 307.544825] rtnl_dump_ifinfo+0x18b5/0x2140 [ 307.549226] netlink_dump+0xc79/0x1c90 [ 307.553142] netlink_recvmsg+0xec2/0x19d0 [ 307.557309] sock_recvmsg+0x1d1/0x230 [ 307.561132] ___sys_recvmsg+0x444/0xae0 [ 307.565130] __se_sys_recvmsg+0x2fa/0x450 [ 307.569307] __x64_sys_recvmsg+0x4a/0x70 [ 307.573386] do_syscall_64+0xcf/0x110 [ 307.577212] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 307.582405] [ 307.584040] Uninit was stored to memory at: [ 307.588377] kmsan_internal_chain_origin+0x136/0x240 [ 307.593503] __msan_chain_origin+0x6d/0xb0 [ 307.597759] __save_stack_trace+0x8be/0xc60 [ 307.602105] save_stack_trace+0xc6/0x110 [ 307.606184] kmsan_internal_chain_origin+0x136/0x240 [ 307.611312] kmsan_memcpy_origins+0x13d/0x190 [ 307.615832] __msan_memcpy+0x6f/0x80 [ 307.619567] nla_put+0x20a/0x2d0 [ 307.622954] br_port_fill_attrs+0x366/0x1ea0 [ 307.627381] br_port_fill_slave_info+0xff/0x120 [ 307.632070] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 307.636421] rtnl_dump_ifinfo+0x18b5/0x2140 [ 307.640772] netlink_dump+0xc79/0x1c90 [ 307.644686] netlink_recvmsg+0xec2/0x19d0 [ 307.648854] sock_recvmsg+0x1d1/0x230 [ 307.652684] ___sys_recvmsg+0x444/0xae0 [ 307.656692] __se_sys_recvmsg+0x2fa/0x450 [ 307.660858] __x64_sys_recvmsg+0x4a/0x70 [ 307.664951] do_syscall_64+0xcf/0x110 [ 307.668902] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 307.674100] 07:52:36 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) r1 = socket(0x9, 0x801, 0xffffffff) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x2000, 0x0) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x0, 0x0) ioctl$NBD_SET_SIZE(r4, 0xab02, 0x6) ioctl$TIOCGWINSZ(r3, 0x5413, &(0x7f0000000240)) sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="dc000000", @ANYRES16=r2, @ANYBLOB="200128bd7000fedbdf250d00000008000400ff03000008000600060000000800050000feffff1400010008000b007369700008000b00736970000c000200080002004e2200007c00030014000600fe800000004730ea623274fc00000000000000000000bb1400020069726c616e300000000000000000000014000600fe8000000000000000000000000000bb080800040004000000080007004e23000014000600ff0200000000000000000000000000010800010003000000080007004e23000008000700feffffff0c00020008000400000800005afea043380e41d6488584eeaa9c5dc2"], 0xdc}, 0x1, 0x0, 0x0, 0x80}, 0x20000080) [ 307.675766] Local variable description: ----v.addr.i.i108@update_curr [ 307.682364] Variable was created at: [ 307.686109] update_curr+0x62/0x2100 [ 307.689842] pick_next_task_fair+0x29c/0x3060 [ 308.581493] 8021q: adding VLAN 0 to HW filter on device team0 07:52:37 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x10008000000004) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000000)) sendmsg$nl_route(r0, &(0x7f0000000280)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="0400", @ANYRES32=0x0, @ANYBLOB="0000000000000000080021000000000024000e0000000000000000000000000000000000000000000000000000000000000000000c000100aaaaaaaaaa000000"], 0x58}}, 0x0) 07:52:38 executing program 0: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x20000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000140)='/dev/swradio#\x00', 0x0, 0x2) ioctl$sock_inet_SIOCADDRT(r1, 0x890b, &(0x7f00000001c0)={0x3f, {0x2, 0x4e21, @multicast1}, {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xd}}, {0x2, 0x4e22, @multicast2}, 0x1, 0x5, 0x1, 0x46, 0x1000, &(0x7f0000000180)='vcan0\x00', 0x7a5, 0x9, 0xfffffffffffffffb}) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, r0, 0x0) read(r2, &(0x7f0000000400)=""/91, 0x214) 07:52:38 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000080)={&(0x7f0000000040), 0xc, &(0x7f00008b7ff0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="240000000101010000000000002ef000100002000c000100050002000000000000000000"], 0x24}}, 0x0) r1 = memfd_create(&(0x7f0000000000)='wlan0ppp0em0\x00', 0x2) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f00000000c0)={{0x2, 0x4e23, @remote}, {0x306, @remote}, 0x0, {0x2, 0x4e20, @local}, 'bcsh0\x00'}) [ 309.494444] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. [ 309.523936] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. 07:52:38 executing program 0: r0 = socket$inet6(0xa, 0x2000000000000001, 0x8010000000000083) bind$inet6(r0, &(0x7f00002aafe4)={0xa, 0x4e22, 0x0, @ipv4}, 0x1c) listen(r0, 0x9) r1 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0xff, 0x0) ioctl$DRM_IOCTL_ADD_BUFS(r1, 0xc0206416, &(0x7f0000000300)={0x385caa5, 0x0, 0xad, 0xe45f0, 0x8, 0x5}) r2 = socket$inet6_sctp(0xa, 0x3, 0x84) sendto$inet6(r0, &(0x7f0000000100)='F', 0x23f, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback, 0x7}, 0x1c) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x8141, 0x0) accept$alg(r3, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='md5sum{{%security:eth1lo*@$bdevppp0\x00', r3}, 0x10) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0xa, 0x0, @dev, [0x0, 0x300000000000000]}}, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x9c) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000240)={0x0, @in={{0x2, 0x4e23, @local}}}, &(0x7f0000000200)=0x98) [ 310.438894] bridge0: port 2(bridge_slave_1) entered blocking state [ 310.445477] bridge0: port 2(bridge_slave_1) entered forwarding state [ 310.452533] bridge0: port 1(bridge_slave_0) entered blocking state [ 310.458982] bridge0: port 1(bridge_slave_0) entered forwarding state [ 310.467570] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 310.562639] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 311.293924] bridge0: port 1(bridge_slave_0) entered blocking state [ 311.300447] bridge0: port 1(bridge_slave_0) entered disabled state [ 311.309169] device bridge_slave_0 entered promiscuous mode [ 311.620664] bridge0: port 2(bridge_slave_1) entered blocking state [ 311.627716] bridge0: port 2(bridge_slave_1) entered disabled state [ 311.636258] device bridge_slave_1 entered promiscuous mode [ 311.922808] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 312.261427] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 313.320445] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 313.573561] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 313.853213] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 313.860246] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 314.057603] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 314.064752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 314.747390] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 314.755701] team0: Port device team_slave_0 added [ 315.035464] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 315.043920] team0: Port device team_slave_1 added [ 315.336095] 8021q: adding VLAN 0 to HW filter on device bond0 [ 315.343939] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 315.350966] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 315.360224] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 315.652086] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 315.659160] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 315.668775] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 315.972284] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 315.980007] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 315.989357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 316.236478] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 316.244325] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 316.253392] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 316.357966] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 07:52:45 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="24000000250007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)=@ipx, 0x80, &(0x7f0000000200), 0x0, &(0x7f0000001540)=""/4096, 0x1000}}], 0x1, 0x0, 0x0) [ 316.583153] netlink: 4 bytes leftover after parsing attributes in process `syz-executor1'. [ 316.630209] netlink: 4 bytes leftover after parsing attributes in process `syz-executor1'. [ 316.646878] netlink: 4 bytes leftover after parsing attributes in process `syz-executor1'. [ 316.687661] netlink: 4 bytes leftover after parsing attributes in process `syz-executor1'. [ 317.359358] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 317.365961] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 317.373995] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 318.155300] 8021q: adding VLAN 0 to HW filter on device team0 [ 318.693112] bridge0: port 2(bridge_slave_1) entered blocking state [ 318.699657] bridge0: port 2(bridge_slave_1) entered forwarding state [ 318.706840] bridge0: port 1(bridge_slave_0) entered blocking state [ 318.713412] bridge0: port 1(bridge_slave_0) entered forwarding state [ 318.722491] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 318.730184] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 321.219875] 8021q: adding VLAN 0 to HW filter on device bond0 [ 322.013607] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 322.612558] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 322.618947] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 322.626990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 323.266612] 8021q: adding VLAN 0 to HW filter on device team0 07:52:52 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f00000000c0)={&(0x7f0000000040), 0xc, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000001d001fff000000000000000005000000080003002100000057affeba8e062ee9b070d2bbdac98bfc8ba5f7dd38b477245dbd7aaba05d328aab178a1bcc0477c8c52b14bdd8bacbb2e0001134c70526e5cdf605f2d00bcf6a0299a8262415fb2a6bf5c600052f89ccab54487640c8b35c3925727722920f1046d9ca639cb4e3176c914fe741a6450ccbfaf184ef7f95982cd89de97dd4a38df5ec1dd2a2b2bde863079eccd55a724cebfed0904c0185946d6647596af790ea0a5ddd58c4716b915764edb3b86b8e"], 0x1}}, 0x0) recvmmsg(r0, &(0x7f0000003900)=[{{&(0x7f0000000300)=@ax25, 0x80, &(0x7f0000000500)=[{&(0x7f0000000380)=""/134, 0x86}, {&(0x7f0000000440)=""/166, 0xa6}], 0x2, 0x0, 0x0, 0x7d4a26f5}}, {{&(0x7f0000000540)=@pppol2tpin6, 0x80, &(0x7f00000016c0)=[{&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000015c0)=""/205, 0xcd}], 0x2, &(0x7f0000001700)=""/4096, 0x1000, 0x2b}, 0x80000000}, {{0x0, 0x0, &(0x7f0000002a00)=[{&(0x7f0000002700)=""/47, 0x2f}, {&(0x7f0000002740)}, {&(0x7f0000002780)=""/148, 0x94}, {&(0x7f0000002840)=""/68, 0x44}, {&(0x7f00000028c0)=""/174, 0xae}, {&(0x7f0000002980)=""/61, 0x3d}, {&(0x7f00000029c0)=""/58, 0x3a}], 0x7, &(0x7f0000002a80)=""/68, 0x44, 0x191d}, 0x401}, {{0x0, 0x0, &(0x7f0000002d40)=[{&(0x7f0000002b00)=""/68, 0x44}, {&(0x7f0000002b80)=""/244, 0xf4}, {&(0x7f0000002c80)=""/163, 0xa3}], 0x3, &(0x7f0000002d80)=""/113, 0x71, 0xffffffffb87df15b}, 0x3}, {{&(0x7f0000002e00)=@alg, 0x80, &(0x7f0000003100)=[{&(0x7f0000002e80)=""/162, 0xa2}, {&(0x7f0000002f40)=""/194, 0xc2}, {&(0x7f0000003040)=""/182, 0xb6}], 0x3, &(0x7f0000003140)=""/111, 0x6f, 0x9}, 0x80000000}, {{0x0, 0x0, &(0x7f0000003500)=[{&(0x7f00000031c0)=""/163, 0xa3}, {&(0x7f0000003280)=""/229, 0xe5}, {&(0x7f0000003380)=""/230, 0xe6}, {&(0x7f0000003480)=""/37, 0x25}, {&(0x7f00000034c0)=""/16, 0x10}], 0x5, &(0x7f0000000100)=""/38, 0x26, 0x819}, 0x9}, {{&(0x7f00000035c0)=@hci, 0x80, &(0x7f00000037c0)=[{&(0x7f0000003640)=""/8, 0x8}, {&(0x7f0000003680)=""/49, 0x31}, {&(0x7f00000036c0)=""/208, 0xd0}], 0x3, &(0x7f0000003800)=""/224, 0xe0, 0x9}}], 0x7, 0x0, &(0x7f0000003ac0)) [ 326.301051] 8021q: adding VLAN 0 to HW filter on device bond0 [ 326.765882] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 327.203692] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 327.209975] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 327.218087] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 07:52:56 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000300)) [ 327.598169] 8021q: adding VLAN 0 to HW filter on device team0 07:52:58 executing program 4: creat(&(0x7f00000002c0)='./file0\x00', 0x0) mount(&(0x7f0000000100)=@md0='/dev/md0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)='ntfs\x00', 0x0, 0x0) 07:52:58 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1, 0x800) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x101) r1 = socket(0x40000000002, 0x3, 0x67) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000440)='bridge0\x00', 0x10) sendmsg$unix(r1, &(0x7f0000000840)={&(0x7f00000005c0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000680), 0x0, &(0x7f0000000800)}, 0x8804) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0xd0000e0}, 0x63) 07:52:58 executing program 5: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x400000, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000040)={{{@in6=@dev, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in=@local}}, &(0x7f0000000140)=0xe8) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000180)={r1, 0x1, 0x6}, 0x10) gettid() ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000001c0)) ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f0000000200)={0x0}) ioctl$DRM_IOCTL_UNLOCK(r0, 0x4008642b, &(0x7f0000000240)={r2}) r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000280)='/dev/dlm-monitor\x00', 0x400000, 0x0) r4 = accept4(r3, &(0x7f00000002c0)=@vsock={0x28, 0x0, 0x0, @reserved}, &(0x7f0000000340)=0x80, 0x80800) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r3, 0x29, 0xd2, &(0x7f0000000380)={{0xa, 0x4e24, 0x7fff, @dev={0xfe, 0x80, [], 0x13}}, {0xa, 0x4e22, 0x800000000000, @empty, 0x1c}, 0x100000001, [0x3, 0xfffffffffffffffb, 0x100000001, 0x8000, 0x101, 0x7, 0x80000000, 0x7]}, 0x5c) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000400)={0xffffffffffffffff}) bind$can_raw(r4, &(0x7f0000000440)={0x1d, r1}, 0x10) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f0000000480)={0x0, 0x2}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000500)={0x6, 0x4, 0x1, 0x8, 0x3f, 0x1, 0x1, 0x8, r6}, 0x20) socket$inet_sctp(0x2, 0x5, 0x84) ioctl$NBD_SET_SIZE_BLOCKS(r3, 0xab07, 0x0) setsockopt$packet_fanout_data(r5, 0x107, 0x16, &(0x7f0000000580)={0x0, &(0x7f0000000540)}, 0x10) r7 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet6_MRT6_DEL_MFC(r3, 0x29, 0xcd, &(0x7f00000005c0)={{0xa, 0x4e22, 0xfffffffffffffffd, @mcast2, 0x80000001}, {0xa, 0x4e20, 0x0, @remote, 0x1a70}, 0x1aaea1ff, [0x3, 0x3, 0x5, 0x9, 0x2, 0x6, 0x40, 0xfffffffffffffffe]}, 0x5c) ioctl$SG_GET_SG_TABLESIZE(r3, 0x227f, &(0x7f0000000640)) r8 = syz_open_dev$dspn(&(0x7f0000000680)='/dev/dsp#\x00', 0x10000, 0x440000) ioctl$KVM_KVMCLOCK_CTRL(r3, 0xaead) setsockopt$IP_VS_SO_SET_DEL(r7, 0x0, 0x484, &(0x7f00000006c0)={0x32, @empty, 0x4e20, 0x2, 'sh\x00', 0x20, 0x1, 0x13}, 0x2c) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000700)={{{@in6=@mcast1}}, {{@in6=@mcast2}, 0x0, @in=@multicast2}}, &(0x7f0000000800)=0xe8) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000840)={0x80, 0x4, 0x1000}, 0x4) ioctl$BLKPG(r0, 0x1269, &(0x7f0000000980)={0xfe000, 0xfffffffffffffffb, 0xef, &(0x7f0000000880)="1886ea25b90681698f99e5b35dda87aa827b7a58c01219a05c43f6628019fca77511441063155b4881a8d00c214f9c626fdb9aabb7b20087e8381891e3707eebd63dda13a7d50527cc19a6b7d345545b946e2015d73ff61abc1628d14eff3289ab0abc9e4af138bdecc924c33acdece3b43217f2343e882b1a9aacf60108a7a9978b1a8d9a0a33448ffa3775f310f107496dc75ab3fae63024b22be64b94eca5fe428037ebb19658af7e2170a4edf965911d9eb824adbcc1f0a411b63f4dc9fddb3b66c40b8fe6fadb5299a785106527d742eb2104cf5ed0cad2f977f7de1d386e2c16b1244a0fac71985621834baa"}) fsetxattr$trusted_overlay_redirect(r5, &(0x7f00000009c0)='trusted.overlay.redirect\x00', &(0x7f0000000a00)='./file0\x00', 0x8, 0x1) ioctl$FS_IOC_FSSETXATTR(r8, 0x401c5820, &(0x7f0000000a40)={0x987, 0x80000001, 0x2, 0x54, 0xfff}) fcntl$addseals(r7, 0x409, 0xe) ioctl$EVIOCGLED(r0, 0x80404519, &(0x7f0000000a80)=""/77) 07:52:58 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$l2tp(0x18, 0x1, 0x1) dup3(r1, r0, 0x0) connect$l2tp(r2, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26) 07:52:58 executing program 1: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000200), 0xffffffffffffffff) r0 = gettid() wait4(0x0, &(0x7f00000003c0), 0x80000000, &(0x7f0000000340)) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x45b, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1b) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000000c0)={@loopback, @loopback, @loopback, 0x0, 0x0, 0x0, 0x107}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x21, r0, 0x0, 0x0) 07:52:58 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$l2tp(0x18, 0x1, 0x1) dup3(r1, r0, 0x0) connect$l2tp(r2, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26) [ 329.722463] raw_sendmsg: syz-executor0 forgot to set AF_INET. Fix it! 07:52:58 executing program 1: ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0x40286608, &(0x7f0000000440)={0x2000000000000157, &(0x7f0000000400)}) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000680)={0x0, 0x0}) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000800)='/dev/rtc0\x00', 0x200, 0x0) perf_event_open(&(0x7f0000000940)={0x5, 0x70, 0x7, 0x9, 0x3, 0x0, 0x0, 0x400, 0x8, 0x0, 0x728, 0x2607, 0x2, 0x7ff, 0x0, 0x64a, 0x7ff, 0x3, 0x8, 0x6, 0x8, 0x5, 0x80000000000, 0xffff, 0x6, 0x4, 0x200, 0x7, 0x80000001, 0x9c1, 0x5, 0x5, 0xff, 0x4, 0xfff, 0x6, 0x8, 0x7, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000640), 0xa}, 0x840, 0x3, 0x1, 0x3, 0x2}, r0, 0x2, r1, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000340), 0xffffffffffffffff) prctl$intptr(0xe, 0x3) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f00000008c0), &(0x7f0000000900)=0xc) syz_open_dev$midi(&(0x7f0000000180)='/dev/midi#\x00', 0x1, 0x2001) r2 = socket$rds(0x15, 0x5, 0x0) setsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000880)=@int=0x7ff, 0x4) bind$rds(r2, &(0x7f0000000840)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f000000a7c0)=[{{&(0x7f0000008480)=@ethernet, 0x80, &(0x7f0000008580), 0x0, &(0x7f00000085c0), 0x0, 0x800}, 0x9}], 0x1, 0x8000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x7f, 0xf6ca}) sendmsg$rds(r2, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote, [0x3f000000, 0x700, 0x0, 0xc0fe, 0xfec0000000000000, 0xa00000000000000]}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80389}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x9, 0x60}}], 0x48}, 0x0) 07:52:58 executing program 3: r0 = socket$inet(0x2, 0x200000002, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000080)={@multicast2, @local}, 0xc) r1 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r1, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local, @remote}, 0xc) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/mcfilter\x00') pread64(r2, &(0x7f00000000c0)=""/225, 0xe1, 0x0) 07:52:58 executing program 2: r0 = inotify_init() perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0x5, 0x108000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x8, 0x3, &(0x7f0000346fc8), &(0x7f0000000000)="1d4e4cc000", 0x20000, 0xfb, &(0x7f00001a7f05)=""/251}, 0x48) dup2(r0, r1) 07:52:58 executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'sit0\x00'}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="000000000000000004001a00"], 0x1}}, 0x0) [ 330.139857] hrtimer: interrupt took 60831 ns 07:52:59 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000480), 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[]}}, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000240)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[]}}, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000002c0)="b8010000000f01c166b8e2000f00d8b9800000c00f3235004000000f304a0fc75f20c44379608d00000100f22e0f01ca67440ff6143f66ba4000b846c95182ef0f01cf400f01df", 0x47}], 0x26a, 0x0, &(0x7f0000000100), 0xffffffffffffe82) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:52:59 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f0000000200)="0a5c2d0240316285717070") r1 = syz_open_dev$sndseq(&(0x7f0000000480)='/dev/snd/seq\x00', 0x0, 0x0) read(r1, &(0x7f0000000240)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000400)={0xbf, @time}) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r1, 0x402c5342, &(0x7f0000000080)) r2 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, &(0x7f0000000140)) tkill(r2, 0x1000000000013) 07:52:59 executing program 3: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000200), 0xffffffffffffffff) r0 = gettid() wait4(0x0, &(0x7f00000003c0), 0x80000000, &(0x7f0000000340)) openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x15) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 330.453965] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 07:52:59 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f0000000200)="0a5c2d0240316285717070") r1 = syz_open_dev$sndseq(&(0x7f0000000480)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r1, 0x40605346, &(0x7f0000000080)) gettid() timer_create(0x0, &(0x7f0000044000), &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, &(0x7f0000000140)) tkill(0x0, 0x0) [ 330.953211] IPVS: ftp: loaded support on port[0] = 21 [ 332.513237] bridge0: port 1(bridge_slave_0) entered blocking state [ 332.519672] bridge0: port 1(bridge_slave_0) entered disabled state [ 332.528125] device bridge_slave_0 entered promiscuous mode [ 332.611938] bridge0: port 2(bridge_slave_1) entered blocking state [ 332.618357] bridge0: port 2(bridge_slave_1) entered disabled state [ 332.626686] device bridge_slave_1 entered promiscuous mode [ 332.710021] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 332.793697] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 333.044863] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 333.132243] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 333.217739] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 333.225069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 333.308210] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 333.315291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 333.563277] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 333.571017] team0: Port device team_slave_0 added [ 333.700749] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 333.708966] team0: Port device team_slave_1 added [ 333.786418] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 333.867012] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 333.944903] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 333.952321] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 333.961085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 334.036322] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 334.043717] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 334.052678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 334.877471] bridge0: port 2(bridge_slave_1) entered blocking state [ 334.883919] bridge0: port 2(bridge_slave_1) entered forwarding state [ 334.890617] bridge0: port 1(bridge_slave_0) entered blocking state [ 334.897204] bridge0: port 1(bridge_slave_0) entered forwarding state [ 334.905339] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 335.162017] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 338.025166] 8021q: adding VLAN 0 to HW filter on device bond0 [ 338.301402] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 338.568205] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 338.574469] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 338.582223] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 338.850835] 8021q: adding VLAN 0 to HW filter on device team0 [ 340.596999] IPVS: set_ctl: invalid protocol: 50 0.0.0.0:20000 [ 340.612688] IPVS: set_ctl: invalid protocol: 50 0.0.0.0:20000 07:53:09 executing program 5: 07:53:09 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) request_key(&(0x7f0000000180)='asymmetric\x00', &(0x7f00000001c0)={'syz'}, &(0x7f0000000240)='\x00', 0xfffffffffffffffa) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000040)=0x100, 0xdbdc) sendto$inet6(r1, &(0x7f0000000080)="0303000007005b0000000000fff55b4202938207d9bb37c81e1bbbed5bcc7cb26111b8301ee616d5c01843000000000053c0f485472da7222a2bb401000000c3b5003500f55dc667b3009b000000faffff0c01000000aeb46245004bad2a66c9c19bc6e3408804", 0x67, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x1, @local}, 0x1c) 07:53:09 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f0000000200)="0a5c2d0240316285717070") r1 = syz_open_dev$sndseq(&(0x7f0000000480)='/dev/snd/seq\x00', 0x0, 0x0) read(r1, &(0x7f0000000240)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000400)={0xbf, @time}) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r1, 0xc02c5341, &(0x7f0000000080)) r2 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, &(0x7f0000000140)) tkill(r2, 0x1000000000013) 07:53:09 executing program 1: r0 = socket$inet(0x2, 0x200000002, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000080)={@multicast2, @local}, 0xc) 07:53:09 executing program 0: r0 = creat(&(0x7f0000000700)='./bus\x00', 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140)) write$cgroup_type(r0, &(0x7f0000000340)='threaded\x00', 0xffffffc5) ioctl$EXT4_IOC_MIGRATE(r1, 0x6609) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r2, r1) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f00000001c0)) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 07:53:09 executing program 3: 07:53:09 executing program 1: 07:53:10 executing program 3: 07:53:10 executing program 5: ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0x40286608, &(0x7f0000000440)={0x2000000000000157, &(0x7f0000000400)}) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000680)={0x0, 0x0}) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000800)='/dev/rtc0\x00', 0x200, 0x0) perf_event_open(&(0x7f0000000940)={0x5, 0x70, 0x0, 0x9, 0x3, 0x3ff, 0x0, 0x400, 0x8, 0x2, 0x0, 0x2607, 0x2, 0x0, 0x1ff, 0x64a, 0x7ff, 0x3, 0x8, 0x6, 0x8, 0x5, 0x80000000000, 0xffff, 0x6, 0x4, 0x200, 0x7, 0x80000001, 0x9c1, 0x5, 0x5, 0xff, 0x4, 0xfff, 0x6, 0x8, 0x7, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000640), 0xa}, 0x0, 0x3, 0x1, 0x3, 0x2, 0x7f}, r0, 0x2, r1, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000340), 0xffffffffffffffff) prctl$intptr(0xe, 0x3) syz_open_dev$midi(&(0x7f0000000180)='/dev/midi#\x00', 0x1, 0x2001) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f000000a7c0)=[{{&(0x7f0000008480)=@ethernet, 0x80, &(0x7f0000008580), 0x0, &(0x7f00000085c0), 0x0, 0x800}, 0x9}], 0x1, 0x8000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r2, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote, [0x3f000000, 0x700, 0x0, 0xc0fe, 0xfec0000000000000, 0xa00000000000000]}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80389}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x9, 0x60}}], 0x48}, 0x0) 07:53:10 executing program 2: seccomp(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x50000}]}) pipe(&(0x7f0000000040)) 07:53:10 executing program 1: 07:53:10 executing program 3: 07:53:10 executing program 2: 07:53:10 executing program 1: 07:53:11 executing program 4: 07:53:11 executing program 5: 07:53:11 executing program 0: 07:53:11 executing program 3: 07:53:11 executing program 2: 07:53:11 executing program 1: 07:53:11 executing program 5: 07:53:11 executing program 4: 07:53:11 executing program 1: 07:53:11 executing program 0: 07:53:11 executing program 5: 07:53:11 executing program 2: 07:53:11 executing program 3: 07:53:11 executing program 1: 07:53:11 executing program 4: r0 = syz_open_dev$media(&(0x7f0000000380)='/dev/media#\x00', 0x1, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040)) 07:53:12 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x0, 0x0, 0x2) ioctl$sock_ifreq(r0, 0x0, &(0x7f00000004c0)={'sit0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000080)={"69705f76746930000000ed2e5f4800", @ifru_ivalue}) connect(r0, &(0x7f0000000600)=@nfc_llcp={0x27, 0x0, 0x1, 0x0, 0x0, 0x10000, "cb8e0d07c253a9bf17d5e712ef84325439b43c33bc7357e2021a6b69007a43d2461309259300b21d5dc708ae9b6980cc8687fb7dc52e2698df0a790c315d38", 0x20}, 0x80) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @broadcast}, 0x10) ioctl$TCSETAF(0xffffffffffffffff, 0x5408, &(0x7f0000000180)={0x0, 0xfffffffffffff001, 0x1, 0xc14, 0x0, 0x2, 0x0, 0x0, 0x9, 0xffffffff}) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) r2 = gettid() wait4(0x0, &(0x7f00000003c0), 0x80000002, &(0x7f0000000200)) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1b) ptrace$cont(0xffffffffffffffff, r2, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0xffffffffffffffff}) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r2, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000)='ip_vti0\x00', 0x10) getsockname$inet6(0xffffffffffffffff, &(0x7f00000001c0), &(0x7f0000000200)=0x1c) sendto$inet(r1, &(0x7f0000d7cfcb), 0x100000252, 0x0, &(0x7f0000893ff0), 0x10) 07:53:12 executing program 3: 07:53:12 executing program 0: 07:53:12 executing program 5: 07:53:12 executing program 1: [ 343.222800] ptrace attach of "/root/syz-executor2"[8652] was attempted by "/root/syz-executor2"[8653] 07:53:12 executing program 2: clone(0x2102001fbd, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) socket(0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='mounts\x00') exit(0x0) syz_open_procfs(0x0, &(0x7f0000000400)="66642f330057f64a657c481005f1abc44d4acb50ed40e8e339d2eaaa70f91a544d1f8e8663b454de10f6a189ea2936ca00a204e67daad4f67ed0046271e5a299743b7a7a5615745b66169d4ce3c9f851f33c989a1bb98740e92399d6b8a4b154dde093d0d5d80f1179eff1520bd68197a9362c71d035331a11564547289318f2bc171fd7894628471853da99dbeba0c92abdb43d593ba8edd2a9a287a0fb0df749315d3ad13b68c6e24df20035969bd1920438b202f143dfa6c2b21d0a3a6d6e4f385ca17f92729596da37ea85c88ca85eb71f800503bbef3943cb289b460b484657041dc74c6b57b2e9dd17e82586d1480d52af581fea") 07:53:12 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f0000000200)="0a5c2d0240316285717070") r1 = syz_open_dev$sndseq(&(0x7f0000000480)='/dev/snd/seq\x00', 0x0, 0x0) read(r1, &(0x7f0000000240)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000400)={0xbf, @time}) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r1, 0xc0a85352, &(0x7f0000000080)={{0xe}}) r2 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, &(0x7f0000000140)) tkill(r2, 0x1000000000013) 07:53:12 executing program 0: ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0x40286608, &(0x7f0000000440)={0x2000000000000157, &(0x7f0000000400)}) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000680)={0x0, 0x0}) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000800)='/dev/rtc0\x00', 0x200, 0x0) perf_event_open(&(0x7f0000000940)={0x5, 0x70, 0x7, 0x9, 0x3, 0x3ff, 0x0, 0x400, 0x8, 0x2, 0x728, 0x2607, 0x2, 0x7ff, 0x1ff, 0x64a, 0x7ff, 0x3, 0x8, 0x6, 0x8, 0x5, 0x80000000000, 0xffff, 0x6, 0x4, 0x200, 0x7, 0x80000001, 0x9c1, 0x5, 0x5, 0xff, 0x4, 0xfff, 0x6, 0x8, 0x7, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000640), 0xa}, 0x840, 0x3, 0x1, 0x3, 0x2, 0x7f}, r0, 0x2, r1, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000340), 0xffffffffffffffff) prctl$intptr(0xe, 0x3) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f00000008c0), &(0x7f0000000900)=0xc) syz_open_dev$midi(&(0x7f0000000180)='/dev/midi#\x00', 0x1, 0x2001) r2 = socket$rds(0x15, 0x5, 0x0) setsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000880)=@int=0x7ff, 0x4) bind$rds(r2, &(0x7f0000000840)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f000000a7c0)=[{{&(0x7f0000008480)=@ethernet, 0x80, &(0x7f0000008580), 0x0, &(0x7f00000085c0), 0x0, 0x800}, 0x9}], 0x1, 0x8000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x7f, 0xf6ca}) sendmsg$rds(r2, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote, [0x3f000000, 0x700, 0x0, 0xc0fe, 0xfec0000000000000, 0xa00000000000000]}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80389}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x9, 0x60}}], 0x48}, 0x0) 07:53:12 executing program 3: r0 = timerfd_create(0x0, 0x0) timerfd_gettime(r0, &(0x7f0000000140)) 07:53:12 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x20, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07630440000000000d6300000f630c4003000000020000000000000011634840"], 0x0, 0x0, &(0x7f00000002c0)}) 07:53:12 executing program 1: r0 = socket$inet6(0xa, 0x80806, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0xc0000000000002, &(0x7f0000000140)=0x75, 0x4) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) recvmsg(r1, &(0x7f00000000c0)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f0000000000)=[{&(0x7f0000003ac0)=""/4096, 0xfdbf}], 0x1, &(0x7f0000000200)=""/20, 0xfffffffffffffec4}, 0x100) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f00000006c0)='hybla\x00', 0x6) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000580)) getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xcf, &(0x7f0000000480), &(0x7f00000004c0)=0x4) ioctl$sock_ifreq(r0, 0x0, &(0x7f00000003c0)={'team_slave_1\x00', @ifru_addrs=@sco}) socket$nl_crypto(0x10, 0x3, 0x15) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000340)) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000440)={'veth0_to_bridge\x00', @ifru_addrs=@sco={0x1f, {0x0, 0x4, 0x7ff, 0x0, 0x1}}}) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000380)) setsockopt$inet_mreq(r2, 0x0, 0x0, &(0x7f0000000400)={@dev={0xac, 0x14, 0x14, 0x21}}, 0x8) socket$inet6(0xa, 0x806, 0x7) getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x0, &(0x7f0000000280), &(0x7f0000000500)=0x4) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000300)=@kern={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000005c0), 0x0, 0x0, 0x0, 0x4000000}, 0x4) 07:53:12 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = timerfd_create(0x0, 0x0) timerfd_gettime(r0, &(0x7f0000000140)) syz_open_dev$dmmidi(&(0x7f00000003c0)='/dev/dmmidi#\x00', 0x0, 0x0) 07:53:13 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x81, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000500)={0x28, 0x0, 0x0, @my=0x0}, 0x10) socketpair$inet(0x2, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) kexec_load(0x201ef1c0, 0x10, &(0x7f0000000180)=[{&(0x7f00000001c0), 0x2, 0x1cbfca000, 0x1000000}], 0x3e00003e0000) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f00000004c0)=0x7) r1 = timerfd_create(0x5, 0x800) timerfd_gettime(r1, &(0x7f0000000140)) pipe(&(0x7f0000000100)) ioctl$sock_inet_SIOCRTMSG(r0, 0x890d, &(0x7f0000000440)={0x8, {0x2, 0x4e24, @multicast1}, {0x2, 0x4e20, @multicast2}, {0x2, 0x4e22, @rand_addr=0x800}, 0x0, 0x8, 0x1, 0x5, 0x4, &(0x7f0000000400)='veth0_to_bond\x00', 0x9, 0x4, 0x9}) r2 = syz_open_dev$dmmidi(&(0x7f00000003c0)='/dev/dmmidi#\x00', 0x3, 0x101000) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r2, 0x54a3) r3 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000340)='/dev/mixer\x00', 0x200000, 0x0) ioctl$VIDIOC_STREAMON(r3, 0x40045612, &(0x7f0000000380)=0x3) r4 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0xfffffffffffffff9, 0x400000) sendmsg$nl_crypto(r4, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000002c0)={&(0x7f00000001c0)=@alg={0xf0, 0x10, 0x200, 0x70bd29, 0x25dfdbfd, {{'echainiv(morus1280-generic)\x00'}, [], [], 0x0, 0x2000}, [{0x8, 0x1, 0x6}, {0x8, 0x1, 0x35c}]}, 0xf0}, 0x1, 0x0, 0x0, 0xc000}, 0x200000c1) [ 343.984771] binder: 8681:8684 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 343.992708] binder: 8681:8684 BC_CLEAR_DEATH_NOTIFICATION invalid ref 3 [ 343.999696] binder: 8681:8684 transaction failed 29189/-22, size 0-0 line 2834 [ 344.117199] binder: undelivered TRANSACTION_ERROR: 29189 [ 344.244917] not chained 20000 origins [ 344.248788] CPU: 0 PID: 8683 Comm: syz-executor1 Not tainted 4.20.0-rc2+ #88 [ 344.255991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 344.265358] Call Trace: [ 344.267980] dump_stack+0x32d/0x480 [ 344.271658] kmsan_internal_chain_origin+0x222/0x240 [ 344.276808] ? apic_timer_interrupt+0xa/0x20 [ 344.281245] ? __entry_text_end+0x7/0x7 [ 344.285255] ? kmsan_get_metadata_or_null+0x71/0x380 [ 344.290386] ? kmsan_internal_chain_origin+0x90/0x240 [ 344.295625] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 344.301020] ? is_bpf_text_address+0x49e/0x4d0 [ 344.305644] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 344.311126] ? in_task_stack+0x12c/0x210 [ 344.315244] __msan_chain_origin+0x6d/0xb0 [ 344.319514] ? inet_sendmsg+0x4e9/0x800 [ 344.323517] __save_stack_trace+0x8be/0xc60 [ 344.327895] ? inet_sendmsg+0x4e9/0x800 [ 344.331909] save_stack_trace+0xc6/0x110 [ 344.336038] kmsan_internal_chain_origin+0x136/0x240 [ 344.341178] ? __se_sys_sendto+0x107/0x130 [ 344.345469] ? kmsan_internal_chain_origin+0x136/0x240 [ 344.350791] ? kmsan_memcpy_origins+0x13d/0x190 [ 344.355501] ? __msan_memcpy+0x6f/0x80 [ 344.359413] ? pskb_expand_head+0x436/0x1d20 [ 344.363868] ? tcp_fragment+0x378/0x21d0 [ 344.368000] ? tcp_sacktag_walk+0xe88/0x29d0 [ 344.372436] ? tcp_sacktag_write_queue+0x2805/0x4630 [ 344.377565] ? tcp_ack+0x2888/0xa010 [ 344.381301] ? tcp_rcv_established+0xf7e/0x2940 [ 344.385995] ? tcp_v4_do_rcv+0x686/0xd80 [ 344.390132] ? __release_sock+0x32d/0x750 [ 344.394304] ? release_sock+0x99/0x2a0 [ 344.398220] ? sk_stream_wait_memory+0x9cc/0x1430 [ 344.403097] ? tcp_sendmsg_locked+0x1bca/0x6c30 [ 344.407804] ? tcp_sendmsg+0xb2/0x100 [ 344.411638] ? inet_sendmsg+0x4e9/0x800 [ 344.415646] ? __sys_sendto+0x940/0xb80 [ 344.419657] ? __se_sys_sendto+0x107/0x130 [ 344.423939] ? __x64_sys_sendto+0x6e/0x90 [ 344.428128] ? do_syscall_64+0xcf/0x110 [ 344.432152] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 344.437551] ? memcg_kmem_put_cache+0x73/0x460 [ 344.442236] ? __msan_get_context_state+0x9/0x20 [ 344.447060] ? INIT_INT+0xc/0x30 [ 344.450454] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 344.455869] kmsan_memcpy_origins+0x13d/0x190 [ 344.460421] __msan_memcpy+0x6f/0x80 [ 344.464176] pskb_expand_head+0x436/0x1d20 [ 344.468485] tcp_fragment+0x378/0x21d0 [ 344.472442] tcp_sacktag_walk+0xe88/0x29d0 [ 344.476802] tcp_sacktag_write_queue+0x2805/0x4630 [ 344.481770] ? __update_load_avg_cfs_rq+0x105/0x10b0 [ 344.486971] tcp_ack+0x2888/0xa010 [ 344.490569] ? tcp_parse_options+0xbe/0x1cf0 [ 344.495023] ? tcp_validate_incoming+0x50b/0x29d0 [ 344.499923] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 344.505399] ? tcp_parse_options+0x1c55/0x1cf0 [ 344.510153] tcp_rcv_established+0xf7e/0x2940 [ 344.514691] ? __msan_get_context_state+0x9/0x20 [ 344.519514] tcp_v4_do_rcv+0x686/0xd80 [ 344.523477] ? inet_sk_rx_dst_set+0x200/0x200 [ 344.528007] __release_sock+0x32d/0x750 [ 344.532034] release_sock+0x99/0x2a0 [ 344.535803] sk_stream_wait_memory+0x9cc/0x1430 [ 344.540522] ? wait_woken+0x5b0/0x5b0 [ 344.544424] tcp_sendmsg_locked+0x1bca/0x6c30 [ 344.548995] ? kmsan_internal_unpoison_shadow+0x30/0xd0 [ 344.554461] tcp_sendmsg+0xb2/0x100 [ 344.558161] ? tcp_sendmsg_locked+0x6c30/0x6c30 [ 344.562855] inet_sendmsg+0x4e9/0x800 [ 344.566691] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 344.572085] ? security_socket_sendmsg+0x1bd/0x200 [ 344.577115] ? inet_getname+0x490/0x490 [ 344.581137] __sys_sendto+0x940/0xb80 [ 344.584998] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 344.590473] ? prepare_exit_to_usermode+0x182/0x4c0 [ 344.595519] __se_sys_sendto+0x107/0x130 [ 344.599622] __x64_sys_sendto+0x6e/0x90 [ 344.603623] do_syscall_64+0xcf/0x110 [ 344.607446] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 344.612652] RIP: 0033:0x457569 [ 344.615865] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 344.634786] RSP: 002b:00007fc707e52c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 344.642550] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 [ 344.649839] RDX: fffffffffffffe6e RSI: 0000000020a88f88 RDI: 0000000000000004 [ 344.657131] RBP: 000000000072bf00 R08: 0000000020e68000 R09: 0000000000000010 [ 344.664418] R10: 0000000020000000 R11: 0000000000000246 R12: 00007fc707e536d4 [ 344.672219] R13: 00000000004c3c11 R14: 00000000004d5e80 R15: 00000000ffffffff [ 344.679519] Uninit was stored to memory at: [ 344.683865] kmsan_internal_chain_origin+0x136/0x240 [ 344.688990] __msan_chain_origin+0x6d/0xb0 [ 344.693260] __save_stack_trace+0x8be/0xc60 [ 344.697608] save_stack_trace+0xc6/0x110 [ 344.701691] kmsan_internal_chain_origin+0x136/0x240 [ 344.706846] kmsan_memcpy_origins+0x13d/0x190 [ 344.711360] __msan_memcpy+0x6f/0x80 [ 344.715088] pskb_expand_head+0x436/0x1d20 [ 344.719337] tcp_fragment+0x378/0x21d0 [ 344.723241] tcp_sacktag_walk+0xe88/0x29d0 [ 344.727496] tcp_sacktag_write_queue+0x2805/0x4630 [ 344.732445] tcp_ack+0x2888/0xa010 [ 344.736024] tcp_rcv_established+0xf7e/0x2940 [ 344.740534] tcp_v4_do_rcv+0x686/0xd80 [ 344.744437] __release_sock+0x32d/0x750 [ 344.748430] release_sock+0x99/0x2a0 [ 344.752177] sk_stream_wait_memory+0x9cc/0x1430 [ 344.756865] tcp_sendmsg_locked+0x1bca/0x6c30 [ 344.761378] tcp_sendmsg+0xb2/0x100 [ 344.765025] inet_sendmsg+0x4e9/0x800 [ 344.768935] __sys_sendto+0x940/0xb80 [ 344.772790] __se_sys_sendto+0x107/0x130 [ 344.776888] __x64_sys_sendto+0x6e/0x90 [ 344.780902] do_syscall_64+0xcf/0x110 [ 344.784794] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 344.789992] [ 344.791626] Uninit was stored to memory at: 07:53:13 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000140), 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4138ae84, &(0x7f0000000000)) [ 344.795970] kmsan_internal_chain_origin+0x136/0x240 [ 344.801281] __msan_chain_origin+0x6d/0xb0 [ 344.805544] __save_stack_trace+0x8be/0xc60 [ 344.809909] save_stack_trace+0xc6/0x110 [ 344.813998] kmsan_internal_chain_origin+0x136/0x240 [ 344.819122] kmsan_memcpy_origins+0x13d/0x190 [ 344.823652] __msan_memcpy+0x6f/0x80 [ 344.827380] pskb_expand_head+0x436/0x1d20 [ 344.831625] tcp_fragment+0x378/0x21d0 [ 344.835532] tcp_sacktag_walk+0xe88/0x29d0 [ 344.839782] tcp_sacktag_write_queue+0x2805/0x4630 07:53:13 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) ioctl$FIBMAP(0xffffffffffffffff, 0x1, &(0x7f00000004c0)) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7c774aac) getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000140), &(0x7f0000000180)=0x4) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x300000c, 0x2011, r0, 0x0) mmap(&(0x7f0000f44000/0x4000)=nil, 0x507000, 0x1000007, 0x2013, r0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f00000003c0)={0x2, 0x4e21, @rand_addr}, 0x10) [ 344.844749] tcp_ack+0x2888/0xa010 [ 344.848331] tcp_rcv_established+0xf7e/0x2940 [ 344.852909] tcp_v4_do_rcv+0x686/0xd80 [ 344.856838] __release_sock+0x32d/0x750 [ 344.860832] release_sock+0x99/0x2a0 [ 344.864562] sk_stream_wait_memory+0x9cc/0x1430 [ 344.869254] tcp_sendmsg_locked+0x1bca/0x6c30 [ 344.873794] tcp_sendmsg+0xb2/0x100 [ 344.877446] inet_sendmsg+0x4e9/0x800 [ 344.881268] __sys_sendto+0x940/0xb80 [ 344.885089] __se_sys_sendto+0x107/0x130 [ 344.889161] __x64_sys_sendto+0x6e/0x90 [ 344.893147] do_syscall_64+0xcf/0x110 [ 344.896964] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 344.902157] [ 344.903813] Uninit was stored to memory at: [ 344.908189] kmsan_internal_chain_origin+0x136/0x240 [ 344.913313] __msan_chain_origin+0x6d/0xb0 [ 344.917576] __save_stack_trace+0x8be/0xc60 [ 344.921934] save_stack_trace+0xc6/0x110 [ 344.926024] kmsan_internal_chain_origin+0x136/0x240 [ 344.931167] kmsan_memcpy_origins+0x13d/0x190 [ 344.935677] __msan_memcpy+0x6f/0x80 [ 344.939427] pskb_expand_head+0x436/0x1d20 [ 344.943681] tcp_fragment+0x378/0x21d0 [ 344.947629] tcp_sacktag_walk+0xe88/0x29d0 [ 344.951885] tcp_sacktag_write_queue+0x2805/0x4630 [ 344.956861] tcp_ack+0x2888/0xa010 [ 344.960442] tcp_rcv_established+0xf7e/0x2940 [ 344.964953] tcp_v4_do_rcv+0x686/0xd80 [ 344.968863] __release_sock+0x32d/0x750 [ 344.972856] release_sock+0x99/0x2a0 [ 344.976601] sk_stream_wait_memory+0x9cc/0x1430 [ 344.981288] tcp_sendmsg_locked+0x1bca/0x6c30 [ 344.985822] tcp_sendmsg+0xb2/0x100 [ 344.989504] inet_sendmsg+0x4e9/0x800 [ 344.993368] __sys_sendto+0x940/0xb80 [ 344.997191] __se_sys_sendto+0x107/0x130 [ 345.001279] __x64_sys_sendto+0x6e/0x90 [ 345.005277] do_syscall_64+0xcf/0x110 [ 345.009103] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 345.014311] [ 345.015947] Uninit was stored to memory at: [ 345.020297] kmsan_internal_chain_origin+0x136/0x240 [ 345.025421] __msan_chain_origin+0x6d/0xb0 [ 345.029680] __save_stack_trace+0x8be/0xc60 [ 345.034041] save_stack_trace+0xc6/0x110 [ 345.038145] kmsan_internal_chain_origin+0x136/0x240 [ 345.043286] kmsan_memcpy_origins+0x13d/0x190 [ 345.047804] __msan_memcpy+0x6f/0x80 [ 345.051544] pskb_expand_head+0x436/0x1d20 [ 345.055797] tcp_fragment+0x378/0x21d0 [ 345.059696] tcp_sacktag_walk+0xe88/0x29d0 [ 345.063963] tcp_sacktag_write_queue+0x2805/0x4630 [ 345.068923] tcp_ack+0x2888/0xa010 [ 345.072492] tcp_rcv_established+0xf7e/0x2940 [ 345.077039] tcp_v4_do_rcv+0x686/0xd80 [ 345.080956] __release_sock+0x32d/0x750 [ 345.084944] release_sock+0x99/0x2a0 [ 345.088667] sk_stream_wait_memory+0x9cc/0x1430 [ 345.093352] tcp_sendmsg_locked+0x1bca/0x6c30 [ 345.097859] tcp_sendmsg+0xb2/0x100 [ 345.101501] inet_sendmsg+0x4e9/0x800 [ 345.105320] __sys_sendto+0x940/0xb80 [ 345.109134] __se_sys_sendto+0x107/0x130 [ 345.113212] __x64_sys_sendto+0x6e/0x90 [ 345.117198] do_syscall_64+0xcf/0x110 [ 345.121014] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 345.126231] [ 345.127865] Uninit was stored to memory at: [ 345.132202] kmsan_internal_chain_origin+0x136/0x240 [ 345.137340] __msan_chain_origin+0x6d/0xb0 [ 345.141593] __save_stack_trace+0x8be/0xc60 [ 345.145940] save_stack_trace+0xc6/0x110 [ 345.150019] kmsan_internal_chain_origin+0x136/0x240 [ 345.155135] kmsan_memcpy_origins+0x13d/0x190 [ 345.159660] __msan_memcpy+0x6f/0x80 [ 345.163391] pskb_expand_head+0x436/0x1d20 [ 345.167647] tcp_fragment+0x378/0x21d0 [ 345.171543] tcp_sacktag_walk+0xe88/0x29d0 [ 345.175796] tcp_sacktag_write_queue+0x2805/0x4630 [ 345.180751] tcp_ack+0x2888/0xa010 [ 345.184354] tcp_rcv_established+0xf7e/0x2940 [ 345.188864] tcp_v4_do_rcv+0x686/0xd80 [ 345.192769] __release_sock+0x32d/0x750 [ 345.196762] release_sock+0x99/0x2a0 [ 345.200494] sk_stream_wait_memory+0x9cc/0x1430 [ 345.205180] tcp_sendmsg_locked+0x1bca/0x6c30 [ 345.209706] tcp_sendmsg+0xb2/0x100 [ 345.213364] inet_sendmsg+0x4e9/0x800 [ 345.217183] __sys_sendto+0x940/0xb80 [ 345.220997] __se_sys_sendto+0x107/0x130 [ 345.225071] __x64_sys_sendto+0x6e/0x90 [ 345.229058] do_syscall_64+0xcf/0x110 [ 345.232879] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 345.238068] [ 345.239695] Uninit was stored to memory at: [ 345.244055] kmsan_internal_chain_origin+0x136/0x240 [ 345.249174] __msan_chain_origin+0x6d/0xb0 [ 345.253426] __save_stack_trace+0x8be/0xc60 [ 345.257775] save_stack_trace+0xc6/0x110 [ 345.261848] kmsan_internal_chain_origin+0x136/0x240 [ 345.266969] kmsan_memcpy_origins+0x13d/0x190 [ 345.271474] __msan_memcpy+0x6f/0x80 [ 345.275203] pskb_expand_head+0x436/0x1d20 [ 345.279447] tcp_fragment+0x378/0x21d0 [ 345.283343] tcp_sacktag_walk+0xe88/0x29d0 [ 345.287593] tcp_sacktag_write_queue+0x2805/0x4630 [ 345.292533] tcp_ack+0x2888/0xa010 [ 345.296088] tcp_rcv_established+0xf7e/0x2940 [ 345.300598] tcp_v4_do_rcv+0x686/0xd80 [ 345.304498] __release_sock+0x32d/0x750 [ 345.308485] release_sock+0x99/0x2a0 [ 345.312212] sk_stream_wait_memory+0x9cc/0x1430 [ 345.316892] tcp_sendmsg_locked+0x1bca/0x6c30 [ 345.321409] tcp_sendmsg+0xb2/0x100 [ 345.325065] inet_sendmsg+0x4e9/0x800 [ 345.328877] __sys_sendto+0x940/0xb80 [ 345.332695] __se_sys_sendto+0x107/0x130 [ 345.336781] __x64_sys_sendto+0x6e/0x90 [ 345.340786] do_syscall_64+0xcf/0x110 [ 345.344602] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 345.349790] [ 345.351418] Uninit was stored to memory at: [ 345.355786] kmsan_internal_chain_origin+0x136/0x240 [ 345.360906] __msan_chain_origin+0x6d/0xb0 [ 345.365171] __save_stack_trace+0x8be/0xc60 [ 345.369516] save_stack_trace+0xc6/0x110 [ 345.373604] kmsan_internal_chain_origin+0x136/0x240 [ 345.378730] kmsan_memcpy_origins+0x13d/0x190 [ 345.383247] __msan_memcpy+0x6f/0x80 [ 345.386974] pskb_expand_head+0x436/0x1d20 [ 345.391218] tcp_fragment+0x378/0x21d0 [ 345.395130] tcp_sacktag_walk+0xe88/0x29d0 [ 345.399381] tcp_sacktag_write_queue+0x2805/0x4630 [ 345.404325] tcp_ack+0x2888/0xa010 [ 345.407897] tcp_rcv_established+0xf7e/0x2940 [ 345.412419] tcp_v4_do_rcv+0x686/0xd80 [ 345.416352] __release_sock+0x32d/0x750 [ 345.420352] release_sock+0x99/0x2a0 [ 345.424091] sk_stream_wait_memory+0x9cc/0x1430 [ 345.428779] tcp_sendmsg_locked+0x1bca/0x6c30 [ 345.433290] tcp_sendmsg+0xb2/0x100 [ 345.436928] inet_sendmsg+0x4e9/0x800 [ 345.440753] __sys_sendto+0x940/0xb80 [ 345.444573] __se_sys_sendto+0x107/0x130 [ 345.448650] __x64_sys_sendto+0x6e/0x90 [ 345.452637] do_syscall_64+0xcf/0x110 [ 345.456458] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 345.461653] [ 345.463285] Local variable description: ----_tcph@tcp_packet [ 345.469080] Variable was created at: [ 345.472812] tcp_packet+0xe1/0x73c0 [ 345.476450] nf_conntrack_in+0x9f0/0x1edd [ 345.642313] not chained 30000 origins [ 345.646186] CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 4.20.0-rc2+ #88 [ 345.653052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 345.662424] Call Trace: [ 345.665048] dump_stack+0x32d/0x480 [ 345.668875] ? get_page_from_freelist+0x1617/0x1c90 [ 345.673933] kmsan_internal_chain_origin+0x222/0x240 [ 345.679112] ? __alloc_pages_nodemask+0x12ac/0x64d0 [ 345.684165] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 345.689643] ? in_task_stack+0x12c/0x210 [ 345.693746] ? task_kmsan_context_state+0x51/0x90 [ 345.698621] ? __msan_get_context_state+0x9/0x20 [ 345.703412] ? __kernel_text_address+0x19/0x350 [ 345.708109] ? ret_from_fork+0x35/0x40 [ 345.712031] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 345.717511] ? in_task_stack+0x12c/0x210 [ 345.721616] __msan_chain_origin+0x6d/0xb0 [ 345.725885] ? ip_local_deliver_finish+0x8d8/0xff0 [ 345.730842] __save_stack_trace+0x8be/0xc60 [ 345.735224] ? ip_local_deliver_finish+0x8d8/0xff0 [ 345.740197] save_stack_trace+0xc6/0x110 [ 345.744303] kmsan_internal_chain_origin+0x136/0x240 [ 345.749435] ? run_ksoftirqd+0x37/0x60 [ 345.753363] ? kmsan_internal_chain_origin+0x136/0x240 [ 345.758664] ? kmsan_memcpy_origins+0x13d/0x190 [ 345.763357] ? __msan_memcpy+0x6f/0x80 [ 345.767284] ? pskb_expand_head+0x436/0x1d20 [ 345.771716] ? skb_shift+0xce2/0x2d10 [ 345.775553] ? tcp_sacktag_walk+0x2156/0x29d0 [ 345.780077] ? tcp_sacktag_write_queue+0x2805/0x4630 [ 345.785205] ? tcp_ack+0x2888/0xa010 [ 345.788951] ? tcp_rcv_established+0xf7e/0x2940 [ 345.793644] ? tcp_v4_do_rcv+0x686/0xd80 [ 345.797738] ? tcp_v4_rcv+0x5a13/0x6520 [ 345.802265] ? ip_local_deliver_finish+0x8d8/0xff0 [ 345.807221] ? ip_local_deliver+0x44b/0x510 [ 345.811573] ? ip_rcv+0x6b6/0x740 [ 345.815056] ? process_backlog+0x82b/0x11e0 [ 345.819402] ? net_rx_action+0x98f/0x1d50 [ 345.823574] ? __do_softirq+0x721/0xc7f [ 345.827576] ? run_ksoftirqd+0x37/0x60 [ 345.831494] ? smpboot_thread_fn+0x69c/0xb30 [ 345.835932] ? kthread+0x5e7/0x620 [ 345.839503] ? ret_from_fork+0x35/0x40 [ 345.843425] ? memcg_kmem_put_cache+0x73/0x460 [ 345.848034] ? __kmalloc_node_track_caller+0x1010/0x14e0 [ 345.853543] ? __msan_get_context_state+0x9/0x20 [ 345.858325] ? INIT_INT+0xc/0x30 [ 345.861718] ? __kmalloc_node_track_caller+0x369/0x14e0 [ 345.867142] kmsan_memcpy_origins+0x13d/0x190 [ 345.871678] __msan_memcpy+0x6f/0x80 [ 345.875442] pskb_expand_head+0x436/0x1d20 [ 345.879753] skb_shift+0xce2/0x2d10 [ 345.883457] tcp_sacktag_walk+0x2156/0x29d0 [ 345.887856] tcp_sacktag_write_queue+0x2805/0x4630 [ 345.892884] tcp_ack+0x2888/0xa010 [ 345.896457] ? tcp_parse_options+0xbe/0x1cf0 [ 345.900904] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 345.906389] ? tcp_parse_options+0x1c55/0x1cf0 [ 345.911092] tcp_rcv_established+0xf7e/0x2940 [ 345.915632] ? __msan_get_context_state+0x9/0x20 [ 345.920435] tcp_v4_do_rcv+0x686/0xd80 [ 345.924374] tcp_v4_rcv+0x5a13/0x6520 [ 345.928288] ? tcp_filter+0x260/0x260 [ 345.932117] ip_local_deliver_finish+0x8d8/0xff0 [ 345.936906] ? nf_hook_slow+0x36f/0x3d0 [ 345.940926] ip_local_deliver+0x44b/0x510 [ 345.945117] ? ip_local_deliver+0x510/0x510 [ 345.949463] ? ip_call_ra_chain+0x7a0/0x7a0 [ 345.953842] ip_rcv+0x6b6/0x740 [ 345.957166] ? ip_rcv_core+0x1370/0x1370 [ 345.961294] process_backlog+0x82b/0x11e0 [ 345.965480] ? ip_local_deliver_finish+0xff0/0xff0 [ 345.970463] ? rps_trigger_softirq+0x2e0/0x2e0 [ 345.975076] net_rx_action+0x98f/0x1d50 [ 345.979111] ? net_tx_action+0xf20/0xf20 [ 345.983230] __do_softirq+0x721/0xc7f [ 345.987097] ? ksoftirqd_should_run+0x50/0x50 [ 345.991620] run_ksoftirqd+0x37/0x60 [ 345.995381] smpboot_thread_fn+0x69c/0xb30 [ 345.999673] kthread+0x5e7/0x620 [ 346.003067] ? cpu_report_death+0x4a0/0x4a0 [ 346.007452] ? INIT_BOOL+0x30/0x30 [ 346.011022] ret_from_fork+0x35/0x40 [ 346.014784] Uninit was stored to memory at: [ 346.019132] kmsan_internal_chain_origin+0x136/0x240 [ 346.024263] __msan_chain_origin+0x6d/0xb0 [ 346.028521] __save_stack_trace+0x8be/0xc60 [ 346.032866] save_stack_trace+0xc6/0x110 [ 346.036953] kmsan_internal_chain_origin+0x136/0x240 [ 346.042080] kmsan_memcpy_origins+0x13d/0x190 [ 346.046597] __msan_memcpy+0x6f/0x80 [ 346.050352] pskb_expand_head+0x436/0x1d20 [ 346.054605] skb_shift+0x29a0/0x2d10 [ 346.058368] tcp_sacktag_walk+0x2156/0x29d0 [ 346.062734] tcp_sacktag_write_queue+0x2805/0x4630 [ 346.067686] tcp_ack+0x2888/0xa010 [ 346.071266] tcp_rcv_established+0xf7e/0x2940 [ 346.075778] tcp_v4_do_rcv+0x686/0xd80 [ 346.079682] tcp_v4_rcv+0x5a13/0x6520 [ 346.083522] ip_local_deliver_finish+0x8d8/0xff0 [ 346.088328] ip_local_deliver+0x44b/0x510 [ 346.092505] ip_rcv+0x6b6/0x740 [ 346.095819] process_backlog+0x82b/0x11e0 [ 346.099988] net_rx_action+0x98f/0x1d50 [ 346.103979] __do_softirq+0x721/0xc7f [ 346.107785] [ 346.109421] Uninit was stored to memory at: [ 346.113772] kmsan_internal_chain_origin+0x136/0x240 [ 346.118899] __msan_chain_origin+0x6d/0xb0 [ 346.123151] __save_stack_trace+0x8be/0xc60 [ 346.127492] save_stack_trace+0xc6/0x110 [ 346.131569] kmsan_internal_chain_origin+0x136/0x240 [ 346.136728] kmsan_memcpy_origins+0x13d/0x190 [ 346.141263] __msan_memcpy+0x6f/0x80 [ 346.145000] pskb_expand_head+0x436/0x1d20 [ 346.149258] skb_shift+0x29a0/0x2d10 [ 346.153020] tcp_sacktag_walk+0x2156/0x29d0 [ 346.157363] tcp_sacktag_write_queue+0x2805/0x4630 [ 346.162313] tcp_ack+0x2888/0xa010 [ 346.165877] tcp_rcv_established+0xf7e/0x2940 [ 346.170395] tcp_v4_do_rcv+0x686/0xd80 [ 346.174303] tcp_v4_rcv+0x5a13/0x6520 [ 346.178120] ip_local_deliver_finish+0x8d8/0xff0 [ 346.182889] ip_local_deliver+0x44b/0x510 [ 346.187069] ip_rcv+0x6b6/0x740 [ 346.190367] process_backlog+0x82b/0x11e0 [ 346.194532] net_rx_action+0x98f/0x1d50 [ 346.198522] __do_softirq+0x721/0xc7f [ 346.202337] [ 346.204849] Uninit was stored to memory at: [ 346.209210] kmsan_internal_chain_origin+0x136/0x240 [ 346.214361] __msan_chain_origin+0x6d/0xb0 [ 346.218652] __save_stack_trace+0x8be/0xc60 [ 346.222996] save_stack_trace+0xc6/0x110 [ 346.227079] kmsan_internal_chain_origin+0x136/0x240 [ 346.232220] kmsan_memcpy_origins+0x13d/0x190 [ 346.236752] __msan_memcpy+0x6f/0x80 [ 346.240486] pskb_expand_head+0x436/0x1d20 [ 346.244749] skb_shift+0x29a0/0x2d10 [ 346.248486] tcp_sacktag_walk+0x2156/0x29d0 [ 346.252831] tcp_sacktag_write_queue+0x2805/0x4630 [ 346.257784] tcp_ack+0x2888/0xa010 [ 346.261350] tcp_rcv_established+0xf7e/0x2940 [ 346.265871] tcp_v4_do_rcv+0x686/0xd80 [ 346.269776] tcp_v4_rcv+0x5a13/0x6520 [ 346.273594] ip_local_deliver_finish+0x8d8/0xff0 [ 346.278368] ip_local_deliver+0x44b/0x510 [ 346.282551] ip_rcv+0x6b6/0x740 [ 346.285854] process_backlog+0x82b/0x11e0 [ 346.290035] net_rx_action+0x98f/0x1d50 [ 346.294026] __do_softirq+0x721/0xc7f [ 346.297835] [ 346.299477] Uninit was stored to memory at: [ 346.303817] kmsan_internal_chain_origin+0x136/0x240 [ 346.308940] __msan_chain_origin+0x6d/0xb0 [ 346.313194] __save_stack_trace+0x8be/0xc60 [ 346.317573] save_stack_trace+0xc6/0x110 [ 346.321677] kmsan_internal_chain_origin+0x136/0x240 [ 346.326807] kmsan_memcpy_origins+0x13d/0x190 [ 346.331366] __msan_memcpy+0x6f/0x80 [ 346.335111] pskb_expand_head+0x436/0x1d20 [ 346.339368] skb_shift+0x29a0/0x2d10 [ 346.343125] tcp_sacktag_walk+0x2156/0x29d0 [ 346.347484] tcp_sacktag_write_queue+0x2805/0x4630 [ 346.352433] tcp_ack+0x2888/0xa010 [ 346.355998] tcp_rcv_established+0xf7e/0x2940 [ 346.360533] tcp_v4_do_rcv+0x686/0xd80 [ 346.364442] tcp_v4_rcv+0x5a13/0x6520 [ 346.368282] ip_local_deliver_finish+0x8d8/0xff0 [ 346.373064] ip_local_deliver+0x44b/0x510 [ 346.377244] ip_rcv+0x6b6/0x740 [ 346.380548] process_backlog+0x82b/0x11e0 [ 346.384717] net_rx_action+0x98f/0x1d50 [ 346.388754] __do_softirq+0x721/0xc7f [ 346.392563] [ 346.394201] Uninit was stored to memory at: [ 346.398566] kmsan_internal_chain_origin+0x136/0x240 [ 346.403698] __msan_chain_origin+0x6d/0xb0 [ 346.407964] __save_stack_trace+0x8be/0xc60 [ 346.412314] save_stack_trace+0xc6/0x110 [ 346.416399] kmsan_internal_chain_origin+0x136/0x240 [ 346.421544] kmsan_memcpy_origins+0x13d/0x190 [ 346.426060] __msan_memcpy+0x6f/0x80 [ 346.429799] pskb_expand_head+0x436/0x1d20 [ 346.434059] skb_shift+0x29a0/0x2d10 [ 346.437795] tcp_sacktag_walk+0x2156/0x29d0 [ 346.442141] tcp_sacktag_write_queue+0x2805/0x4630 [ 346.447091] tcp_ack+0x2888/0xa010 [ 346.450656] tcp_rcv_established+0xf7e/0x2940 [ 346.455176] tcp_v4_do_rcv+0x686/0xd80 [ 346.459085] tcp_v4_rcv+0x5a13/0x6520 [ 346.462910] ip_local_deliver_finish+0x8d8/0xff0 [ 346.467715] ip_local_deliver+0x44b/0x510 [ 346.471890] ip_rcv+0x6b6/0x740 [ 346.475191] process_backlog+0x82b/0x11e0 [ 346.479355] net_rx_action+0x98f/0x1d50 [ 346.483347] __do_softirq+0x721/0xc7f [ 346.487156] [ 346.488794] Uninit was stored to memory at: [ 346.493139] kmsan_internal_chain_origin+0x136/0x240 [ 346.498291] __msan_chain_origin+0x6d/0xb0 [ 346.502562] __save_stack_trace+0x8be/0xc60 [ 346.506921] save_stack_trace+0xc6/0x110 [ 346.511044] kmsan_internal_chain_origin+0x136/0x240 [ 346.516187] kmsan_memcpy_origins+0x13d/0x190 [ 346.520745] __msan_memcpy+0x6f/0x80 [ 346.524480] pskb_expand_head+0x436/0x1d20 [ 346.528745] skb_shift+0x29a0/0x2d10 [ 346.532484] tcp_sacktag_walk+0x2156/0x29d0 [ 346.536831] tcp_sacktag_write_queue+0x2805/0x4630 [ 346.541799] tcp_ack+0x2888/0xa010 [ 346.545359] tcp_rcv_established+0xf7e/0x2940 [ 346.549865] tcp_v4_do_rcv+0x686/0xd80 [ 346.553771] tcp_v4_rcv+0x5a13/0x6520 [ 346.557587] ip_local_deliver_finish+0x8d8/0xff0 [ 346.562359] ip_local_deliver+0x44b/0x510 [ 346.566526] ip_rcv+0x6b6/0x740 [ 346.569830] process_backlog+0x82b/0x11e0 [ 346.573995] net_rx_action+0x98f/0x1d50 [ 346.577990] __do_softirq+0x721/0xc7f [ 346.581818] [ 346.583463] Uninit was stored to memory at: [ 346.587815] kmsan_internal_chain_origin+0x136/0x240 [ 346.592943] __msan_chain_origin+0x6d/0xb0 [ 346.597201] __save_stack_trace+0x8be/0xc60 [ 346.601552] save_stack_trace+0xc6/0x110 [ 346.605652] kmsan_internal_chain_origin+0x136/0x240 [ 346.610780] kmsan_memcpy_origins+0x13d/0x190 [ 346.615300] __msan_memcpy+0x6f/0x80 [ 346.619045] pskb_expand_head+0x436/0x1d20 [ 346.623300] skb_shift+0x29a0/0x2d10 [ 346.627030] tcp_sacktag_walk+0x2156/0x29d0 [ 346.631371] tcp_sacktag_write_queue+0x2805/0x4630 [ 346.636319] tcp_ack+0x2888/0xa010 [ 346.637388] kernel msg: ebtables bug: please report to author: Valid hook without chain [ 346.639882] tcp_rcv_established+0xf7e/0x2940 [ 346.639909] tcp_v4_do_rcv+0x686/0xd80 [ 346.639928] tcp_v4_rcv+0x5a13/0x6520 [ 346.639947] ip_local_deliver_finish+0x8d8/0xff0 [ 346.639964] ip_local_deliver+0x44b/0x510 [ 346.639981] ip_rcv+0x6b6/0x740 [ 346.640001] process_backlog+0x82b/0x11e0 [ 346.640019] net_rx_action+0x98f/0x1d50 [ 346.640055] __do_softirq+0x721/0xc7f [ 346.684489] [ 346.686143] Local variable description: ----v.addr.i.i.i@ipv4_conntrack_local [ 346.693424] Variable was created at: 07:53:15 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000480), 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[]}}, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000240)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[]}}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000002c0)="b8010000000f01c166b8e2000f00d8b9800000c00f3235004000000f304a0fc75f20c44379608d00000100f22e0f01ca67440ff6143f66ba4000b846c95182ef0f01cf400f01df", 0x47}], 0x26a, 0x0, &(0x7f0000000100), 0xffffffffffffe82) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:53:15 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000200), 0xffffffffffffffff) r1 = socket$inet(0x2, 0x3, 0x800000000000b) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000b40)=@nat={'nat\x00', 0x19, 0x2, 0x138, [0x20000700, 0x0, 0x0, 0x20000a28, 0x20000a58], 0x0, &(0x7f0000000180), &(0x7f0000000700)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xfffffffffffffffe, 0x1, [{{{0x1b, 0x0, 0x0, 'irlan0\x00', 'veth0\x00', 'gretap0\x00', 'bond_slave_1\x00', @broadcast, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@link_local}}}}]}]}, 0x1b0) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) 07:53:15 executing program 5: ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x85a, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x7a, &(0x7f00000007c0)={@local, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, "6805d3", 0x44, 0x3b, 0x0, @remote, @ipv4={[], [], @remote}, {[], @gre}}}}}, &(0x7f00000000c0)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000140)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000080)={[], 0x0, 0x241}) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f0000000040)) 07:53:15 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='maps\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x100000000005, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendfile(r0, r0, &(0x7f0000000000)=0x8000041, 0x7fff) [ 346.697161] ipv4_conntrack_local+0x75/0x470 [ 346.701608] nf_hook_slow+0x15c/0x3d0 07:53:15 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={&(0x7f0000000040)={0x10, 0x5}, 0xc, &(0x7f0000beeff0)={&(0x7f0000000280)=ANY=[@ANYBLOB="ff020000000000000000000000000001000000003200000000000000000000000000ffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000004c001200726663343130362867636d28616573292900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000013000060000000"], 0x1}}, 0x0) [ 346.778924] kernel msg: ebtables bug: please report to author: Valid hook without chain 07:53:16 executing program 2: getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000000c0)={0x2, [0x0, 0x0]}, &(0x7f0000000100)=0xc) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000240)={"626f6e645f736c6176655f30000e00", {0x2, 0x0, @rand_addr=0x80000000}}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) open$dir(&(0x7f0000001c40)='./file0\x00', 0x0, 0x0) process_vm_readv(0x0, &(0x7f0000001680)=[{&(0x7f0000000380)=""/113, 0x71}, {&(0x7f0000000480)=""/242, 0xf2}], 0x2, &(0x7f0000001700)=[{&(0x7f00000016c0)=""/60, 0x3c}], 0x1, 0x0) 07:53:16 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={&(0x7f00000000c0)={0x10, 0xfffffff0}, 0xc, &(0x7f0000000000)={&(0x7f0000000180)={0x14, 0x28, 0xaff, 0x0, 0x0, {0x12}}, 0x14}}, 0x0) 07:53:16 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pkey_alloc(0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/pfkey\x00', 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x400}]}, 0x10) setsockopt$inet6_tcp_int(r0, 0x6, 0x2, &(0x7f0000000340)=0x800000001ff, 0x10000038f) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, &(0x7f0000000040), 0xfe30, 0x20000006, &(0x7f0000000080)={0xa, 0x4e22, 0xf401000000000000, @empty={[0xe00000000000000, 0xfe80000000000000, 0x0, 0xe603000000000000]}}, 0x1c) r2 = syz_open_dev$dri(&(0x7f0000000240)='/dev/dri/card#\x00', 0xfffffffffffffffe, 0x0) r3 = dup2(r2, r2) ioctl$KVM_SET_PIT2(r3, 0x4070aea0, &(0x7f0000000040)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) 07:53:16 executing program 0: creat(&(0x7f00000002c0)='./file0\x00', 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={0xffffffffffffffff, 0x0, 0x0, 0x98, &(0x7f0000000280), &(0x7f0000000340)=""/152}, 0x28) clone(0x3ffd, 0x0, 0xfffffffffffffffe, &(0x7f00000000c0), 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000100)=@md0='/dev/md0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)='ntfs\x00', 0x0, 0x0) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000080)) futex(&(0x7f000000cffc), 0x80000000000b, 0x4, &(0x7f0000edfff0)={0x77359400, 0x4}, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x0, 0x1, &(0x7f0000000a00)={0x0, 0x989680}, &(0x7f0000048000), 0x0) prlimit64(0x0, 0x0, &(0x7f0000000040), &(0x7f0000000240)) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000580)) shutdown(0xffffffffffffffff, 0x2) 07:53:16 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000480), 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[]}}, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000240)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[]}}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000002c0)="b8010000000f01c166b8e2000f00d8b9800000c00f3235004000000f304a0fc75f20c44379608d00000100f22e0f01ca67440ff6143f66ba4000b846c95182ef0f01cf400f01df", 0x47}], 0x26a, 0x0, &(0x7f0000000100), 0xffffffffffffe82) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:53:16 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/mcfilter\x00') pread64(r0, &(0x7f00000000c0)=""/225, 0xe1, 0x0) 07:53:16 executing program 5: setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r0 = socket(0x11, 0x80002, 0x0) setsockopt(r0, 0x107, 0x5, &(0x7f0000001000), 0x224) ppoll(&(0x7f0000000140)=[{r0}], 0x1, &(0x7f00000001c0)={0x0, 0x1c9c380}, &(0x7f0000000000), 0x8) 07:53:17 executing program 0: creat(&(0x7f00000002c0)='./file0\x00', 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={0xffffffffffffffff, 0x0, 0x0, 0x98, &(0x7f0000000280), &(0x7f0000000340)=""/152}, 0x28) clone(0x3ffd, 0x0, 0xfffffffffffffffe, &(0x7f00000000c0), 0xffffffffffffffff) mount(&(0x7f0000000100)=@md0='/dev/md0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)='ntfs\x00', 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000580)) shutdown(0xffffffffffffffff, 0x2) 07:53:17 executing program 4: creat(&(0x7f00000002c0)='./file0\x00', 0x0) clone(0x3ffd, 0x0, 0xfffffffffffffffe, &(0x7f00000000c0), 0xffffffffffffffff) mount(&(0x7f0000000100)=@md0='/dev/md0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)='ntfs\x00', 0x0, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, &(0x7f0000edfff0)={0x77359400, 0x4}, &(0x7f0000048000), 0x0) shutdown(0xffffffffffffffff, 0x2) 07:53:17 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000480), 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[]}}, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000240)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[]}}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000002c0)="b8010000000f01c166b8e2000f00d8b9800000c00f3235004000000f304a0fc75f20c44379608d00000100f22e0f01ca67440ff6143f66ba4000b846c95182ef0f01cf400f01df", 0x47}], 0x26a, 0x0, &(0x7f0000000100), 0xffffffffffffe82) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 348.099011] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 07:53:17 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket(0x10, 0x100000003, 0x0) sendmsg$nl_generic(r1, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x14, 0x1a, 0x201}, 0x14}}, 0x0) 07:53:17 executing program 1: perf_event_open(&(0x7f0000940000)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x3, 0x0) mmap(&(0x7f0000f95000/0x3000)=nil, 0x3000, 0x1000000, 0x812, r0, 0x0) mmap(&(0x7f0000f95000/0x1000)=nil, 0x1000, 0x1, 0x32, 0xffffffffffffffff, 0x0) recvmsg(r0, &(0x7f0000f95fd7)={&(0x7f0000f98ff0)=@ax25, 0x80, &(0x7f00000000c0), 0x0, &(0x7f0000f91000)}, 0x0) [ 348.566018] ================================================================== [ 348.573441] BUG: KMSAN: kernel-infoleak in kvm_write_guest_page+0x373/0x500 [ 348.580582] CPU: 1 PID: 8806 Comm: syz-executor3 Not tainted 4.20.0-rc2+ #88 [ 348.587791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 348.597163] Call Trace: [ 348.599812] dump_stack+0x32d/0x480 [ 348.603469] ? kvm_write_guest_page+0x373/0x500 [ 348.608202] kmsan_report+0x19f/0x300 [ 348.612063] kmsan_internal_check_memory+0x9dc/0xa60 [ 348.617226] kmsan_copy_to_user+0x7c/0xe0 [ 348.621417] kvm_write_guest_page+0x373/0x500 [ 348.625958] kvm_write_guest+0x1e1/0x360 [ 348.630085] kvm_emulate_hypercall+0x19c9/0x1ac0 [ 348.634917] handle_vmcall+0x41/0x50 [ 348.638667] ? handle_rdpmc+0x80/0x80 [ 348.642558] vmx_handle_exit+0x21bd/0xb980 [ 348.646897] ? vmalloc_to_page+0x585/0x6c0 [ 348.651206] ? kmsan_get_shadow_origin_ptr+0x142/0x410 [ 348.656562] ? vmx_flush_tlb_gva+0x480/0x480 [ 348.661001] kvm_arch_vcpu_ioctl_run+0xaeee/0x12040 [ 348.666214] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 348.671610] ? update_load_avg+0x12ae/0x1db0 [ 348.676101] ? kmsan_set_origin+0x7f/0x100 [ 348.680400] ? kmsan_internal_unpoison_shadow+0x83/0xd0 [ 348.685813] ? __msan_get_context_state+0x9/0x20 [ 348.690595] ? INIT_BOOL+0xc/0x30 [ 348.694091] ? mutex_lock_killable+0x2f7/0x450 [ 348.698723] kvm_vcpu_ioctl+0xfb1/0x1f90 [ 348.702838] ? do_vfs_ioctl+0x184/0x2f70 [ 348.706920] ? __se_sys_ioctl+0x1da/0x270 [ 348.711097] ? kvm_vm_release+0x90/0x90 [ 348.715092] do_vfs_ioctl+0xfbc/0x2f70 [ 348.719071] ? security_file_ioctl+0x92/0x200 [ 348.723598] __se_sys_ioctl+0x1da/0x270 [ 348.727607] __x64_sys_ioctl+0x4a/0x70 [ 348.731554] do_syscall_64+0xcf/0x110 [ 348.735389] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 348.740614] RIP: 0033:0x457569 [ 348.743843] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 348.762796] RSP: 002b:00007fd964a8bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 348.770533] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 348.777824] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 348.785123] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 348.792414] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd964a8c6d4 [ 348.799698] R13: 00000000004c028e R14: 00000000004d06d8 R15: 00000000ffffffff [ 348.807516] [ 348.809163] Local variable description: ----clock_pairing.i@kvm_emulate_hypercall [ 348.816793] Variable was created at: [ 348.820548] kvm_emulate_hypercall+0x62/0x1ac0 [ 348.825175] handle_vmcall+0x41/0x50 [ 348.828898] [ 348.830549] Bytes 28-63 of 64 are uninitialized [ 348.835229] Memory access of size 64 starts at ffff88810f32f3d0 [ 348.841321] Data copied to user address 0000000020000000 [ 348.846793] ================================================================== [ 348.854164] Disabling lock debugging due to kernel taint [ 348.859647] Kernel panic - not syncing: panic_on_warn set ... [ 348.865559] CPU: 1 PID: 8806 Comm: syz-executor3 Tainted: G B 4.20.0-rc2+ #88 [ 348.874146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 348.883543] Call Trace: [ 348.886158] dump_stack+0x32d/0x480 [ 348.889852] panic+0x624/0xc08 [ 348.893119] kmsan_report+0x300/0x300 [ 348.896958] kmsan_internal_check_memory+0x9dc/0xa60 [ 348.902122] kmsan_copy_to_user+0x7c/0xe0 [ 348.906304] kvm_write_guest_page+0x373/0x500 [ 348.910844] kvm_write_guest+0x1e1/0x360 [ 348.914956] kvm_emulate_hypercall+0x19c9/0x1ac0 [ 348.919810] handle_vmcall+0x41/0x50 [ 348.923557] ? handle_rdpmc+0x80/0x80 [ 348.927391] vmx_handle_exit+0x21bd/0xb980 [ 348.931651] ? vmalloc_to_page+0x585/0x6c0 [ 348.935931] ? kmsan_get_shadow_origin_ptr+0x142/0x410 [ 348.941268] ? vmx_flush_tlb_gva+0x480/0x480 [ 348.945734] kvm_arch_vcpu_ioctl_run+0xaeee/0x12040 [ 348.950923] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 348.956338] ? update_load_avg+0x12ae/0x1db0 [ 348.960825] ? kmsan_set_origin+0x7f/0x100 [ 348.965096] ? kmsan_internal_unpoison_shadow+0x83/0xd0 [ 348.970526] ? __msan_get_context_state+0x9/0x20 [ 348.975325] ? INIT_BOOL+0xc/0x30 [ 348.978811] ? mutex_lock_killable+0x2f7/0x450 [ 348.983455] kvm_vcpu_ioctl+0xfb1/0x1f90 [ 348.987572] ? do_vfs_ioctl+0x184/0x2f70 [ 348.991656] ? __se_sys_ioctl+0x1da/0x270 [ 348.995832] ? kvm_vm_release+0x90/0x90 [ 348.999840] do_vfs_ioctl+0xfbc/0x2f70 [ 349.003826] ? security_file_ioctl+0x92/0x200 [ 349.008356] __se_sys_ioctl+0x1da/0x270 [ 349.012373] __x64_sys_ioctl+0x4a/0x70 [ 349.016282] do_syscall_64+0xcf/0x110 [ 349.020119] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 349.025331] RIP: 0033:0x457569 [ 349.028553] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 349.047496] RSP: 002b:00007fd964a8bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 349.055246] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 349.062532] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 349.069848] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 349.077133] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd964a8c6d4 [ 349.084440] R13: 00000000004c028e R14: 00000000004d06d8 R15: 00000000ffffffff [ 349.092748] Kernel Offset: disabled [ 349.096390] Rebooting in 86400 seconds..